PRMDR 438/504 - E2E tests for RBAC and tidy (#164)

* Cypress folder structure modified to make test structure clearer * RBAC cypress tests added --------- Co-authored-by: Scott Alexander <scott.alexander@madetech.com>
nhsconnect · Nov 27, 2023 · 667fc7c · 667fc7c
1 parent 38c121e
commit 667fc7c
Show file tree

Hide file tree

Showing 9 changed files with 217 additions and 116 deletions.
diff --git a/app/cypress/e2e/0-ndr-core-tests/auth.cy.js → ..._routes/auth_general_browser_states.cy.js b/app/cypress/e2e/0-ndr-core-tests/auth.cy.js → ..._routes/auth_general_browser_states.cy.js
@@ -1,4 +1,4 @@
-import authPayload from '../../fixtures/requests/auth/GET_TokenRequest_GP_ADMIN.json';
+import authPayload from '../../../fixtures/requests/auth/GET_TokenRequest_GP_ADMIN.json';
 
 describe('authentication & authorisation', () => {
     const baseUrl = 'http://localhost:3000';

diff --git a/...0-ndr-core-tests/auth_gp_admin_path.cy.js → ...th_routes/auth_gp_admin_path_access.cy.js b/...0-ndr-core-tests/auth_gp_admin_path.cy.js → ...th_routes/auth_gp_admin_path_access.cy.js
@@ -13,9 +13,9 @@ const patient = {
 const smokeTest = Cypress.env('CYPRESS_RUN_AS_SMOKETEST') ?? false;
 const baseUrl = Cypress.env('CYPRESS_BASE_URL') ?? 'http://localhost:3000/';
 
-describe('assert GP_ADMIM workflow path', () => {
-    const baseUrl = 'http://localhost:3000';
+const forbiddenRoutes = ['search/patient', 'search/patient/result', 'search/results'];
 
+describe('assert GP_ADMIN user has access to the GP_ADMIM workflow path', () => {
     context('session management', () => {
         it('sets session storage on login and checks starting url route', () => {
             if (!smokeTest) {
@@ -26,20 +26,32 @@ describe('assert GP_ADMIM workflow path', () => {
             }
 
             cy.login('GP_ADMIN');
-            cy.url().should('eq', baseUrl + '/search/upload');
+            cy.url().should('eq', baseUrl + 'search/upload');
 
             cy.get('#nhs-number-input').click();
             cy.get('#nhs-number-input').type(testPatient);
             cy.get('#search-submit').click();
             cy.wait('@search');
 
             cy.url().should('include', 'upload');
-            cy.url().should('eq', baseUrl + '/search/upload/result');
+            cy.url().should('eq', baseUrl + 'search/upload/result');
 
             cy.get('#verify-submit').click();
 
             cy.url().should('include', 'lloyd-george-record');
-            cy.url().should('eq', baseUrl + '/search/patient/lloyd-george-record');
+            cy.url().should('eq', baseUrl + 'search/patient/lloyd-george-record');
+        });
+    });
+});
+
+describe('assert GP ADMIM role cannot access expected forbidden routes', () => {
+    context('forbidden routes', () => {
+        forbiddenRoutes.forEach((forbiddenRoute) => {
+            it('assert GP Admin cannot access route ' + forbiddenRoute, () => {
+                cy.login('GP_ADMIN');
+                cy.visit(baseUrl + forbiddenRoute);
+                cy.url().should('include', 'unauthorised');
+            });
         });
     });
 });
diff --git a/...dr-core-tests/auth_gp_clinical_path.cy.js → ...routes/auth_gp_clinical_path_access.cy.js b/...dr-core-tests/auth_gp_clinical_path.cy.js → ...routes/auth_gp_clinical_path_access.cy.js
@@ -13,9 +13,9 @@ const patient = {
 const smokeTest = Cypress.env('CYPRESS_RUN_AS_SMOKETEST') ?? false;
 const baseUrl = Cypress.env('CYPRESS_BASE_URL') ?? 'http://localhost:3000/';
 
-describe('assert GP_CLINICAL workflow path', () => {
-    const baseUrl = 'http://localhost:3000';
+const forbiddenRoutes = ['search/patient', 'search/patient/result', 'search/results'];
 
