Sysadmin and Analyst pages specs

closes #128
MITLibraries · Apr 14, 2015 · 6435f97 · 6435f97 · richardrodgers · Apr 14, 2015
1 parent b26ec34
commit 6435f97
Show file tree

Hide file tree

Showing 4 changed files with 263 additions and 9 deletions.
diff --git a/app/controllers/Application.scala b/app/controllers/Application.scala
@@ -1006,7 +1006,7 @@ object Application extends Controller with Security {
     )
   )
 
-  def newHubModel = Action { implicit request =>
+  def newHubModel = isAdmin { identity => implicit request =>
     Ok(views.html.utils.cmodel_create(modelForm))
   }
 
@@ -1022,7 +1022,7 @@ object Application extends Controller with Security {
     Ok(jsonSubscriberModel)
   }
 
-  def addContentModel = Action { implicit request =>
+  def addContentModel = isAdmin { identity => implicit request =>
     // read a content model from posted data and update system in cases where
     // model components are not already installed. Note that
     // this relies on the uniqueness of scheme, etc tags across hubs
@@ -1036,7 +1036,7 @@ object Application extends Controller with Security {
     )
   }
 
-  def addPublisherModel = Action { implicit request =>
+  def addPublisherModel = isAdmin { identity => implicit request =>
     // read a publisher model from posted data and update system in cases where
     // model components are not already installed. Note that
     // this relies on the uniqueness of scheme, etc tags across hubs
@@ -1050,7 +1050,7 @@ object Application extends Controller with Security {
     )
   }
 
-  def addSubscriberModel = Action { implicit request =>
+  def addSubscriberModel = isAdmin { identity => implicit request =>
     // read a subscriber model from posted data and update system in cases where
     // model components are not already installed. Note that
     // this relies on the uniqueness of scheme, etc tags across hubs
@@ -1064,7 +1064,7 @@ object Application extends Controller with Security {
     )
   }
 
-  def reindex(dtype: String) = Action { implicit request =>
+  def reindex(dtype: String) = isAdmin { identity => implicit request =>
     indexer ! dtype
     Ok("Reindexing " + dtype + "s")
   }
@@ -1077,11 +1077,11 @@ object Application extends Controller with Security {
   )
 
   // sandbox for testing finder logic
-  def sandbox = Action { implicit request =>
+  def sandbox = isAnalyst { identity => implicit request =>
     Ok(views.html.static.sandbox(sandboxForm, List("<empty>")))
   }
 
-  def testExpression = Action { implicit request =>
+  def testExpression = isAnalyst { identity => implicit request =>
     sandboxForm.bindFromRequest.fold(
       errors => BadRequest(views.html.static.sandbox(errors, List("<error>"))),
       value => {
@@ -1093,7 +1093,7 @@ object Application extends Controller with Security {
   }
 
   // convenience method for now - refine for real use later
-  def purge = Action { implicit request =>
+  def purge = isAdmin { identity => implicit request =>
     val now = new Date
     Item.deleteBefore(now)
     Topic.deleteUnlinkedBefore(now)

diff --git a/app/controllers/AuthenticationController.scala b/app/controllers/AuthenticationController.scala
@@ -63,6 +63,17 @@ trait Security {
     }
   }
 
+  def isAdmin(f: => User => Request[AnyContent] => Result) = {
+    Authenticated(identity, onUnauthorized) { user =>
+      if (hasRole(user, "sysadmin")) {
+        Action(request => f(user)(request))
+      } else {
+        Action(request =>
+          Results.Unauthorized(views.html.static.trouble("You are not authorized")))
+      }
+    }
+  }
+
   def hasRole(user: User, role: String) = {
     if (user.hasRole(role)) {
       true

diff --git a/test/integration/IntegrationSpec.scala b/test/integration/IntegrationSpec.scala
@@ -65,7 +65,8 @@ class IntegrationSpec extends Specification {
       browser.goTo("http://localhost:" + port + "/workbench")
       assertThat(browser.$("#sidenav_models").getTexts.get(0)).isEqualTo("Models")
       browser.$("#sidenav_models").click();
-      assertThat(browser.title()).isEqualTo("Create Model - TopicHub")
+      assertThat(browser.title()).isEqualTo("Error - TopicHub")
+      browser.pageSource must contain("You are not authorized")
     }
 
