Merge branch 'roles'

3 files changed, 196 insertions, 3 deletions

diff --git a/t/app/controller/admin/roles.t b/t/app/controller/admin/roles.t
new file mode 100644
index 000000000..6dd40cbb6
--- /dev/null
+++ b/t/app/controller/admin/roles.t
@@ -0,0 +1,132 @@
+use FixMyStreet::TestMech;
+
+my $mech = FixMyStreet::TestMech->new;
+
+my $superuser = $mech->create_user_ok('superuser@example.com', name => 'Super User', is_superuser => 1);
+
+my $body = $mech->create_body_ok(2237, 'Oxfordshire County Council');
+my $body2 = $mech->create_body_ok(2482, 'Bromley Council');
+my $editor = $mech->create_user_ok('counciluser@example.com', name => 'Council User', from_body => $body);
+my $user = $mech->create_user_ok('staffuser@example.com', name => 'Other Council User', from_body => $body);
+
+$editor->user_body_permissions->create({
+    body => $body,
+    permission_type => 'user_edit',
+});
+$editor->user_body_permissions->create({
+    body => $body,
+    permission_type => 'user_manage_permissions',
+});
+$user->user_body_permissions->create({
+    body => $body,
+    permission_type => 'report_edit_priority',
+});
+
+FixMyStreet::DB->resultset("Role")->create({
+    body => $body,
+    name => 'Role A',
+    permissions => ['moderate', 'user_edit'],
+});
+FixMyStreet::DB->resultset("Role")->create({
+    body => $body2,
+    name => 'Role Z',
+    permissions => ['report_inspect', 'planned_reports'],
+});
+
+FixMyStreet::override_config {
+    ALLOWED_COBRANDS => 'oxfordshire',
+    MAPIT_URL => 'http://mapit.uk',
+}, sub {
+
+    $mech->log_in_ok( $editor->email );
+
+    subtest 'role index page' => sub {
+        $mech->get_ok("/admin/roles");
+        $mech->content_contains('Role A');
+        $mech->content_contains('Moderate report details');
+        $mech->content_lacks('Role Z');
+        $mech->content_lacks('Manage shortlist');
+        $mech->content_lacks('Add/edit response templates'); # About to be added
+    };
+
+    subtest 'create a role' => sub {
+        $mech->follow_link_ok({ text => 'Create' });
+        $mech->content_lacks('Body');
+        $mech->submit_form_ok({ with_fields => { name => 'Role A' }});
+        $mech->content_contains('Role names must be unique');
+        $mech->submit_form_ok({ with_fields => {
+            name => 'Role B',
+            permissions => [ ['template_edit', 'user_manage_permissions'] ],
+        }});
+
+        $mech->content_contains('Role B');
+        $mech->content_contains('Add/edit response templates');
+    };
+
+    subtest 'editing a role preselects correct options' => sub {
+        $mech->follow_link_ok({ text => 'Edit' });
+        $mech->content_like(qr/value="moderate"[^>]*checked/);
+        $mech->content_like(qr/value="user_edit"[^>]*checked/);
+    };
+
+    subtest 'editing a role to same name as another fails' => sub {
+        $mech->submit_form_ok({ with_fields => { name => 'Role B' }});
+        $mech->content_contains('Role names must be unique');
+    };
+
+    subtest 'delete a role' => sub {
+        $mech->submit_form_ok({ button => 'delete_role' });
+        $mech->content_lacks('Role A');
+    };
+
+    subtest 'assign a user to a role' => sub {
+        $mech->get_ok('/admin/users/' . $user->id);
+        $mech->content_contains('Role B');
+        $mech->content_lacks('Role Z');
+        $mech->submit_form_ok({ with_fields => {
+            roles => 'Role B',
+        }});
+        $mech->content_like(qr/<option[^>]*selected>Role B/);
+        $mech->content_like(qr/<input[^>]*checkbox[^>]*template_edit[^>]*checked/);
+        is $user->roles->count, 1, 'in one role';
+        is $user->user_body_permissions->count, 0, 'permissions removed';
+    };
+
+    subtest 'check user has the permissions of the role' => sub {
+        $mech->log_in_ok($user->email);
+        $mech->get_ok('/admin/templates');
+    };
+
+    subtest 'remove user from role' => sub {
+        $mech->log_in_ok( $editor->email );
+        $mech->get_ok('/admin/users/' . $user->id);
+        $mech->submit_form_ok({ with_fields => {
+            roles => undef,
+        }}, 'remove role');
+    };
+};
+
+subtest 'superuser can see all bodies' => sub {
+    $mech->log_in_ok( $superuser->email );
+
+    $mech->get_ok("/admin/roles");
+    $mech->content_contains('Oxfordshire');
+    $mech->content_contains('Bromley');
+    $mech->content_contains('Role B');
+    $mech->content_contains('Role Z');
+    $mech->follow_link_ok({ text => 'Create' });
+    $mech->content_contains('Body');
+    $mech->content_contains('Bromley');
+
+    $mech->submit_form_ok({ with_fields => { body => $body->id, name => 'Role B' }});
+    $mech->content_contains('Role names must be unique');
+
+    $mech->submit_form_ok({ with_fields => {
+        name => 'Role C',
+        body => $body2->id,
+        permissions => 'contribute_as_body',
+    }});
+    $mech->content_contains('Role C');
+};
+
+done_testing();
diff --git a/t/app/controller/admin/users.t b/t/app/controller/admin/users.t
index e2c922a23..ce29a5f7c 100644
--- a/t/app/controller/admin/users.t
+++ b/t/app/controller/admin/users.t
@@ -60,6 +60,7 @@ subtest 'show flagged entries' => sub {
     $user->update;
 };
 
