Skip to content

Commit

Permalink
Merge pull request #3124 from alphagov/refactor-permissions-integrati…
Browse files Browse the repository at this point in the history 
…on-tests

Refactor permissions integration tests
  • Loading branch information
@yndajas
yndajas authored Sep 9, 2024
2 parents dd10bfd + fbce925 commit dbe73fc
Show file tree
Hide file tree
Showing 22 changed files with 1,236 additions and 1,639 deletions.
134 changes: 29 additions & 105 deletions test/controllers/account/applications_controller_test.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ class Account::ApplicationsControllerTest < ActionController::TestCase
assert_redirected_to "/users/sign_in"
end

should "prevent users who are unauthorised to view the page" do
should "prevent unauthorised users" do
user = create(:user)
sign_in user

Expand All @@ -64,142 +64,66 @@ class Account::ApplicationsControllerTest < ActionController::TestCase
end

context "for apps the user doesn't have access to" do
should "display the applications" do
should "display the applications, excluding those which are retired or API-only" do
create(:application, name: "retired-app-name", retired: true)
create(:application, name: "api-only-app-name", api_only: true)

get :index

assert_select "table:has( > caption[text()='Apps you don\\'t have access to'])" do
assert_select "tr td", text: /app-name/
assert_select "tr td", text: /retired-app-name/, count: 0
assert_select "tr td", text: /api-only-app-name/, count: 0
end
end

context "when authorised to grant access" do
should "display a grant access button" do
stub_policy @user, [:account, Doorkeeper::Application], index?: true, grant_signin_permission?: true

get :index

assert_template :index
assert_select "form[action='#{account_application_signin_permission_path(@application)}']"
end
end
should "display a grant access (one-button) form when authorised" do
stub_policy @user, [:account, Doorkeeper::Application], index?: true, grant_signin_permission?: true

context "when not authorised to grant access" do
should "not display a grant access button" do
stub_policy @user, [:account, Doorkeeper::Application], index?: true, grant_signin_permission?: false

get :index
get :index

assert_select "form[action='#{account_application_signin_permission_path(@application)}']", count: 0
end
assert_template :index
assert_select "form[action='#{account_application_signin_permission_path(@application)}']"
end
end

context "for apps the user does have access to" do
setup { @user.grant_application_signin_permission(@application) }

should "display the applications" do
should "display the applications, excluding those which are retired or API-only" do
retired_app = create(:application, name: "retired-app-name", retired: true)
api_only_app = create(:application, name: "api-only-app-name", api_only: true)
@user.grant_application_signin_permission(retired_app)
@user.grant_application_signin_permission(api_only_app)

stub_policy @user, [:account, @application]

get :index

assert_select "table:has( > caption[text()='Apps you have access to'])" do
assert_select "tr td", text: /app-name/
assert_select "tr td", text: /retired-app-name/, count: 0
assert_select "tr td", text: /api-only-app-name/, count: 0
end
end

context "removing access" do
should "display a remove access button when authorised" do
stub_policy @user, [:account, @application], remove_signin_permission?: true

get :index
should "display a remove access link when authorised" do
stub_policy @user, [:account, @application], remove_signin_permission?: true

assert_select "a[href='#{delete_account_application_signin_permission_path(@application)}']"
end

should "not display a remove access button when not authorised" do
stub_policy @user, [:account, @application], remove_signin_permission?: false

get :index
get :index

assert_select "a[href='#{delete_account_application_signin_permission_path(@application)}']", count: 0
end
assert_select "a[href='#{delete_account_application_signin_permission_path(@application)}']"
end

context "editing permissions" do
context "when the app only has the signin permission" do
%w[govuk_admin publishing_manager].each do |role_group|
context "as a #{role_group}" do
setup { @user.stubs(:"#{role_group}?").returns(true) }

should "only display a link to view permissions when authorised to view or edit permissions" do
stub_policy @user, [:account, @application], view_permissions?: true, edit_permissions?: true

get :index

assert_select "a[href='#{edit_account_application_permissions_path(@application)}']", count: 0
assert_select "a[href='#{account_application_permissions_path(@application)}']"
end

should "not display links to view or edit permissions when not authorised to view permissions" do
stub_policy @user, [:account, @application], view_permissions?: false, edit_permissions?: true

get :index
should "display links to view and edit permissions when authorised" do
stub_policy @user, [:account, @application], view_permissions?: true, edit_permissions?: true