     "provides link to Schemes" in new WithBrowser(app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {

diff --git a/test/integration/SysAdminPagesSpec.scala b/test/integration/SysAdminPagesSpec.scala
@@ -0,0 +1,242 @@
+import org.specs2.mutable._
+import org.specs2.runner._
+
+import play.api.test._
+import play.api.test.Helpers._
+import org.fest.assertions.Assertions.assertThat
+import play.api.Application
+import play.api.Play
+import play.api.Play.current
+import models.{ User }
+
+/**
+ * An integration test will fire up a whole play application in a real (or headless) browser
+ */
+class SysAdminPagesSpec extends Specification {
+
+  "SysAdmin pages" should {
+
+    def create_user(role: String) = User.make("bob", "bob@example.com", role, "current_user")
+
+    // GET /reindex
+    "reindex" should {
+      "as an unauthenticated User redirects to login" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        browser.goTo("http://localhost:" + port + "/reindex/topic")
+        assertThat(browser.title()).isEqualTo("Login to SCOAP3 - TopicHub")
+      }
+
+      "as an analyst redirects to Error" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("analyst")
+        browser.goTo("http://localhost:" + port + "/reindex/topic")
+        assertThat(browser.title()).isEqualTo("Error - TopicHub")
+        browser.pageSource must contain("You are not authorized")
+      }
+
+      "as an admin reindexes" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("sysadmin")
+        browser.goTo("http://localhost:" + port + "/reindex/topic")
+        browser.pageSource must contain("Reindexing topics")
+      }
+    }
+
+    // GET /workbench
+    "workbench" should {
+      "as an unauthenticated User redirects to login" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        browser.goTo("http://localhost:" + port + "/workbench")
+        assertThat(browser.title()).isEqualTo("Login to SCOAP3 - TopicHub")
+      }
+
+      "as an analyst displays workbench" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("analyst")
+        browser.goTo("http://localhost:" + port + "/workbench")
+        assertThat(browser.title()).isEqualTo("Workbench - TopicHub")
+      }
+
+      "as an admin redirects to error" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("sysadmin")
+        browser.goTo("http://localhost:" + port + "/workbench")
+        assertThat(browser.title()).isEqualTo("Error - TopicHub")
+        browser.pageSource must contain("You are not authorized")
+      }
+    }
+
+    // GET /purge
+    "purge" should {
+      "as an unauthenticated User redirects to login" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        browser.goTo("http://localhost:" + port + "/purge")
+        assertThat(browser.title()).isEqualTo("Login to SCOAP3 - TopicHub")
+      }
+
+      "as an analyst redirects to Error" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("analyst")
+        browser.goTo("http://localhost:" + port + "/purge")
+        assertThat(browser.title()).isEqualTo("Error - TopicHub")
+        browser.pageSource must contain("You are not authorized")
+      }
+
+      "as an admin reindexes" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("sysadmin")
+        browser.goTo("http://localhost:" + port + "/purge")
+        browser.pageSource must contain("too late to go back now")
+      }
+    }
+
+    // GET /sandbox
+    "sandbox" should {
+      "as an unauthenticated User redirects to login" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        browser.goTo("http://localhost:" + port + "/sandbox")
+        assertThat(browser.title()).isEqualTo("Login to SCOAP3 - TopicHub")
+      }
+
+      "as an analyst displays form" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("analyst")
+        browser.goTo("http://localhost:" + port + "/sandbox")
+        assertThat(browser.title()).isEqualTo("Sandbox - TopicHub")
+        browser.pageSource must contain("""<form action="/testExpression" method="POST">""")
+      }
+
+      "as an admin redirects to Error" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("sysadmin")
+        browser.goTo("http://localhost:" + port + "/sandbox")
+        assertThat(browser.title()).isEqualTo("Error - TopicHub")
+        browser.pageSource must contain("You are not authorized")
+      }
+    }
+
+    // POST /testExpression
+    "testExpression" should {
