fix specs

app/controllers/api/broadcasts_controller.rb

@@ -24,8 +24,12 @@ class Api::BroadcastsController < Api::ApiController
 
   def update
     file_params.each do |file|
-      file[:io] = StringIO.new(Base64.decode64(file[:io]))
-      @broadcast.files.attach(io: file[:io], filename: file[:filename])
+      if file.is_a?(String)
+        @broadcast.files.attach(file)
+      else
+        file[:io] = StringIO.new(Base64.decode64(file[:io]))
+        @broadcast.files.attach(file.to_h.symbolize_keys)
+      end
     end
     @broadcast.save!
 

app/controllers/public/broadcasts_controller.rb

@@ -37,6 +37,10 @@ class Public::BroadcastsController < Public::BaseController
 
   def set_broadcast
     @broadcast = Broadcast.find_by_token(params[:token])
+    
+    unless @broadcast.present?
+      redirect_to [:new, :session], alert: t(".alert")
+    end
   end
 
   class MultiViewBroadcast

app/controllers/release_template_imports_controller.rb

@@ -11,7 +11,9 @@ class ReleaseTemplateImportsController < ApplicationController
 
     templates = []
     filtered_contract_templates.each do |contract_template|
-      next if contract_template.duplicated? || contract_template.project == @project
+      next if contract_template.duplicated? ||
+              contract_template.archived? ||
+              contract_template.project == @project
 
       already_imported = contract_template.duplicates.non_archived.pluck(:project_id).include?(@project.id)
       templates << OpenStruct.new(template: contract_template, already_imported?: already_imported)

app/models/contract.rb

@@ -29,6 +29,10 @@ class Contract
     }
   end
 
+  def medical_release?
+    @releasable.instance_of?(MedicalRelease)
+  end
+
   private
 
   def contract_template

app/models/contract_template.rb

@@ -51,6 +51,10 @@ class ContractTemplate < ApplicationRecord
     parent.present?
   end
 
+  def archived?
+    archived_at.present?
+  end
+
   def archive
     update(archived_at: Time.zone.now)
   end

app/policies/contract_policy.rb

@@ -1,5 +1,9 @@
 class ContractPolicy < ApplicationPolicy
   def show?
-    user.manager? || user.account_manager?
+    if record.respond_to?(:medical_release?) && record.medical_release?
+      user.account_manager?
+    else
+      user.manager? || user.account_manager?
+    end
   end
 end

app/policies/medical_release_policy.rb

@@ -4,7 +4,7 @@ class MedicalReleasePolicy < ReleasePolicy
   end
 
   def show?
-    true
+    user.account_manager?
   end
 
   def update?
@@ -31,7 +31,11 @@ class MedicalReleasePolicy < ReleasePolicy
     true
   end
 
+  def download_single?
+    user.account_manager?
+  end
+
   def download_multiple?
-    true
+    download_single?
   end
 end

app/views/appearance_releases/_form.html.erb

@@ -22,6 +22,9 @@
         <%= form.text_field :guardian_last_name, required: appearance_release.minor?, wrapper_class: "col-sm-3" %>
         <%= form.phone_field :guardian_phone, wrapper_class: "col-sm-6" %>
       </div>
+      <div class="form-row">
+        <%= form.text_field :guardian_email, wrapper_class: "col-sm-6" %>
+      </div>
       <div class="form-row">
         <%= form.text_field :guardian_address, wrapper_class: "col-sm-6" %>
       </div>

app/views/broadcasts/_file_form.html.erb

@@ -1,4 +1,4 @@
 <%= bootstrap_form_for model, layout: :inline, remote: true do |form| %>
-  <%= form.file_field :files, direct_upload: true, multiple: true, accept: "*", hide_label: true, wrapper_class: "w-65 mr-2", id: "broadcast_files_#{token}" %>
+  <%= form.file_field :files, direct_upload: true, multiple: true, accept: "*", hide_label: true, required: true, wrapper_class: "w-65 mr-2", id: "broadcast_files_#{token}" %>
   <%= form.button fa_icon("upload", text: "Add File"), class: "btn btn-primary", type: :submit, data: { disable_with: fa_icon("spinner", text: "Adding File") } %>
 <% end %>

