Skip to content

Commit

Permalink
Mange inventory-pools, roles, and suspensions
Browse files Browse the repository at this point in the history
  • Loading branch information
DrTom committed Jan 22, 2020
1 parent 86dff8f commit 5a83585
Show file tree
Hide file tree
Showing 43 changed files with 2,122 additions and 79 deletions.
5 changes: 3 additions & 2 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@
.lein-failures
.lein-repl-history
.nrepl-port
/.DS_Store
/.sass-cache
/leihs-ui.tgz
/log
/target
/tmp
figwheel_server.log
resources/all/public/admin/build-timestamp.txt
/leihs-ui.tgz
profiles.clj
resources/all/public/admin/build-timestamp.txt
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ changes so far:
TODOs
-----

* Add constraint: account_enabeled requires non null email
* Add constraint: account_enabeled requires non null email
* try to fix text-warning visibility problem with css

### External and PM
Expand Down Expand Up @@ -146,7 +146,7 @@ Last two, can come later. The other have interdependencies in some way.
For ZHdK and also proof of concept.


# ZAPI
# ZAPI

## Example

Expand Down Expand Up @@ -191,7 +191,7 @@ WIDbg6hFVPYzghyDUi4tH1jk03AIgt1TpuBbsO84ydPPsKoPiFXqMAg/

## LDAP

### Security
### Security

Writing a secure LDAP authentication is not simple!

Expand All @@ -205,7 +205,7 @@ OWASP Recommendation
> can be to simply attempt an LDAP bind as the user that is trying to
> authenticate, using the password provided by the user. This process often
> does not require the use of LDAP filter expressions and avoids the risk of
> search filter injection.
> search filter injection.
https://www.owasp.org/index.php/Projects/OWASP_Framework_Security_Project/Secure_LDAP_API_Standard#Documents_LDAP_Bind_Authentication_Without_Filter_Queries

Expand Down
2 changes: 1 addition & 1 deletion database
13 changes: 13 additions & 0 deletions spec/factories/inventory_pool.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
class InventoryPool < Sequel::Model(:inventory_pools)
end

FactoryBot.define do
factory :inventory_pool do
name { Faker::Company.name }
email { Faker::Internet.email }

after :build do |inventory_pool|
inventory_pool.shortname = inventory_pool.name.split(" ").map(&:first).join
end
end
end
53 changes: 53 additions & 0 deletions spec/features/inventory-pools/add_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
require 'spec_helper'
require 'pry'

feature 'Manage inventory-pools', type: :feature do

context 'an admin user' do

before :each do
@admin = FactoryBot.create :admin
sign_in_as @admin
end

let(:name) { Faker::Company.name}
let(:description) { Faker::Markdown.sandwich }
let(:shortname) { Faker::Name.initials }
let(:email) { Faker::Internet.email }

scenario 'adding a new inventory-pool ' do

visit '/admin/'
click_on 'Inventory-Pools'
click_on 'Add'
fill_in 'name', with: name
fill_in 'description', with: description
fill_in 'shortname', with: shortname
fill_in 'email', with: email
check 'is_active'

click_on 'Add'

wait_until { current_path.match "^\/admin\/inventory-pools\/.+" }

@inventory_pool_path = current_path
@inventory_pool_id = current_path.match(/.*\/([^\/]+)/)[1]

expect(page).to have_content name
expect(page).to have_content shortname
expect(page).to have_content email
expect(page).to have_content description

# The inventory pools path includes the newly created inventory pool and
# we can get to it via clicking its name
click_on "Inventory-Pools"
wait_until { current_path == "/admin/inventory-pools/" }
expect(page).to have_content name
click_on name
wait_until { current_path == @inventory_pool_path }

end

end

end
38 changes: 38 additions & 0 deletions spec/features/inventory-pools/delete_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
require 'spec_helper'
require 'pry'


feature 'Manage inventory-pools', type: :feature do

context ' an admin and several pools ' do

before :each do
@admin = FactoryBot.create :admin
@pools = 10.times.map { FactoryBot.create :inventory_pool }
sign_in_as @admin
end

scenario 'deleting an inventory pool' do

visit '/admin/'
click_on 'Inventory-Pools'

