From 28428468c52037ea4ee40a31f37edce7a334973c Mon Sep 17 00:00:00 2001
From: Louise Crow <louise.crow@gmail.com>
Date: Tue, 23 Dec 2014 17:40:18 +0000
Subject: Use resource-based RESTful routing and separate controller

---
 spec/controllers/widgets_controller_spec.rb | 111 ++++++++++++++++++++++++++++
 1 file changed, 111 insertions(+)
 create mode 100644 spec/controllers/widgets_controller_spec.rb

(limited to 'spec/controllers/widgets_controller_spec.rb')

diff --git a/spec/controllers/widgets_controller_spec.rb b/spec/controllers/widgets_controller_spec.rb
new file mode 100644
index 000000000..e60f1b3cb
--- /dev/null
+++ b/spec/controllers/widgets_controller_spec.rb
@@ -0,0 +1,111 @@
+# coding: utf-8
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe WidgetsController do
+
+    include LinkToHelper
+
+    describe "#show" do
+
+        before do
+            @info_request = FactoryGirl.create(:info_request)
+        end
+
+        it 'should render the widget template' do
+            get :show, :request_id => @info_request.id
+            expect(response).to render_template('show')
+        end
+
+        it 'should find the info request' do
+            get :show, :request_id => @info_request.id
+            assigns[:info_request].should == @info_request
+        end
+
+        it 'should create a track thing for the request' do
+            get :show, :request_id => @info_request.id
+            assigns[:track_thing].info_request.should == @info_request
+        end
+
+        it 'should assign the request status' do
+            get :show, :request_id => @info_request.id
+            assigns[:status].should == @info_request.calculate_status
+        end
+
+        context 'for a non-logged-in user' do
+
+            context 'if no widget-vote cookie is set' do
+
+                it 'should set a widget-vote cookie' do
+                    cookies[:widget_vote].should be_nil
+                    get :show, :request_id => @info_request.id
+                    cookies[:widget_vote].should_not be_nil
+                end
+
+            end
+
+        end
+
+
+    end
+
+    describe "#new" do
+
+        before do
+            @info_request = FactoryGirl.create(:info_request)
+        end
+
+        it 'should render the create widget template' do
+            get :new, :request_id => @info_request.id
+            expect(response).to render_template('new')
+        end
+
+        it 'should find the info request' do
+            get :new, :request_id => @info_request.id
+            assigns[:info_request].should == @info_request
+        end
+
+    end
+
+    describe :update do
+
+        before do
+            @info_request = FactoryGirl.create(:info_request)
+        end
+
+        it 'should find the info request' do
+            get :update, :request_id => @info_request.id
+            assigns[:info_request].should == @info_request
+        end
+
+        it 'should redirect to the track path for the info request' do
+            get :update, :request_id => @info_request.id
+            track_thing = TrackThing.create_track_for_request(@info_request)
+            expect(response).to redirect_to(do_track_path(track_thing))
+        end
+
+        context 'when there is no logged-in user and a widget vote cookie' do
+
+            before do
+                @cookie_value = 'x' * 20
+            end
+
+            it 'should create a widget vote if none exists for the info request and cookie' do
+                @info_request.widget_votes.where(:cookie => @cookie_value).size.should == 0
+                request.cookies['widget_vote'] = @cookie_value
+                get :update, :request_id => @info_request.id
+                @info_request.widget_votes.where(:cookie => @cookie_value).size.should == 1
+            end
+
+            it 'should not create a widget vote if one exists for the info request and cookie' do
+                @info_request.widget_votes.create(:cookie => @cookie_value)
+                request.cookies['widget_vote'] = @cookie_value
+                get :update, :request_id => @info_request.id
+                @info_request.widget_votes.where(:cookie => @cookie_value).size.should == 1
+            end
+
+        end
+
+    end
+
+end
+
-- 
cgit v1.2.3


From b849d9b7d0fd68d9bc72a4dd0725f2fbb2d6aa86 Mon Sep 17 00:00:00 2001
From: Louise Crow <louise.crow@gmail.com>
Date: Tue, 23 Dec 2014 17:59:39 +0000
Subject: Allow widgets to be controlled with a feature flag.

