Test that collection admins can NOT edit collections not their own (#385

)
pulibrary · Sep 7, 2022 · f96250f · f96250f
1 parent b6bd386
commit f96250f
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 51 deletions.
diff --git a/spec/factories/work.rb b/spec/factories/work.rb
@@ -41,6 +41,25 @@
       created_by_user_id { FactoryBot.create(:princeton_submitter).id }
     end
 
+    factory :tokamak_work do
+      collection { Collection.plasma_laboratory }
+      resource do
+        PDCMetadata::Resource.new_from_json({
+          "doi": "https://doi.org/10.34770/not_yet_assigned",
+          "ark": "ark:/88435/dsp015d86p342b",
+          "identifier_type": "DOI",
+          "titles": [{ "title": "Electron Temperature Gradient Driven Transport Model for Tokamak Plasmas" }],
+          "description": "A new model for electron temperature gradient (ETG) modes is developed as a component of the Multi-Mode anomalous transport module.",
+          "creators": [
+            { "value": "Rafiq, Tariq", "name_type": "Personal", "given_name": "Tariq", "family_name": "Rafiq", "affiliations": [], "sequence": "1" }
+          ],
+          "resource_type": "Dataset", "publisher": "Princeton University", "publication_year": "2022",
+          "rights": { "identifier": "CC BY" }
+        }.to_json)
+      end
+      created_by_user_id { FactoryBot.create(:pppl_submitter).id }
+    end
+
     factory :sowing_the_seeds_work do
       title { "Sowing the Seeds for More Usable Web Archives: A Usability Study of Archive-It" }
       collection { Collection.research_data }
@@ -104,54 +123,5 @@
       ark { "ark:/88435/dsp01vq27zr562" }
       created_by_user_id { FactoryBot.create(:user).id }
     end
-
-    factory :us_national_pandemic_report_work do
-      title { "The U.S. National Pandemic Emotional Impact Report" }
-      ark { "ark:/88435/dsp01h415pd635" }
-      collection { FactoryBot.create(:library_resources) }
-      created_by_user_id { FactoryBot.create(:user).id }
-    end
-
-    factory :fortune_100_blm_work do
-      title { "The Fortune 100 and Black Lives Matter" }
-      ark { "ark:/88435/dsp01hh63t004k" }
-      collection { FactoryBot.create(:library_resources) }
-      created_by_user_id { FactoryBot.create(:user).id }
-    end
-
-    factory :racial_wealth_gap_work do
-      title { "The racial wealth gap: Why policy matters" }
-      ark { "ark:/88435/dsp012z10wt38q" }
-      collection { FactoryBot.create(:library_resources) }
-      created_by_user_id { FactoryBot.create(:user).id }
-    end
-
-    factory :hungary_around_clock_work do
-      title { "Hungary around the clock, January 5, 2022" }
-      ark { "ark:/88435/dsp01w37639913" }
-      collection { FactoryBot.create(:library_resources) }
-      created_by_user_id { FactoryBot.create(:user).id }
-    end
-
-    factory :gu_dian_yan_jiu_work do
-      title { "Gu dian yan jiu 古典研究; No. 9 (Spring 2012)" }
-      ark { "ark:/88435/dsp01fx719q54q" }
-      collection { FactoryBot.create(:library_resources) }
-      created_by_user_id { FactoryBot.create(:user).id }
-    end
-
-    factory :racism_inequality_health_care_work do
-      title { "Racism, inequality, and health care for African Americans" }
-      ark { "ark:/88435/dsp01ng451m58f" }
-      collection { FactoryBot.create(:library_resources) }
-      created_by_user_id { FactoryBot.create(:user).id }
-    end
-
-    factory :national_health_ukraine_work do
-      title { "Nat︠s︡ional'ni rakhunky okhorony zdorov'i︠a︡ v Ukraïni u 2016 rot︠s︡i" }
-      ark { "ark:/88435/dsp01zk51vk539" }
-      collection { FactoryBot.create(:library_resources) }
-      created_by_user_id { FactoryBot.create(:user).id }
-    end
   end
 end
diff --git a/spec/system/authz_admin_spec.rb b/spec/system/authz_admin_spec.rb
@@ -8,7 +8,7 @@
     let(:work) { FactoryBot.create(:shakespeare_and_company_work) }
     let(:collection) { Collection.find(work.collection_id) }
     let(:new_submitter) { FactoryBot.create :pppl_submitter }
-    # let(:pppl_curator) { FactoryBot.create :pppl_curator }
+    let(:pppl_moderator) { FactoryBot.create :pppl_moderator }
 
     before do
       Collection.create_defaults
@@ -54,5 +54,31 @@
         expect(new_submitter.reload.can_admin?(Collection.research_data)).to eq true
       end
     end
+
+    describe "in a collection they do NOT curate" do
+      let(:work) { FactoryBot.create(:tokamak_work) }
+      let(:collection) { Collection.find(work.collection_id) }
+
+      it "can NOT add admins" do
+        login_as research_data_moderator
+        expect(research_data_moderator.can_admin?(Collection.research_data)).to eq true
+        expect(research_data_moderator.can_admin?(Collection.plasma_laboratory)).to eq false
+        visit collection_path(Collection.plasma_laboratory)
+        expect(page).not_to have_content "Add Submitter"
+        expect(page).not_to have_content "Add Curator"
+      end
+
+      # Related to https://github.com/pulibrary/pdc_describe/issues/348
+      # Should be fixed by https://github.com/pulibrary/pdc_describe/issues/384
+      pending it "can NOT edit works" do
+        expect(work.created_by_user_id).not_to eq research_data_moderator.id
+        # research_data_moderator is NOT an administrator of the collection where the work resides
+        expect(collection.administrators.include?(research_data_moderator)).to eq false
+        # And so, research_data_moderator can NOT edit the work
+        login_as research_data_moderator
+        visit edit_work_path(work)
+        expect(page).not_to have_content("Editing Dataset")
+      end
+    end
   end
 end
diff --git a/spec/system/authz_submitter_spec.rb b/spec/system/authz_submitter_spec.rb
@@ -19,7 +19,7 @@
 
     ##
     # To be fixed by https://github.com/pulibrary/pdc_describe/issues/348
-    xit "should not be able to edit someone else's work" do
+    pending it "should not be able to edit someone else's work" do
       sign_in submitter1
       visit user_path(submitter1)
       expect(page).to have_content submitter1.display_name