@pools.each { |pool| expect(page).to have_content pool.name }

click_on @pools.first.name
@inventory_pool_path = current_path

click_on 'Delete' # delete page
click_on 'Delete' # submit / confirm

wait_until { current_path == "/admin/inventory-pools/" }

@pools.drop(1).each { |pool| expect(page).to have_content pool.name }

expect(page).not_to have_content @pools.first.name

end

end

end
51 changes: 51 additions & 0 deletions spec/features/inventory-pools/edit_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
require 'spec_helper'
require 'pry'


feature 'Manage inventory-pools', type: :feature do

context ' an admin and several pools ' do

before :each do
@admin = FactoryBot.create :admin
@pools = 10.times.map { FactoryBot.create :inventory_pool }
sign_in_as @admin
end

scenario 'edit an inventory pool' do

visit '/admin/'
click_on 'Inventory-Pools'

@pools.each { |pool| expect(page).to have_content pool.name }

click_on @pools.first.name
@inventory_pool_path = current_path

click_on 'Edit'

fill_in 'name', with: 'The New Name'
fill_in 'description', with: 'Foo Bar Baz'
fill_in 'shortname', with: 'TNN'
fill_in 'email', with: 'new-name@example.com'
uncheck 'is_active'

click_on 'Save'

wait_until {current_path == @inventory_pool_path}

expect(page).to have_content 'The New Name'
expect(page).to have_content 'Foo Bar Baz'
expect(page).to have_content 'TNN'
expect(page).to have_content 'new-name@example.com'

click_on 'Inventory-Pools'
wait_until { current_path == "/admin/inventory-pools/" }
expect(page).to have_content 'The New Name'

end

end

end

55 changes: 55 additions & 0 deletions spec/features/inventory-pools/users/roles_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
require 'spec_helper'
require 'pry'



feature 'Manage inventory-pool users ', type: :feature do

context ' an admin, a pool, and several users ' do

before :each do
@admin = FactoryBot.create :admin
@pool = FactoryBot.create :inventory_pool
@users = 10.times.map{ FactoryBot.create :user }
sign_in_as @admin
end

scenario ' managing roles of a user' do

visit "/admin/inventory-pools/#{@pool.id}"
click_on "Users"
fill_in 'users-search-term', with: @users.first.lastname
wait_until { all("table.users tbody tr").count == 1 }
expect(page.find("table.users")).not_to have_content "customer"
expect(page.find("table.users")).not_to have_content "inventory_manager"
click_on "none"
@user_overview_page = current_path

click_on "Direct Roles"
check "customer"
click_on "Save"
wait_until { current_path == @user_overview_page }
click_on "Manage Direct Roles"
check "inventory_manager"
click_on "Save"

click_on "Users"
visit current_path # force full reload to make sure we not only see a fiction of the SPA
# test filtering by role:
select 'inventory_manager', from: 'Role'
wait_until { all("table.users tbody tr").count == 1 }
# the following also tests the current hierarchy within roles and will
# break once we change that
expect(page.find("table.users")).to have_content "customer"
expect(page.find("table.users")).to have_content "group_manager"
expect(page.find("table.users")).to have_content "lending_manager"
expect(page.find("table.users")).to have_content "inventory_manager"

end
end
end





52 changes: 52 additions & 0 deletions spec/features/inventory-pools/users/suspension_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
require 'spec_helper'
require 'pry'


feature 'Manage inventory-pool users ', type: :feature do

context ' an admin, a pool, and several users ' do

before :each do
@admin = FactoryBot.create :admin
@pool = FactoryBot.create :inventory_pool
@users = 10.times.map{ FactoryBot.create :user }
sign_in_as @admin
end

scenario ' managing the suspension of a user' do

visit "/admin/inventory-pools/#{@pool.id}"
click_on "Users"
fill_in 'users-search-term', with: @users.first.lastname
wait_until { all("table.users tbody tr").count == 1 }
click_on "unsuspended"
@user_overview_page = current_path

click_on "Suspension"
fill_in 'suspended_until', with: Date.today.iso8601
fill_in 'suspended_reason', with: 'Some reason'
click_on 'Save'
wait_until {current_path == @user_overview_page}
expect(page).to have_content 'is suspended'