app/views/medical_releases/_medical_release.html.erb

@@ -37,7 +37,7 @@
         <% if policy(medical_release.tags).new? %>
           <%= link_to fa_icon("tags fw", text: "Tags"), [:new, medical_release, :acts_as_taggable_on_tag], class: "dropdown-item", remote: true %>
         <% end %>
-        <% if policy(Contract).show? && (medical_release.contract.attached? || medical_release.contract_template.present?) %>
+        <% if policy(MedicalRelease).download_single? && policy(Contract).show? && (medical_release.contract.attached? || medical_release.contract_template.present?) %>
           <%= link_to fa_icon("download fw", text: "Download"), [medical_release, :contracts, format: "pdf"], class: "dropdown-item", target: "_blank" %>
         <% end %>
         <% if policy(medical_release).destroy? %>

app/views/public/appearance_releases/new.html.erb

@@ -30,12 +30,12 @@
         <div class="form-row">
           <%= form.text_field :person_first_name, required: true, wrapper_class: "col-sm-6" %>
           <%= form.text_field :person_last_name, required: true, wrapper_class: "col-sm-6" %>
-          <%= form.phone_field :person_phone, wrapper_class: "col-sm-6" %>
+          <%= form.phone_field :person_phone, required: true, wrapper_class: "col-sm-6" %>
         </div>
         <div class="form-row">
-          <%= form.email_field :person_email, wrapper_class: "col-sm-6" %>
-          <%= form.date_field :person_date_of_birth, wrapper_class: "col-sm-6", placeholder: Date.current %>
-          <%= form.text_field :person_address, wrapper_class: "col-sm-6" %>
+          <%= form.email_field :person_email, required: true, wrapper_class: "col-sm-6" %>
+          <%= form.date_field :person_date_of_birth, required: true, wrapper_class: "col-sm-6", placeholder: Date.current %>
+          <%= form.text_field :person_address, required: true, wrapper_class: "col-sm-6" %>
         </div>
       <% end %>
 
@@ -74,13 +74,13 @@
             <div class="form-row">
               <%= form.text_field :guardian_first_name, required: @appearance_release.minor?, wrapper_class: "col-sm-3" %>
               <%= form.text_field :guardian_last_name, required: @appearance_release.minor?, wrapper_class: "col-sm-3" %>
-              <%= form.phone_field :guardian_phone, wrapper_class: "col-sm-6" %>
+              <%= form.phone_field :guardian_phone, required: @appearance_release.minor?, wrapper_class: "col-sm-6" %>
             </div>
             <div class="form-row">
-              <%= form.text_field :guardian_email, wrapper_class: "col-sm-6" %>
+              <%= form.text_field :guardian_email, required: @appearance_release.minor?, wrapper_class: "col-sm-6" %>
             </div>
             <div class="form-row">
-              <%= form.text_field :guardian_address, wrapper_class: "col-sm-6" %>
+              <%= form.text_field :guardian_address, required: @appearance_release.minor?, wrapper_class: "col-sm-6" %>
             </div>
           <% end %>
 
