agnes/otwarchive-symphonyarchive
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
otwarchive-symphonyarchive/spec/controllers/admin/settings_controller_spec.rb

167 lines
6.1 KiB
Ruby
Raw Normal View History

first
2026-03-11 22:22:11 +00:00
require "spec_helper"
describe Admin::SettingsController do
include LoginMacros
include RedirectExpectationHelper
describe "GET #index" do
it "denies access to guest users" do
get :index
it_redirects_to_with_notice(root_url, "I'm sorry, only an admin can look at that area")
end
context "when logged in as admin" do
let(:admin) { create(:admin, roles: []) }
before { fake_login_admin(admin) }
it "denies access to admins without correct roles" do
get :index
it_redirects_to_with_error(root_url, "Sorry, only an authorized admin can access the page you were trying to reach.")
end
it "allows access to admins with correct roles" do
admin.update!(roles: ["policy_and_abuse"])
get :index
expect(response).to have_http_status(:success)
end
end
end
describe "PUT #update" do
let(:admin) { create(:admin, roles: []) }
let(:setting) { AdminSetting.default }
context "when admin does not have correct authorization" do
it "denies random admin access" do
fake_login_admin(admin)
put :update, params: { id: setting.id, admin_setting: { hide_spam: "1" } }
it_redirects_to_with_error(root_url, "Sorry, only an authorized admin can access the page you were trying to reach.")
end
end
context "when admin has correct authorization" do
before { fake_login_admin(admin) }
context "when admin has superadmin role" do
before { admin.update!(roles: ["superadmin"]) }
it "allows superadmins to update all settings" do
put :update, params: {
id: setting.id,
admin_setting: {
account_creation_enabled: "1",
creation_requires_invite: "1",
request_invite_enabled: "0",
invite_from_queue_enabled: "1",
invite_from_queue_number: "10",
invite_from_queue_frequency: "7",
days_to_purge_unactivated: "7",
disable_support_form: "1",
disabled_support_form_text: "Disable support",
suspend_filter_counts: "0",
tag_wrangling_off: "0",
downloads_enabled: "1",
enable_test_caching: "0",
cache_expiration: "10",
hide_spam: "1",
guest_comments_off: "1",
account_age_threshold_for_comment_spam_check: "7"
}
}
it_redirects_to_with_notice(admin_settings_path, "Archive settings were successfully updated.")
end
end
context "when admin has policy_and_abuse role" do
before { admin.update!(roles: ["policy_and_abuse"]) }
{
disable_support_form: true,
downloads_enabled: false,
tag_wrangling_off: true
}.each_pair do |field, value|
it "prevents admins with policy_and_abuse role from updating #{field}" do
expect do
put :update, params: { id: setting.id, admin_setting: { field => value } }
end.to raise_exception(ActionController::UnpermittedParameters)
expect(setting.reload.send(field)).not_to eq(value)
end
end
{
account_age_threshold_for_comment_spam_check: 10,
hide_spam: 1,
invite_from_queue_enabled: 0,
invite_from_queue_number: 11,
request_invite_enabled: 1
}.each_pair do |field, value|
it "allows admins with policy_and_abuse role to update #{field}" do
put :update, params: { id: setting.id, admin_setting: { field => value } }
expect(setting.reload.read_attribute_before_type_cast(field)).to eq(value)
it_redirects_to_with_notice(admin_settings_path, "Archive settings were successfully updated.")
end
end
end
context "when admin has support role" do
before { admin.update!(roles: ["support"]) }
{
downloads_enabled: false,
hide_spam: true,
guest_comments_off: true,
tag_wrangling_off: true,
account_age_threshold_for_comment_spam_check: 10
}.each_pair do |field, value|
it "prevents admins with support role from updating #{field}" do
expect do
put :update, params: { id: setting.id, admin_setting: { field => value } }
end.to raise_exception(ActionController::UnpermittedParameters)
expect(setting.reload.send(field)).not_to eq(value)
end
end
it "allows admins with support role to update support form settings" do
put :update, params: {
id: setting.id,
admin_setting: {
disable_support_form: true,
disabled_support_form_text: "Disable support"
}
}
expect(setting.reload.disable_support_form?).to be_truthy
expect(setting.reload.disabled_support_form_text).to include("Disable support")
it_redirects_to_with_notice(admin_settings_path, "Archive settings were successfully updated.")
end
end
context "when admin has tag_wrangling role" do
before { admin.update!(roles: ["tag_wrangling"]) }
{
disable_support_form: true,
downloads_enabled: false,
hide_spam: true,
guest_comments_off: true,
account_age_threshold_for_comment_spam_check: 10
}.each_pair do |field, value|
it "prevents admins with tag_wrangling role from updating #{field}" do
expect do
put :update, params: { id: setting.id, admin_setting: { field => value } }
end.to raise_exception(ActionController::UnpermittedParameters)
expect(setting.reload.send(field)).not_to eq(value)
end
end
it "allows admins with tag_wrangling role to turn wrangling off" do
put :update, params: { id: setting.id, admin_setting: { tag_wrangling_off: "1" } }
expect(setting.reload.tag_wrangling_off?).to be_truthy
it_redirects_to_with_notice(admin_settings_path, "Archive settings were successfully updated.")
end
end
end
end
end
Reference in a new issue Copy permalink