# remove suspension
click_on 'Remove Suspension'
expect(page).to have_content 'Not suspended'


click_on 'Manage Suspension'
fill_in 'suspended_until', with: (Date.today + 100.years).iso8601
click_on 'Save'
click_on 'Users'
check "Suspended"
wait_until { all("table.users tbody tr").count == 1 }
expect(page.find("table.users")).to have_content 'forever'

end
end
end





19 changes: 12 additions & 7 deletions src/all/leihs/admin/front/breadcrumbs.cljs
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
(ns leihs.admin.front.breadcrumbs
(:refer-clojure :exclude [str keyword])
(ns leihs.admin.front.breadcrumbs (:refer-clojure :exclude [str keyword])
(:require
[leihs.core.breadcrumbs :as core-breadcrumbs]
[leihs.core.core :refer [keyword str presence]]
Expand Down Expand Up @@ -29,16 +28,22 @@
(defn delegations-li [] (li :delegations [:span icons/delegations " Delegations "]))


(defn group-add-li [] (li :group-add [:span [:i.fas.fa-plus-circle] " Add group "]))
(defn group-delete-li [id] (li :group-delete [:span [:i.fas.fa-times] " Delete "] {:group-id id} {}))
(defn group-edit-li [id] (li :group-edit [:span [:i.fas.fa-edit] " Edit "] {:group-id id} {}))
(defn group-li [id] (li :group [:span icons/group " Group "] {:group-id id} {}))
(defn group-add-li [] (li :group-add [:span [:i.fas.fa-plus-circle] " Add group "]))
(defn group-users-li [group-id] (li :group-users [:span icons/users " Users "] {:group-id group-id} {}))
(defn groups-li [] (li :groups [:span icons/groups " Groups "] {} {}))
(defn group-users-li [group-id]
(li :group-users
[:span icons/users " Users "]
{:group-id group-id} {}))

(defn inventory-pool-add-li [] (li :inventory-pool-add [:span [:i.fas.fa-plus-circle] " Add Inventory-Pool "]))
(defn inventory-pool-delete-li [id] (li :inventory-pool-delete [:span [:i.fas.fa-times] " Delete "] {:inventory-pool-id id} {}))
(defn inventory-pool-edit-li [id] (li :inventory-pool-edit [:span [:i.fas.fa-edit] " Edit "] {:inventory-pool-id id} {}))
(defn inventory-pool-li [id] (li :inventory-pool [:span icons/inventory-pool " Inventory-Pool "] {:inventory-pool-id id} {}))
(defn inventory-pool-users-li [inventory-pool-id] (li :inventory-pool-users [:span icons/users " Users "] {:inventory-pool-id inventory-pool-id} {}))
(defn inventory-pool-user-li [inventory-pool-id user-id] (li :inventory-pool-user [:span icons/user " User "] {:inventory-pool-id inventory-pool-id :user-id user-id} {}))
(defn inventory-pool-user-roles-li [inventory-pool-id user-id] (li :inventory-pool-user-roles [:span icons/edit " Manage Direct Roles "] {:inventory-pool-id inventory-pool-id :user-id user-id} {}))
(defn inventory-pool-user-suspension-li [inventory-pool-id user-id] (li :inventory-pool-user-suspension [:span icons/edit " Manage Suspension"] {:inventory-pool-id inventory-pool-id :user-id user-id} {}))
(defn inventory-pools-li [] (li :inventory-pools [:span icons/inventory-pools " Inventory-Pools "]))

(defn email-li [address] [:li.breadcrumb-item {:key (str "mailto:" address )} [:a {:href (str "mailto:" address )} [:i.fas.fa-envelope] " Email "]])
(defn leihs-li [] (li :home [:span icons/home " Home "]))
Expand Down
Loading

0 comments on commit 5a83585

Please sign in to comment.