@@ -102,7 +102,7 @@
                 <% end %>
                 <div class="hidden-file-input">
                   <%= form.hidden_field :guardian_photo, value: form.object.guardian_photo.signed_id if @appearance_release.guardian_photo.attached? %>
-                  <%= form.file_field :guardian_photo, hide_label: true, data: { ujs_target: "guardian-photo-input" }, accept: @appearance_release.class.face_photo_acceptable_content_types.join(","), direct_upload: true %>
+                  <%= form.file_field :guardian_photo, required: @appearance_release.minor?, hide_label: true, data: { ujs_target: "guardian-photo-input" }, accept: @appearance_release.class.face_photo_acceptable_content_types.join(","), direct_upload: true %>
                 </div>
                 <%= button_tag t(".photo.take_photo"), type: "button", class: "btn btn-lg btn-primary take-photo-button", data: { behavior: "take-guardian-photo" } %>
               </div>

app/views/public/broadcasts/_file_form.html.erb

@@ -1,4 +1,4 @@
 <%= bootstrap_form_for model, url: broadcast_url(token: token), layout: :inline, remote: true do |form| %>
-  <%= form.file_field :files, direct_upload: true, multiple: true, accept: "*", hide_label: true, wrapper_class: "w-65 mr-2", id: "broadcast_files_#{token}" %>
+  <%= form.file_field :files, direct_upload: true, multiple: true, accept: "*", hide_label: true, required: true, wrapper_class: "w-65 mr-2", id: "broadcast_files_#{token}" %>
   <%= form.button fa_icon("upload", text: "Add File"), class: "btn btn-primary", type: :submit, data: { disable_with: fa_icon("spinner", text: "Adding File") } %>
 <% end %>

config/locales/en.yml

@@ -814,6 +814,9 @@ en:
           warning: If your photo appears sideways, it will be autocorrected when you submit your release.
         signature:
           heading: Sign Below
+    broadcasts:
+      show:
+        alert: That broadcast is no longer available
     location_releases:
       create: 
         notice: Your release has been signed. Thank you!

spec/controllers/api/broadcasts_controller_spec.rb

@@ -128,6 +128,26 @@ RSpec.describe Api::BroadcastsController, type: :controller do
       expect(included.first.dig("id")).to eq broadcast.files.first.id.to_s
       expect(included.first.dig("type")).to eq 'active_storage_attachment'
     end
+
+    context "when files param contains a signed_id string" do
+      it "adds that file to the broadcast" do
+        project = create(:project, name: 'first', account_id: current_user.primary_account.id)
+        broadcast = create(:broadcast, :with_stream, skip_create_callback: true, project: project, status: 'created')
+        blob = ActiveStorage::Blob.create_after_upload!(io: StringIO.new("Hello"), filename: "hello.txt", content_type: "text/plain")
+
+        sign_in_to_api(current_user)
+        patch :update, params: { project_id: project, id: broadcast, broadcast: { files: [blob.signed_id] } }
+
+        relationships = JSON.parse(response.body).dig('data', 'relationships')
+        included = JSON.parse(response.body).dig('included')
+
+        expect(relationships.keys).to include('files')
+        expect(included.size).to eq 1
+        expect(included.first.dig("id")).to eq broadcast.files.first.id.to_s
+        expect(included.first.dig("type")).to eq 'active_storage_attachment'
+        expect(included.first.dig("attributes", "filename")).to eq 'hello.txt'
+      end
+    end
   end
 