+my $role;
 subtest 'user search' => sub {
     $mech->get_ok('/admin/users');
     $mech->get_ok('/admin/users?search=' . $user->name);
@@ -74,8 +75,25 @@ subtest 'user search' => sub {
 
     $user->from_body($haringey->id);
     $user->update;
+    $role = $user->roles->create({
+        body => $haringey,
+        name => 'Role A',
+        permissions => ['moderate', 'user_edit'],
+    });
+    $user->add_to_roles($role);
     $mech->get_ok('/admin/users?search=' . $haringey->id );
-    $mech->content_contains('Haringey');
+    $mech->content_contains('test@example.com');
+    $mech->get_ok('/admin/users?role=' . $role->id);
+    $mech->content_contains('selected>Role A');
+    $mech->content_contains('test@example.com');
+};
+
+subtest 'user assign role' => sub {
+    $user->remove_from_roles($role);
+    is $user->roles->count, 0;
+    $mech->get_ok('/admin/users');
+    $mech->submit_form_ok({ with_fields => { uid => $user->id, roles => $role->id } });
+    is $user->roles->count, 1;
 };
 
 subtest 'search does not show user from another council' => sub {
@@ -157,6 +175,7 @@ for my $test (
     subtest $test->{desc} => sub {
         $mech->get_ok('/admin/users');
         $mech->submit_form_ok( { with_fields => $test->{fields} } );
+        $mech->content_contains('Norman') if $test->{fields}{name};
         if ($test->{error}) {
             $mech->content_contains($_) for @{$test->{error}};
         } else {
@@ -166,7 +185,7 @@ for my $test (
 }
 
 my %default_perms = (
-    "permissions[moderate]" => undef,
+    "permissions[moderate]" => 'on',
     "permissions[planned_reports]" => undef,
     "permissions[report_mark_private]" => undef,
     "permissions[report_edit]" => undef,
@@ -180,7 +199,7 @@ my %default_perms = (
     "permissions[contribute_as_body]" => undef,
     "permissions[default_to_body]" => undef,
     "permissions[view_body_contribute_details]" => undef,
-    "permissions[user_edit]" => undef,
+    "permissions[user_edit]" => 'on',
     "permissions[user_manage_permissions]" => undef,
     "permissions[user_assign_body]" => undef,
     "permissions[user_assign_areas]" => undef,
@@ -211,6 +230,7 @@ FixMyStreet::override_config {
                 is_superuser => undef,
                 area_ids => undef,
                 %default_perms,
+                roles => $role->id,
             },
             changes => {
                 name => 'Changed User',
@@ -231,6 +251,7 @@ FixMyStreet::override_config {
                 is_superuser => undef,
                 area_ids => undef,
                 %default_perms,
+                roles => $role->id,
             },
             changes => {
                 email => 'changed@example.com',
@@ -251,10 +272,14 @@ FixMyStreet::override_config {
                 is_superuser => undef,
                 area_ids => undef,
                 %default_perms,
+                roles => $role->id,
             },
             changes => {
                 body => $southend->id,
             },
+            removed => [
+                'roles',
+            ],
             log_count => 3,
             log_entries => [qw/edit edit edit/],
         },
@@ -339,6 +364,8 @@ FixMyStreet::override_config {
             },
             added => {
                 %default_perms,
+                'permissions[moderate]' => undef,
+                'permissions[user_edit]' => undef,
             },
             log_count => 5,
             log_entries => [qw/edit edit edit edit edit/],
diff --git a/t/app/controller/admin/users_import.t b/t/app/controller/admin/users_import.t
new file mode 100644
index 000000000..df8884797
--- /dev/null
+++ b/t/app/controller/admin/users_import.t
@@ -0,0 +1,34 @@
+use FixMyStreet::TestMech;
+
+my $mech = FixMyStreet::TestMech->new;
+
+my $superuser = $mech->create_user_ok('superuser@example.com', name => 'Super User', is_superuser => 1);
+my $body = $mech->create_body_ok(2509, 'Haringey Borough Council');
+
+$mech->log_in_ok( $superuser->email );
+
+my $body_id = $body->id;
+my $csv = <<EOF;
+name,email,from_body,permissions,roles
+Adrian,adrian\@example.org,$body_id,moderate:user_edit,
+Belinda,belinda\@example.org,$body_id,,Customer Service
+EOF
+
+FixMyStreet::DB->resultset("Role")->create({
+    body => $body,
+    name => 'Customer Service',
+});
+
+subtest 'import CSV file' => sub {
+    $mech->get_ok('/admin/users/import');
+    $mech->submit_form_ok({ with_fields => {
+        csvfile => [ [ undef, 'foo.csv', Content => $csv ], 1],
+    }});
+    $mech->content_contains('Created 2 new users');
+    my $a = FixMyStreet::DB->resultset("User")->find({ email => 'adrian@example.org' });
+    is $a->user_body_permissions->count, 2;
+    my $b = FixMyStreet::DB->resultset("User")->find({ email => 'belinda@example.org' });
+    is $b->roles->count, 1;
+};
+
+done_testing();