aboutsummaryrefslogtreecommitdiffstats
path: root/t/app
diff options
context:
space:
mode:
authorDave Arter <davea@mysociety.org>2016-08-17 15:31:56 +0100
committerDave Arter <davea@mysociety.org>2016-08-17 15:38:07 +0100
commitd2a00747fc56342ed262804d8f268335e6ec1dfa (patch)
tree81e06668a97416ac9ae0d537380fc247e1f91c3c /t/app
parent4eb4658ad589d01d58b239993e201c47325a2eb4 (diff)
Allow user permissions to be granted/revoked in admin
Diffstat (limited to 't/app')
-rw-r--r--t/app/controller/admin.t167
-rw-r--r--t/app/controller/admin_permissions.t201
-rw-r--r--t/app/controller/moderate.t1
3 files changed, 324 insertions, 45 deletions
diff --git a/t/app/controller/admin.t b/t/app/controller/admin.t
index 531fa7726..df4a72c4b 100644
--- a/t/app/controller/admin.t
+++ b/t/app/controller/admin.t
@@ -15,6 +15,8 @@ my $superuser = $mech->create_user_ok('superuser@example.com', name => 'Super Us
my $oxfordshire = $mech->create_body_ok(2237, 'Oxfordshire County Council', id => 2237);
my $oxfordshireuser = $mech->create_user_ok('counciluser@example.com', name => 'Council User', from_body => $oxfordshire);
+my $bromley = $mech->create_body_ok(2482, 'Bromley Council', id => 2482);
+
my $user3 = $mech->create_user_ok('test3@example.com', name => 'Test User 2');
if ( $user3 ) {
@@ -1153,6 +1155,19 @@ for my $test (
phone => '',
flagged => undef,
is_superuser => undef,
+ "permissions[moderate]" => undef,
+ "permissions[planned_reports]" => undef,
+ "permissions[report_edit]" => undef,
+ "permissions[report_edit_category]" => undef,
+ "permissions[report_edit_priority]" => undef,
+ "permissions[report_inspect]" => undef,
+ "permissions[report_instruct]" => undef,
+ "permissions[contribute_as_another_user]" => undef,
+ "permissions[contribute_as_body]" => undef,
+ "permissions[user_edit]" => undef,
+ "permissions[user_manage_permissions]" => undef,
+ "permissions[user_assign_body]" => undef,
+ "permissions[user_assign_areas]" => undef,
},
changes => {
name => 'Changed User',
@@ -1169,6 +1184,19 @@ for my $test (
phone => '',
flagged => undef,
is_superuser => undef,
+ "permissions[moderate]" => undef,
+ "permissions[planned_reports]" => undef,
+ "permissions[report_edit]" => undef,
+ "permissions[report_edit_category]" => undef,
+ "permissions[report_edit_priority]" => undef,
+ "permissions[report_inspect]" => undef,
+ "permissions[report_instruct]" => undef,
+ "permissions[contribute_as_another_user]" => undef,
+ "permissions[contribute_as_body]" => undef,
+ "permissions[user_edit]" => undef,
+ "permissions[user_manage_permissions]" => undef,
+ "permissions[user_assign_body]" => undef,
+ "permissions[user_assign_areas]" => undef,
},
changes => {
email => 'changed@example.com',
@@ -1185,6 +1213,19 @@ for my $test (
phone => '',
flagged => undef,
is_superuser => undef,
+ "permissions[moderate]" => undef,
+ "permissions[planned_reports]" => undef,
+ "permissions[report_edit]" => undef,
+ "permissions[report_edit_category]" => undef,
+ "permissions[report_edit_priority]" => undef,
+ "permissions[report_inspect]" => undef,
+ "permissions[report_instruct]" => undef,
+ "permissions[contribute_as_another_user]" => undef,
+ "permissions[contribute_as_body]" => undef,
+ "permissions[user_edit]" => undef,
+ "permissions[user_manage_permissions]" => undef,
+ "permissions[user_assign_body]" => undef,
+ "permissions[user_assign_areas]" => undef,
},
changes => {
body => $southend->id,
@@ -1201,6 +1242,19 @@ for my $test (
phone => '',
flagged => undef,
is_superuser => undef,
+ "permissions[moderate]" => undef,
+ "permissions[planned_reports]" => undef,
+ "permissions[report_edit]" => undef,
+ "permissions[report_edit_category]" => undef,
+ "permissions[report_edit_priority]" => undef,
+ "permissions[report_inspect]" => undef,
+ "permissions[report_instruct]" => undef,
+ "permissions[contribute_as_another_user]" => undef,
+ "permissions[contribute_as_body]" => undef,
+ "permissions[user_edit]" => undef,
+ "permissions[user_manage_permissions]" => undef,