   after do

spec/controllers/contracts_controller_spec.rb

@@ -63,4 +63,55 @@ RSpec.describe ContractsController, type: :controller do
 
     it_behaves_like "a contracts controller"
   end
+
+  context "for medical releases" do
+    let(:native_releasable) { create(:medical_release_with_contract_template, :native) }
+    let(:non_native_releasable) { create(:medical_release_with_contract_template, :non_native) }
+
+    describe "#show when user is account manager" do
+      it_behaves_like "a contracts controller"
+    end
+
+    shared_examples "a medical contracts controller for non-authorized users" do
+      describe "#show" do
+        context "for a native release" do
+          it "responds with not authorized error" do
+            pdf_body = Tempfile.new
+            allow_any_instance_of(Contract).to receive(:to_pdf).and_return(pdf_body)
+
+            expect {
+              get :show, params: { format: :pdf, "#{native_releasable.model_name.singular}_id" => native_releasable }
+            }.to raise_exception(Pundit::NotAuthorizedError)
+          end
+        end
+
+        context "for a non-native release" do
+          it "responds with the attached contract" do
+            contract = double(:contract, service_url: "http://example.org/contract.pdf")
+            allow_any_instance_of(non_native_releasable.class).to receive(:contract).and_return(contract)
+
+            expect {
+              get :show, params: { format: :pdf, "#{non_native_releasable.model_name.singular}_id" => non_native_releasable }
+            }.to raise_exception(Pundit::NotAuthorizedError)
+          end
+        end
+      end
+    end
+
+    describe "#show when user is project manager" do
+      let(:manager_user) { create(:user, :manager) }
+      before do
+        sign_in manager_user
+      end
+      it_behaves_like "a medical contracts controller for non-authorized users"
+    end
+
+    describe "#show when user is associate" do
+      let(:associate_user) { create(:user, :associate) }
+      before do
+        sign_in associate_user
+      end
+      it_behaves_like "a medical contracts controller for non-authorized users"
+    end
+  end
 end

spec/factories/contract_templates.rb

@@ -8,6 +8,10 @@ FactoryBot.define do
     guardian_clause "Is the signer a minor?"
     fee "$0.00"
 
+    trait :archived do
+      archived_at Time.zone.now
+    end
+
     factory :appearance_release_contract_template do
       release_type "appearance" 
     end

spec/features/user_manages_contract_templates_spec.rb

@@ -5,6 +5,7 @@ require 'rails_helper'
 RSpec.feature 'User manages contract templates', type: :feature do
   let(:current_user) { create(:user, :manager) }
   let(:project) { create(:project, members: current_user, account: current_user.primary_account) }
+  let(:project2) { create(:project, members: current_user, account: current_user.primary_account, name: 'New project') }
 
   before do
     sign_in(current_user)
@@ -191,6 +192,21 @@ RSpec.feature 'User manages contract templates', type: :feature do
     expect(page).not_to have_content('Test template')
   end
 
+  scenario 'archived contract templates from other projects are not shown when importing contract templates' do
+    create(:contract_template, :archived, project: project2, name: 'Archived template')
+    create(:contract_template, project: project2, name: 'Active template')
+    create(:contract_template, project: project)
+
+    visit project_contract_templates_path(project)
+    expect(page).to have_content('Test template')
+
+    click_on import_template_button
+
+    expect(page).not_to have_content('Test template')
+    expect(page).not_to have_content('Archived template')
+    expect(page).to have_content('Active template')
+  end
+
   context 'When the user is associate' do
     let(:current_user) { create(:user, :associate) }
 
@@ -198,7 +214,7 @@ RSpec.feature 'User manages contract templates', type: :feature do
       visit project_contract_templates_path(project)
 
       expect(page).not_to have_content('Create New Release Template')
-      expect(page).not_to have_content('Import Release Template')
+      expect(page).not_to have_content(import_template_button)
       expect(page).not_to have_content('Delete')
     end
   end
@@ -218,6 +234,14 @@ RSpec.feature 'User manages contract templates', type: :feature do
 
   private
 
+  def import_template_button
+    t 'contract_templates.index.actions.import'
+  end
+
+  def import_selected_templates_button
+    t 'release_template_imports.new.actions.import'
+  end
+
   def preview_heading
     t 'blank_contracts.new.preview_heading'
   end

spec/features/user_managing_appearance_releases_spec.rb

@@ -65,6 +65,8 @@ feature 'User managing appearance releases' do
       expect(page).to have_content('Guardian email is not an email')
 
       fill_in guardian_email_field, with: 'valid@email.com'
+      fill_in guardian_address_field, with: '123 Test Lane, New York, NY 10000'
+      attach_file guardian_photo_field, file_fixture('hemsworth.jpeg'), visible: :all
       draw_signature file_fixture('signature.png'), 'appearance_release_signature_base64'
       click_button submit_release_button
 