assert_select "a[href='#{edit_account_application_permissions_path(@application)}']", count: 0
assert_select "a[href='#{account_application_permissions_path(@application)}']", count: 0
end
end
end
end

context "when the app has non-signin permissions" do
setup { create(:supported_permission, application: @application) }

should "display links to view and edit permissions when authorised to view and edit permissions" do
stub_policy @user, [:account, @application], view_permissions?: true, edit_permissions?: true

get :index

assert_select "a[href='#{edit_account_application_permissions_path(@application)}']"
assert_select "a[href='#{account_application_permissions_path(@application)}']"
end

should "only display a link to edit permissions when authorised to edit but not view permissions" do
stub_policy @user, [:account, @application], view_permissions?: false, edit_permissions?: true

get :index

assert_select "a[href='#{edit_account_application_permissions_path(@application)}']"
assert_select "a[href='#{account_application_permissions_path(@application)}']", count: 0
end

should "only display a link to view permissions when not authorised to edit permissions" do
stub_policy @user, [:account, @application], view_permissions?: true, edit_permissions?: false

get :index
get :index

assert_select "a[href='#{edit_account_application_permissions_path(@application)}']", count: 0
assert_select "a[href='#{account_application_permissions_path(@application)}']"
end
end
assert_select "a[href='#{edit_account_application_permissions_path(@application)}']"
assert_select "a[href='#{account_application_permissions_path(@application)}']"
end
end

should "not display a retired application" do
create(:application, name: "retired-app-name", retired: true)

get :index

assert_select "tr td", text: /retired-app-name/, count: 0
end

should "not display an API-only application" do
create(:application, name: "api-only-app-name", api_only: true)

get :index

assert_select "tr td", text: /api-only-app-name/, count: 0
end
end
end
end
60 changes: 38 additions & 22 deletions test/controllers/account/permissions_controller_test.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,33 +3,49 @@
class Account::PermissionsControllerTest < ActionController::TestCase
context "#show" do
context "when a user can view their permissions" do
should "order permissions by whether the user has access and then alphabetically" do
application = create(:application,
with_non_delegatable_supported_permissions: %w[uuu aaa ttt bbb])
user = create(:admin_user,
with_signin_permissions_for: [application],
with_permissions: { application => %w[aaa ttt] })
%w[govuk_admin publishing_manager].each do |role_group|
context "as a #{role_group}" do
setup do
@application = create(:application)
@grantable_permission_user_has = create(:supported_permission, application: @application)
@grantable_permission_user_does_not_have = create(:supported_permission, application: @application)
@non_grantable_permission_user_has = create(:supported_permission, application: @application, grantable_from_ui: false)
@non_grantable_permission_user_does_not_have = create(:supported_permission, application: @application, grantable_from_ui: false)

user = create(
:user,
with_signin_permissions_for: [@application],
with_permissions: {
@application => [@grantable_permission_user_has.name, @non_grantable_permission_user_has.name],
},
)
user.stubs(:"#{role_group}?").returns(true)

sign_in user
end

sign_in user
should "list permissions that are grantable from the UI" do
get :show, params: { application_id: @application }

get :show, params: { application_id: application }
assert_select "tr:nth-child(1)" do
assert_select "td:nth-child(1)", text: @application.signin_permission.name
assert_select "td:nth-child(2)", text: "Yes"
end

assert_equal %w[signin aaa ttt bbb uuu], assigns(:permissions).map(&:name)
end
assert_select "tr:nth-child(2)" do
assert_select "td:nth-child(1)", text: @grantable_permission_user_has.name
assert_select "td:nth-child(2)", text: "Yes"
end

should "exclude permissions that aren't grantable from the UI" do
application = create(:application)
grantable_permission = create(:supported_permission, application:)
non_grantable_permission = create(:supported_permission, application:, grantable_from_ui: false)

user = create(:admin_user, with_signin_permissions_for: [application])
assert_select "tr:nth-child(3)" do
assert_select "td:nth-child(1)", text: @grantable_permission_user_does_not_have.name
assert_select "td:nth-child(2)", text: "No"
end

sign_in user

get :show, params: { application_id: application }

assert_select "td", text: grantable_permission.name
assert_select "td", text: non_grantable_permission.name, count: 0
assert_select "td", text: @non_grantable_permission_user_has.name, count: 0
assert_select "td", text: @non_grantable_permission_user_does_not_have.name, count: 0
end
end
end
end

Expand Down
Loading

0 comments on commit dbe73fc

Please sign in to comment.