+describe('assert GP_CLINICAL user has access to the GP_CLINICAL workflow path', () => {
     context('session management', () => {
         it('sets session storage on login and checks starting url route', () => {
             if (!smokeTest) {
@@ -26,20 +26,32 @@ describe('assert GP_CLINICAL workflow path', () => {
             }
 
             cy.login('GP_CLINICAL');
-            cy.url().should('eq', baseUrl + '/search/upload');
+            cy.url().should('eq', baseUrl + 'search/upload');
 
             cy.get('#nhs-number-input').click();
             cy.get('#nhs-number-input').type(testPatient);
             cy.get('#search-submit').click();
             cy.wait('@search');
 
             cy.url().should('include', 'upload');
-            cy.url().should('eq', baseUrl + '/search/upload/result');
+            cy.url().should('eq', baseUrl + 'search/upload/result');
 
             cy.get('#verify-submit').click();
 
             cy.url().should('include', 'lloyd-george-record');
-            cy.url().should('eq', baseUrl + '/search/patient/lloyd-george-record');
+            cy.url().should('eq', baseUrl + 'search/patient/lloyd-george-record');
+        });
+    });
+});
+
+describe('assert GP ADMIM role cannot access expected forbidden routes', () => {
+    context('forbidden routes', () => {
+        forbiddenRoutes.forEach((forbiddenRoute) => {
+            it('assert GP Admin cannot access route ' + forbiddenRoute, () => {
+                cy.login('GP_CLINICAL');
+                cy.visit(baseUrl + forbiddenRoute);
+                cy.url().should('include', 'unauthorised');
+            });
         });
     });
 });
diff --git a/...e2e/0-ndr-core-tests/auth_pcse_path.cy.js → ...s/auth_routes/auth_pcse_path_access.cy.js b/...e2e/0-ndr-core-tests/auth_pcse_path.cy.js → ...s/auth_routes/auth_pcse_path_access.cy.js
@@ -12,10 +12,14 @@ const patient = {
 
 const smokeTest = Cypress.env('CYPRESS_RUN_AS_SMOKETEST') ?? false;
 const baseUrl = Cypress.env('CYPRESS_BASE_URL') ?? 'http://localhost:3000/';
+const forbiddenRoutes = [
+    'search/patient/lloyd-george-record',
+    'search/upload',
+    'search/upload/result',
+    'upload/submit',
+];
 
-describe('assert PCSE workflow path', () => {
-    const baseUrl = 'http://localhost:3000';
-
+describe('assert PCSE user has access to the PCSE workflow path ', () => {
     context('session management', () => {
         it('sets session storage on login and checks starting url route', () => {
             if (!smokeTest) {
@@ -27,15 +31,27 @@ describe('assert PCSE workflow path', () => {
 
             cy.login('PCSE');
 
-            cy.url().should('eq', baseUrl + '/search/patient');
+            cy.url().should('eq', baseUrl + 'search/patient');
 
             cy.get('#nhs-number-input').click();
             cy.get('#nhs-number-input').type(testPatient);
             cy.get('#search-submit').click();
             cy.wait('@search');
 
             cy.get('#verify-submit').click();
-            cy.url().should('eq', baseUrl + '/search/results');
+            cy.url().should('eq', baseUrl + 'search/results');
+        });
+    });
+});
+
+describe('assert PCSE role cannot access expected forbidden routes', () => {
+    context('forbidden routes', () => {
+        forbiddenRoutes.forEach((forbiddenRoute) => {
+            it('assert PCSE cannot access route ' + forbiddenRoute, () => {
+                cy.login('PCSE');
+                cy.visit(baseUrl + forbiddenRoute);
+                cy.url().should('include', 'unauthorised');
+            });
         });
     });
 });
diff --git a/...ndividual_patient_search_and_verify.cy.js → ...ndividual_patient_search_and_verify.cy.js b/...ndividual_patient_search_and_verify.cy.js → ...ndividual_patient_search_and_verify.cy.js
diff --git a/..._individual_patient_document_upload.cy.js → ..._individual_patient_document_upload.cy.js b/..._individual_patient_document_upload.cy.js → ..._individual_patient_document_upload.cy.js