@@ -468,6 +470,10 @@ feature 'User managing appearance releases' do
     'Guardian email'
   end
 
+  def guardian_address_field
+    'Guardian address'
+  end
+
   def guardian_photo_field
     'appearance_release[guardian_photo]'
   end

spec/features/user_managing_broadcasts_spec.rb

@@ -40,12 +40,12 @@ feature "User managing broadcasts" do
     scenario "visit show page of broadcast", js: true do
       broadcast = create(:broadcast, :with_stream, :with_files, project: project)
       recording = create(:broadcast_recording, broadcast: broadcast)
-      
+
       visit project_broadcast_path(project, broadcast)
 
       expect(page).to have_content("Live stream is waiting to begin.")
       expect(page).to have_content("Copy URL")
-      
+
       within "#files" do
         expect(page).to have_content("contract.pdf")
       end
@@ -54,6 +54,17 @@ feature "User managing broadcasts" do
       expect(page).to have_content(recording.download_file_name)
     end
 
+    scenario "form will not submit if user clicks Add files without selected files", js: true do
+      broadcast = create(:broadcast, :with_stream, :with_files, project: project)
+
+      visit project_broadcast_path(project, broadcast)
+
+      expect(page).to have_content("Live stream is waiting to begin.")
+      expect(page).to have_content add_file_button
+
+      click_on add_file_button
+    end
+
     scenario "visit multi-view broadcast page", js: true do
       broadcast_one = create(:broadcast, :with_stream, :with_files, name: "Broadcast 1", project: project)
       broadcast_two = create(:broadcast, :with_stream, :with_files, name: "Broadcast 2", project: project)
@@ -80,8 +91,13 @@ feature "User managing broadcasts" do
     end
   end
 
+
   private
 
+  def add_file_button
+    'Add File'
+  end
+
   def broadcast_name_field
     "broadcast[name]"
   end