+ "permissions[user_assign_body]" => undef,
+ "permissions[user_assign_areas]" => undef,
},
changes => {
flagged => 'on',
@@ -1217,6 +1271,19 @@ for my $test (
phone => '',
flagged => 'on',
is_superuser => undef,
+ "permissions[moderate]" => undef,
+ "permissions[planned_reports]" => undef,
+ "permissions[report_edit]" => undef,
+ "permissions[report_edit_category]" => undef,
+ "permissions[report_edit_priority]" => undef,
+ "permissions[report_inspect]" => undef,
+ "permissions[report_instruct]" => undef,
+ "permissions[contribute_as_another_user]" => undef,
+ "permissions[contribute_as_body]" => undef,
+ "permissions[user_edit]" => undef,
+ "permissions[user_manage_permissions]" => undef,
+ "permissions[user_assign_body]" => undef,
+ "permissions[user_assign_areas]" => undef,
},
changes => {
flagged => undef,
@@ -1233,10 +1300,38 @@ for my $test (
phone => '',
flagged => undef,
is_superuser => undef,
+ "permissions[moderate]" => undef,
+ "permissions[planned_reports]" => undef,
+ "permissions[report_edit]" => undef,
+ "permissions[report_edit_category]" => undef,
+ "permissions[report_edit_priority]" => undef,
+ "permissions[report_inspect]" => undef,
+ "permissions[report_instruct]" => undef,
+ "permissions[contribute_as_another_user]" => undef,
+ "permissions[contribute_as_body]" => undef,
+ "permissions[user_edit]" => undef,
+ "permissions[user_manage_permissions]" => undef,
+ "permissions[user_assign_body]" => undef,
+ "permissions[user_assign_areas]" => undef,
},
changes => {
is_superuser => 'on',
},
+ removed => [
+ "permissions[moderate]",
+ "permissions[planned_reports]",
+ "permissions[report_edit]",
+ "permissions[report_edit_category]",
+ "permissions[report_edit_priority]",
+ "permissions[report_inspect]",
+ "permissions[report_instruct]",
+ "permissions[contribute_as_another_user]",
+ "permissions[contribute_as_body]",
+ "permissions[user_edit]",
+ "permissions[user_manage_permissions]",
+ "permissions[user_assign_body]",
+ "permissions[user_assign_areas]",
+ ],
log_count => 5,
log_entries => [qw/edit edit edit edit edit/],
},
@@ -1253,6 +1348,21 @@ for my $test (
changes => {
is_superuser => undef,
},
+ added => {
+ "permissions[moderate]" => undef,
+ "permissions[planned_reports]" => undef,
+ "permissions[report_edit]" => undef,
+ "permissions[report_edit_category]" => undef,
+ "permissions[report_edit_priority]" => undef,
+ "permissions[report_inspect]" => undef,
+ "permissions[report_instruct]" => undef,
+ "permissions[contribute_as_another_user]" => undef,
+ "permissions[contribute_as_body]" => undef,
+ "permissions[user_edit]" => undef,
+ "permissions[user_manage_permissions]" => undef,
+ "permissions[user_assign_body]" => undef,
+ "permissions[user_assign_areas]" => undef,
+ },
log_count => 5,
log_entries => [qw/edit edit edit edit edit/],
},
@@ -1270,6 +1380,17 @@ for my $test (
$mech->submit_form_ok( { with_fields => $expected } );
+ # Some actions cause visible fields to be added/removed
+ foreach my $x (@{ $test->{removed} }) {
+ delete $expected->{$x};
+ }
+ if ( $test->{added} ) {
+ $expected = {
+ %$expected,
+ %{ $test->{added} }
+ };
+ }
+
$visible = $mech->visible_form_values;
is_deeply $visible, $expected, 'user updated';
@@ -1355,52 +1476,8 @@ subtest "Users with from_body can't access fixmystreet.com admin" => sub {
};
};
-$report->bodies_str(2237);
-$report->cobrand('oxfordshire');
-$report->update;
-
-$mech->log_in_ok( $oxfordshireuser->email );
-
-subtest "Users can't edit report without report_edit permission" => sub {
- FixMyStreet::override_config {
- ALLOWED_COBRANDS => [ 'oxfordshire' ],
- }, sub {
- $mech->get("/admin/report_edit/$report_id");
- ok !$mech->res->is_success(), "want a bad response";
- is $mech->res->code, 404, "got 404, can't edit report without report_edit permission";
- };
-};
-
-subtest "Users can edit report with report_edit permission" => sub {
- FixMyStreet::override_config {
- ALLOWED_COBRANDS => [ 'oxfordshire' ],
