prevent non-authorized users to access medical release files
This commit is contained in:
bilal
145
spec/features/user_managing_medical_releases_spec.rb
Normal file
145
spec/features/user_managing_medical_releases_spec.rb
Normal file
@@ -0,0 +1,145 @@
|
||||
require "rails_helper"
|
||||
|
||||
feature "User managing medical releases" do
|
||||
let(:current_user) { create(:user) }
|
||||
let(:project) { create(:project, members: current_user, account: current_user.primary_account) }
|
||||
|
||||
context "when signed in as account manager" do
|
||||
before do
|
||||
sign_in current_user
|
||||
end
|
||||
|
||||
scenario "Download All is visible" do
|
||||
create(:medical_release_with_contract_template, :native, project: project)
|
||||
create(:medical_release_with_contract_template, :non_native, project: project)
|
||||
|
||||
visit project_medical_releases_path(project)
|
||||
|
||||
expect(page).to have_content download_all_button
|
||||
end
|
||||
|
||||
scenario "Download action in Manage menu is visible" do
|
||||
create(:medical_release_with_contract_template, :native, project: project)
|
||||
create(:medical_release_with_contract_template, :non_native, project: project)
|
||||
|
||||
visit project_medical_releases_path(project)
|
||||
|
||||
expect(page).to have_link("Download", exact: true, count: 2)
|
||||
end
|
||||
|
||||
scenario "Downloading PDF of native medical release is possible" do
|
||||
native_release = create(:medical_release_with_contract_template, :native, project: project)
|
||||
|
||||
visit project_medical_releases_path(project)
|
||||
|
||||
click_link *view_release_pdf_link_for(native_release)
|
||||
expect(content_type).to eq('application/pdf')
|
||||
end
|
||||
end
|
||||
|
||||
context "when the user is manager(project manager)" do
|
||||
let(:current_user) { create(:user, :manager) }
|
||||
|
||||
before do
|
||||
sign_in current_user
|
||||
end
|
||||
|
||||
scenario "Download All is not visible" do
|
||||
create(:medical_release_with_contract_template, :native, project: project)
|
||||
create(:medical_release_with_contract_template, :non_native, project: project)
|
||||
|
||||
visit project_medical_releases_path(project)
|
||||
|
||||
expect(page).not_to have_content download_all_button
|
||||
end
|
||||
|
||||
scenario "Download action in Manage menu is not visible" do
|
||||
create(:medical_release_with_contract_template, :native, project: project)
|
||||
create(:medical_release_with_contract_template, :non_native, project: project)
|
||||
|
||||
visit project_medical_releases_path(project)
|
||||
|
||||
expect(page).to have_link("Download", exact: true, count: 0)
|
||||
end
|
||||
|
||||
scenario "Downloading PDF of native medical release is not possible" do
|
||||
native_release = create(:medical_release_with_contract_template, :native, project: project)
|
||||
|
||||
visit project_medical_releases_path(project)
|
||||
|
||||
link = medical_release_contracts_path(native_release, format: 'pdf')
|
||||
expect { visit link }.to raise_exception Pundit::NotAuthorizedError
|
||||
end
|
||||
|
||||
scenario "Downloading PDF of non native medical release is not possible" do
|
||||
non_native_release = create(:medical_release_with_contract_template, :non_native, project: project)
|
||||
|
||||
visit project_medical_releases_path(project)
|
||||
|
||||
link = medical_release_contracts_path(non_native_release, format: 'pdf')
|
||||
expect { visit link }.to raise_exception Pundit::NotAuthorizedError
|
||||
end
|
||||
end
|
||||
|
||||
context "when the user is associate" do
|
||||
let(:current_user) { create(:user, :associate) }
|
||||
|
||||
before do
|
||||
sign_in current_user
|
||||
end
|
||||
|
||||
scenario "Download All is not visible" do
|
||||
create(:medical_release_with_contract_template, :native, project: project)
|
||||
create(:medical_release_with_contract_template, :non_native, project: project)
|
||||
|
||||
visit project_medical_releases_path(project)
|
||||
|
||||
expect(page).not_to have_content download_all_button
|
||||
end
|
||||
|
||||
scenario "Download action in Manage menu is not visible" do
|
||||
create(:medical_release_with_contract_template, :native, project: project)
|
||||
create(:medical_release_with_contract_template, :non_native, project: project)
|
||||
|
||||
visit project_medical_releases_path(project)
|
||||
|
||||
expect(page).to have_link("Download", exact: true, count: 0)
|
||||
end
|
||||
|
||||
scenario "Downloading PDF of native medical release is not possible" do
|
||||
native_release = create(:medical_release_with_contract_template, :native, project: project)
|
||||
|
||||
visit project_medical_releases_path(project)
|
||||
|
||||
link = medical_release_contracts_path(native_release, format: 'pdf')
|
||||
expect { visit link }.to raise_exception Pundit::NotAuthorizedError
|
||||
end
|
||||
|
||||
scenario "Downloading PDF of non native medical release is not possible" do
|
||||
non_native_release = create(:medical_release_with_contract_template, :non_native, project: project)
|
||||
|
||||
visit project_medical_releases_path(project)
|
||||
|
||||
link = medical_release_contracts_path(non_native_release, format: 'pdf')
|
||||
expect { visit link }.to raise_exception Pundit::NotAuthorizedError
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def download_all_button
|
||||
'Download All'
|
||||
end
|
||||
|
||||
def download_action
|
||||
'Download'
|
||||
end
|
||||
|
||||
def manage_button
|
||||
t 'medical_releases.medical_release.actions.manage'
|
||||
end
|
||||
|
||||
def view_release_pdf_link_for(release)
|
||||
['Download', href: medical_release_contracts_path(release, format: 'pdf')]
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user