spec/features/user_managing_medical_releases_spec.rb

@@ -0,0 +1,145 @@
+require "rails_helper"
+
+feature "User managing medical releases" do
+  let(:current_user) { create(:user) }
+  let(:project) { create(:project, members: current_user, account: current_user.primary_account) }
+
+  context "when signed in as account manager" do
+    before do
+      sign_in current_user
+    end
+
+    scenario "Download All is visible" do
+      create(:medical_release_with_contract_template, :native, project: project)
+      create(:medical_release_with_contract_template, :non_native, project: project)
+
+      visit project_medical_releases_path(project)
+
+      expect(page).to have_content download_all_button
+    end
+
+    scenario "Download action in Manage menu is visible" do
+      create(:medical_release_with_contract_template, :native, project: project)
+      create(:medical_release_with_contract_template, :non_native, project: project)
+
+      visit project_medical_releases_path(project)
+
+      expect(page).to have_link("Download", exact: true, count: 2)
+    end
+
+    scenario "Downloading PDF of native medical release is possible" do
+      native_release = create(:medical_release_with_contract_template, :native, project: project)
+
+      visit project_medical_releases_path(project)
+
+      click_link *view_release_pdf_link_for(native_release)
+      expect(content_type).to eq('application/pdf')
+    end
+  end
+
+  context "when the user is manager(project manager)" do
+    let(:current_user) { create(:user, :manager) }
+
+    before do
+      sign_in current_user
+    end
+
+    scenario "Download All is not visible" do
+      create(:medical_release_with_contract_template, :native, project: project)
+      create(:medical_release_with_contract_template, :non_native, project: project)
+
+      visit project_medical_releases_path(project)
+
+      expect(page).not_to have_content download_all_button
+    end
+
+    scenario "Download action in Manage menu is not visible" do
+      create(:medical_release_with_contract_template, :native, project: project)
+      create(:medical_release_with_contract_template, :non_native, project: project)
+
+      visit project_medical_releases_path(project)
+
+      expect(page).to have_link("Download", exact: true, count: 0)
+    end
+
+    scenario "Downloading PDF of native medical release is not possible" do
+      native_release = create(:medical_release_with_contract_template, :native, project: project)
+
+      visit project_medical_releases_path(project)
+
+      link = medical_release_contracts_path(native_release, format: 'pdf')
+      expect { visit link }.to raise_exception Pundit::NotAuthorizedError
+    end
+
+    scenario "Downloading PDF of non native medical release is not possible" do
+      non_native_release = create(:medical_release_with_contract_template, :non_native, project: project)
+
+      visit project_medical_releases_path(project)
+
+      link = medical_release_contracts_path(non_native_release, format: 'pdf')
+      expect { visit link }.to raise_exception Pundit::NotAuthorizedError
+    end
+  end
+
+  context "when the user is associate" do
+    let(:current_user) { create(:user, :associate) }
+
+    before do
+      sign_in current_user
+    end
+
+    scenario "Download All is not visible" do
+      create(:medical_release_with_contract_template, :native, project: project)
+      create(:medical_release_with_contract_template, :non_native, project: project)
+
+      visit project_medical_releases_path(project)
+
+      expect(page).not_to have_content download_all_button
+    end
+
+    scenario "Download action in Manage menu is not visible" do
+      create(:medical_release_with_contract_template, :native, project: project)
+      create(:medical_release_with_contract_template, :non_native, project: project)
+
+      visit project_medical_releases_path(project)
+
+      expect(page).to have_link("Download", exact: true, count: 0)
+    end
+
+    scenario "Downloading PDF of native medical release is not possible" do
+      native_release = create(:medical_release_with_contract_template, :native, project: project)
+
+      visit project_medical_releases_path(project)
+
+      link = medical_release_contracts_path(native_release, format: 'pdf')
+      expect { visit link }.to raise_exception Pundit::NotAuthorizedError
+    end
+
+    scenario "Downloading PDF of non native medical release is not possible" do
+      non_native_release = create(:medical_release_with_contract_template, :non_native, project: project)
+
+      visit project_medical_releases_path(project)
+
+      link = medical_release_contracts_path(non_native_release, format: 'pdf')
+      expect { visit link }.to raise_exception Pundit::NotAuthorizedError
+    end
+  end
+
+  private
+
+  def download_all_button
+    'Download All'
+  end
+
+  def download_action
+    'Download'
+  end
+
+  def manage_button
+    t 'medical_releases.medical_release.actions.manage'
+  end
+
+  def view_release_pdf_link_for(release)
+    ['Download', href: medical_release_contracts_path(release, format: 'pdf')]
+  end
+end

spec/policies/medical_release_policy_spec.rb

@@ -1,7 +1,8 @@
 require "rails_helper"
 
 describe MedicalReleasePolicy do
-  let(:user_context) { build(:user_context) }
+  let(:user) { create(:user) }
+  let(:user_context) { create(:user_context, user: user, account: user.primary_account) }
 
   subject { described_class }
 
@@ -9,8 +10,28 @@ describe MedicalReleasePolicy do
     it { is_expected.to permit(:create) }
   end
 
-  permissions :show? do
-    it { is_expected.to permit(:show) }
+  context "for an account manager" do
+    let(:user) { create(:user, :account_manager) }
+
+    permissions :show? do
+      it { is_expected.to permit(user_context, :show) }
+    end
+  end
+
+  context "for an associate" do
+    let(:user) { create(:user, :associate) }
+
+    permissions :show? do
+      it { is_expected.not_to permit(user_context, :show) }
+    end
+  end
+
+  context "for a manager" do
+    let(:user) { create(:user, :manager) }
+
+    permissions :show? do
+      it { is_expected.not_to permit(user_context, :show) }
+    end
   end
 
   permissions :update? do