- }, sub {
- $oxfordshireuser->user_body_permissions->create({
- body => $oxfordshire,
- permission_type => 'report_edit',
- });
-
- $mech->get_ok("/admin/report_edit/$report_id");
- $mech->content_contains( $report->title );
- };
-};
-
-subtest "Users can't edit another council's reports with their own council's report_edit permission" => sub {
- FixMyStreet::override_config {
- ALLOWED_COBRANDS => [ 'oxfordshire' ],
- }, sub {
- $report->bodies_str(2482);
- $report->cobrand('bromley');
- $report->update;
-
- $mech->get("/admin/report_edit/$report_id");
- ok !$mech->res->is_success(), "want a bad response";
- is $mech->res->code, 404, "got 404, can't edit report with incorrect body in report_edit permission";
- };
-};
-
-
$mech->log_out_ok;
+$user2->user_body_permissions->delete_all;
$oxfordshireuser->user_body_permissions->delete_all;
diff --git a/t/app/controller/admin_permissions.t b/t/app/controller/admin_permissions.t
new file mode 100644
index 000000000..63b753ff3
--- /dev/null
+++ b/t/app/controller/admin_permissions.t
@@ -0,0 +1,201 @@
+use strict;
+use warnings;
+use Test::More;
+use LWP::Protocol::PSGI;
+
+use t::Mock::MapIt;
+use FixMyStreet::TestMech;
+
+my $mech = FixMyStreet::TestMech->new;
+
+my $user = $mech->create_user_ok('test@example.com', name => 'Test User');
+my $user2 = $mech->create_user_ok('test2@example.com', name => 'Test User 2');
+my $superuser = $mech->create_user_ok('superuser@example.com', name => 'Super User', is_superuser => 1);
+
+my $oxfordshire = $mech->create_body_ok(2237, 'Oxfordshire County Council', id => 2237);
+my $oxfordshireuser = $mech->create_user_ok('counciluser@example.com', name => 'Council User', from_body => $oxfordshire);
+
+my $bromley = $mech->create_body_ok(2482, 'Bromley Council', id => 2482);
+
+END {
+ $mech->delete_user( $user );
+ $mech->delete_user( $user2 );
+ $mech->delete_user( $superuser );
+ $mech->delete_user( $oxfordshireuser );
+}
+
+my $dt = DateTime->new(
+ year => 2011,
+ month => 04,
+ day => 16,
+ hour => 15,
+ minute => 47,
+ second => 23
+);
+
+my ($report) = $mech->create_problems_for_body(1, $oxfordshire->id, 'Test');
+my $report_id = $report->id;
+ok $report, "created test report - $report_id";
+
+$mech->log_in_ok( $oxfordshireuser->email );
+
+subtest "Users can't edit report without report_edit permission" => sub {
+ FixMyStreet::override_config {
+ ALLOWED_COBRANDS => [ 'oxfordshire' ],
+ }, sub {
+ $mech->get("/admin/report_edit/$report_id");
+ ok !$mech->res->is_success(), "want a bad response";
+ is $mech->res->code, 403, "got 403, can't edit report without report_edit permission";
+ };
+};
+
+subtest "Users can edit report with report_edit permission" => sub {
+ FixMyStreet::override_config {
+ ALLOWED_COBRANDS => [ 'oxfordshire' ],
+ }, sub {
+ $oxfordshireuser->user_body_permissions->create({
+ body => $oxfordshire,
+ permission_type => 'report_edit',
+ });
+
+ $mech->get_ok("/admin/report_edit/$report_id");
+ $mech->content_contains( $report->title );
+ };
+};
+
+subtest "Users can't edit another council's reports with their own council's report_edit permission" => sub {
+ FixMyStreet::override_config {
+ ALLOWED_COBRANDS => [ 'oxfordshire' ],
+ }, sub {
+ $report->bodies_str($bromley->id);
+ $report->cobrand('bromley');
+ $report->update;
+
+ $mech->get("/admin/report_edit/$report_id");
+ ok !$mech->res->is_success(), "want a bad response";
+ is $mech->res->code, 404, "got 404, can't edit report with incorrect body in report_edit permission";
+ };
+};
+
+
+FixMyStreet::override_config {
+ MAPIT_URL => 'http://mapit.uk/',
+ ALLOWED_COBRANDS => [ 'oxfordshire' ],
+}, sub {
+ LWP::Protocol::PSGI->register(t::Mock::MapIt->run_if_script, host => 'mapit.uk');
+
+ my $user2_id = $user2->id;
+ $report->update({ bodies_str => $oxfordshire->id });
+
+ foreach my $perm (0, 1) {
+ if ($perm) {
+ $oxfordshireuser->user_body_permissions->find_or_create({
+ body => $oxfordshire,
+ permission_type => 'user_edit',
+ });
+ }