---
 spec/controllers/widgets_controller_spec.rb | 33 +++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

(limited to 'spec/controllers/widgets_controller_spec.rb')

diff --git a/spec/controllers/widgets_controller_spec.rb b/spec/controllers/widgets_controller_spec.rb
index e60f1b3cb..28f6c1904 100644
--- a/spec/controllers/widgets_controller_spec.rb
+++ b/spec/controllers/widgets_controller_spec.rb
@@ -9,6 +9,7 @@ describe WidgetsController do
 
         before do
             @info_request = FactoryGirl.create(:info_request)
+            AlaveteliConfiguration.stub!(:enable_widgets).and_return(true)
         end
 
         it 'should render the widget template' do
@@ -45,6 +46,16 @@ describe WidgetsController do
 
         end
 
+        context 'when widgets are not enabled' do
+
+            it 'should return a 404' do
+                AlaveteliConfiguration.stub!(:enable_widgets).and_return(false)
+                lambda{ get :show, :request_id => @info_request.id }.should
+                    raise_error(ActiveRecord::RecordNotFound)
+            end
+
+        end
+
 
     end
 
@@ -52,6 +63,7 @@ describe WidgetsController do
 
         before do
             @info_request = FactoryGirl.create(:info_request)
+            AlaveteliConfiguration.stub!(:enable_widgets).and_return(true)
         end
 
         it 'should render the create widget template' do
@@ -64,12 +76,23 @@ describe WidgetsController do
             assigns[:info_request].should == @info_request
         end
 
+        context 'when widgets are not enabled' do
+
+            it 'should return a 404' do
+                AlaveteliConfiguration.stub!(:enable_widgets).and_return(false)
+                lambda{ get :new, :request_id => @info_request.id }.should
+                    raise_error(ActiveRecord::RecordNotFound)
+            end
+
+        end
+
     end
 
     describe :update do
 
         before do
             @info_request = FactoryGirl.create(:info_request)
+            AlaveteliConfiguration.stub!(:enable_widgets).and_return(true)
         end
 
         it 'should find the info request' do
@@ -105,6 +128,16 @@ describe WidgetsController do
 
         end
 
+        context 'when widgets are not enabled' do
+
+            it 'should raise ActiveRecord::RecordNotFound' do
+                AlaveteliConfiguration.stub!(:enable_widgets).and_return(false)
+                lambda{ get :update, :request_id => @info_request.id }.should
+                    raise_error(ActiveRecord::RecordNotFound)
+            end
+
+        end
+
     end
 
 end
-- 
cgit v1.2.3


From d16b7e1f15e9c7abe3db986850f5e60ff186c271 Mon Sep 17 00:00:00 2001
From: Louise Crow <louise.crow@gmail.com>
Date: Mon, 5 Jan 2015 17:10:29 +0000
Subject: Don't set 'same origin' policy for widget iframes.

Whilst this is a good security precaution in general, we want people to
display these widgets in iframes on other sites.
---
 spec/controllers/widgets_controller_spec.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'spec/controllers/widgets_controller_spec.rb')

diff --git a/spec/controllers/widgets_controller_spec.rb b/spec/controllers/widgets_controller_spec.rb
index 28f6c1904..80c2d2f26 100644
--- a/spec/controllers/widgets_controller_spec.rb
+++ b/spec/controllers/widgets_controller_spec.rb
@@ -32,6 +32,11 @@ describe WidgetsController do
             assigns[:status].should == @info_request.calculate_status
         end
 
+        it 'should not send an x-frame-options header' do
+            get :show, :request_id => @info_request.id
+            response.headers["X-Frame-Options"].should be_nil
+        end
+
         context 'for a non-logged-in user' do
 
             context 'if no widget-vote cookie is set' do
-- 
cgit v1.2.3


From f71658e9223f954177a5cacb8c7ad43605c264cd Mon Sep 17 00:00:00 2001
From: Louise Crow <louise.crow@gmail.com>
Date: Tue, 6 Jan 2015 14:55:47 +0000
Subject: Don't show the widget pages for requests without normal prominence.

---
 spec/controllers/widgets_controller_spec.rb | 32 +++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'spec/controllers/widgets_controller_spec.rb')

diff --git a/spec/controllers/widgets_controller_spec.rb b/spec/controllers/widgets_controller_spec.rb
index 80c2d2f26..6a58c7c5c 100644
--- a/spec/controllers/widgets_controller_spec.rb
+++ b/spec/controllers/widgets_controller_spec.rb
@@ -61,6 +61,16 @@ describe WidgetsController do
 
         end
 
+        context "when the request's prominence is not 'normal'" do
+
+            it 'should return a 403' do
+                @info_request.prominence = 'hidden'
+                @info_request.save!
+                get :show, :request_id => @info_request.id
+                response.code.should == "403"
+            end
+
+        end
 
     end
 
@@ -91,6 +101,17 @@ describe WidgetsController do
 
         end
 
+        context "when the request's prominence is not 'normal'" do
+
+            it 'should return a 403' do
+                @info_request.prominence = 'hidden'
+                @info_request.save!
+                get :show, :request_id => @info_request.id
+                response.code.should == "403"
+            end
+
+        end
+
     end
 
     describe :update do
@@ -143,6 +164,17 @@ describe WidgetsController do
 
         end
 
+        context "when the request's prominence is not 'normal'" do
+
+            it 'should return a 403' do
+                @info_request.prominence = 'hidden'
+                @info_request.save!
+                get :show, :request_id => @info_request.id
+                response.code.should == "403"
+            end
+
+        end
+
     end
 
 end
-- 
cgit v1.2.3