+      "as an unauthenticated User redirects to login" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        val action = route(FakeRequest(POST, "/testExpression")).get
+        redirectLocation(action) must beSome.which(_ == "/login")
+      }
+
+      "as an analyst displays form" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("analyst")
+        val action = route(FakeRequest(POST, "/testExpression")).get
+        redirectLocation(action) must beNone
+        contentAsString(action) must contain ("This field is required")
+      }
+
+      "as an admin redirects to Error" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("sysadmin")
+        val action = route(FakeRequest(POST, "/testExpression")).get
+        redirectLocation(action) must beNone
+        contentAsString(action) must contain ("Reason: You are not authorized")
+      }
+    }
+
+    // GET /model/create
+    "contentModel" should {
+      "as an unauthenticated User redirects to login" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        browser.goTo("http://localhost:" + port + "/model/create")
+        assertThat(browser.title()).isEqualTo("Login to SCOAP3 - TopicHub")
+      }
+
+      "as an analyst redirects to error" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("analyst")
+        browser.goTo("http://localhost:" + port + "/model/create")
+        assertThat(browser.title()).isEqualTo("Error - TopicHub")
+        browser.pageSource must contain("You are not authorized")
+      }
+
+      "as an admin display form" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("sysadmin")
+        browser.goTo("http://localhost:" + port + "/model/create")
+        assertThat(browser.title()).isEqualTo("Create Model - TopicHub")
+      }
+    }
+
+    // POST /cmodel
+    "addContentModel" should {
+      "as an unauthenticated User redirects to login" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        val action = route(FakeRequest(POST, "/cmodel")).get
+        redirectLocation(action) must beSome.which(_ == "/login")
+      }
+
+      "as an analyst redirects to error" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("analyst")
+        val action = route(FakeRequest(POST, "/cmodel")).get
+        redirectLocation(action) must beNone
+        contentAsString(action) must contain ("Reason: You are not authorized")
+      }
+
+      "as an admin is allowed" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("sysadmin")
+        val action = route(FakeRequest(POST, "/cmodel")).get
+        redirectLocation(action) must beNone
+        contentAsString(action) must contain ("This field is required")
+      }
+    }
+
+    // POST /pubmodel
+    "addPublisherModel" should {
+      "as an unauthenticated User redirects to login" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        val action = route(FakeRequest(POST, "/pubmodel")).get
+        redirectLocation(action) must beSome.which(_ == "/login")
+      }
+
+      "as an analyst redirects to error" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("analyst")
+        val action = route(FakeRequest(POST, "/pubmodel")).get
+        redirectLocation(action) must beNone
+        contentAsString(action) must contain ("Reason: You are not authorized")
+      }
+
+      "as an admin is allowed" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("sysadmin")
+        val action = route(FakeRequest(POST, "/pubmodel")).get
+        redirectLocation(action) must beNone
+        contentAsString(action) must contain ("This field is required")
+      }
+    }
+
+    // POST /submodel
+    "addSubscriberModel" should {
+      "as an unauthenticated User redirects to login" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        val action = route(FakeRequest(POST, "/submodel")).get
+        redirectLocation(action) must beSome.which(_ == "/login")
+      }
+
+      "as an analyst redirects to error" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("analyst")
+        val action = route(FakeRequest(POST, "/submodel")).get
+        redirectLocation(action) must beNone
+        contentAsString(action) must contain ("Reason: You are not authorized")
+      }
+
+      "as an admin is allowed" in new WithBrowser(
+        app = FakeApplication(additionalConfiguration = inMemoryDatabase())) {
+        create_user("sysadmin")
+        val action = route(FakeRequest(POST, "/submodel")).get
+        redirectLocation(action) must beNone
+        contentAsString(action) must contain ("This field is required")
+      }
+    }
+  }
+}