+ foreach my $report_user ($user, $user2) {
+ $report->update({ user => $report_user });
+ foreach my $from_body (undef, $bromley, $oxfordshire) {
+ $user2->update({ from_body => $from_body });
+ my $result = ($from_body || '') eq $oxfordshire || $report->user eq $user2 ? ($perm ? 200 : 403 ) : 404;
+ my $u = $result == 200 ? 'can' : 'cannot';
+ my $b = $from_body ? $from_body->name : 'no body';
+ my $p = $perm ? 'with' : 'without';
+ my $r = $report->user eq $user2 ? 'with' : 'without';
+ subtest "User $u edit user for $b $p permission, $r cobrand relation" => sub {
+ $mech->get("/admin/user_edit/$user2_id");
+ my $success = $mech->res->is_success();
+ ok $result == 200 ? $success : !$success, "got correct response";
+ is $mech->res->code, $result, "got $result";
+ };
+ }
+ }
+ }
+
+ $oxfordshireuser->user_body_permissions->create({
+ body => $oxfordshire,
+ permission_type => 'user_assign_body',
+ });
+
+ subtest "Users can edit users of their own council" => sub {
+ $mech->get_ok("/admin/user_edit/$user2_id");
+ $mech->content_contains( $user2->name );
+
+ # We shouldn't be able to see the permissions tick boxes
+ $mech->content_lacks('Moderate report details');
+
+ $mech->submit_form_ok( { with_fields => {
+ name => 'Test Updated User 2',
+ email => $user2->email,
+ body => $user2->from_body->id,
+ phone => '',
+ flagged => undef,
+ } } );
+ $user2->discard_changes;
+ is $user2->name, 'Test Updated User 2', 'name changed';
+ };
+
+ $oxfordshireuser->user_body_permissions->create({
+ body => $oxfordshire,
+ permission_type => 'user_manage_permissions',
+ });
+
+ subtest "Users can edit permissions" => sub {
+ is $user2->user_body_permissions->count, 0, 'user2 has no permissions';
+
+ $mech->get_ok("/admin/user_edit/$user2_id");
+ $mech->content_contains('Moderate report details');
+
+ $mech->submit_form_ok( { with_fields => {
+ name => $user2->name,
+ email => $user2->email,
+ body => $user2->from_body->id,
+ phone => '',
+ flagged => undef,
+ "permissions[moderate]" => 'on',
+ "permissions[report_edit_category]" => undef,
+ "permissions[report_edit_priority]" => undef,
+ "permissions[report_inspect]" => undef,
+ "permissions[report_instruct]" => undef,
+ "permissions[contribute_as_another_user]" => undef,
+ "permissions[contribute_as_body]" => undef,
+ "permissions[user_edit]" => undef,
+ "permissions[user_manage_permissions]" => undef,
+ "permissions[user_assign_areas]" => undef,
+ } } );
+
+ ok $user2->has_permission_to("moderate", $user2->from_body->id), "user2 has been granted moderate permission";
+ };
+
+ subtest "Unsetting user from_body removes all permissions " => sub {
+ is $user2->user_body_permissions->count, 1, 'user2 has 1 permission';
+
+ $mech->get_ok("/admin/user_edit/$user2_id");
+ $mech->content_contains('Moderate report details');
+
+ $mech->submit_form_ok( { with_fields => {
+ name => $user2->name,
+ email => $user2->email,
+ body => undef,
+ phone => '',
+ flagged => undef,
+ "permissions[moderate]" => 'on', # NB tick box is left on deliberately
+ "permissions[report_edit_category]" => undef,
+ "permissions[report_edit_priority]" => undef,
+ "permissions[report_inspect]" => undef,
+ "permissions[report_instruct]" => undef,
+ "permissions[contribute_as_another_user]" => undef,
+ "permissions[contribute_as_body]" => undef,
+ "permissions[user_edit]" => undef,
+ "permissions[user_manage_permissions]" => undef,
+ "permissions[user_assign_areas]" => undef,
+ } } );
+
+ is $user2->user_body_permissions->count, 0, 'user2 has had permissions removed';
+ };
+};
+
+$mech->log_out_ok;
+
+done_testing();
diff --git a/t/app/controller/moderate.t b/t/app/controller/moderate.t
index 52201c63b..0ccfcf2c2 100644
--- a/t/app/controller/moderate.t
+++ b/t/app/controller/moderate.t
@@ -334,5 +334,6 @@ $update2->delete;
$report->moderation_original_data->delete;
$report->delete;
$report2->delete;
+$mech->delete_user($user);
done_testing();
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 17:40:19 +0000