Mange inventory-pools, roles, and suspensions

.gitignore

@@ -2,11 +2,12 @@
 .lein-failures
 .lein-repl-history
 .nrepl-port
+/.DS_Store
 /.sass-cache
+/leihs-ui.tgz
 /log
 /target
 /tmp
 figwheel_server.log
-resources/all/public/admin/build-timestamp.txt
-/leihs-ui.tgz
 profiles.clj
+resources/all/public/admin/build-timestamp.txt

README.md

@@ -100,7 +100,7 @@ changes so far:
 TODOs
 -----
 
-* Add constraint: account_enabeled requires non null email 
+* Add constraint: account_enabeled requires non null email
 * try to fix text-warning visibility problem with css
 
 ### External and PM
@@ -146,7 +146,7 @@ Last two, can come later. The other have interdependencies in some way.
 For ZHdK and also proof of concept.
 
 
-# ZAPI 
+# ZAPI
 
 ## Example
 
@@ -191,7 +191,7 @@ WIDbg6hFVPYzghyDUi4tH1jk03AIgt1TpuBbsO84ydPPsKoPiFXqMAg/
 
 ## LDAP
 
-### Security 
+### Security
 
 Writing a secure LDAP authentication is not simple!
 
@@ -205,7 +205,7 @@ OWASP Recommendation
 > can be to simply attempt an LDAP bind as the user that is trying to
 > authenticate, using the password provided by the user. This process often
 > does not require the use of LDAP filter expressions and avoids the risk of
-> search filter injection. 
+> search filter injection.
 
 https://www.owasp.org/index.php/Projects/OWASP_Framework_Security_Project/Secure_LDAP_API_Standard#Documents_LDAP_Bind_Authentication_Without_Filter_Queries
 

spec/factories/inventory_pool.rb

@@ -0,0 +1,13 @@
+class InventoryPool < Sequel::Model(:inventory_pools)
+end
+
+FactoryBot.define do
+  factory :inventory_pool do
+    name { Faker::Company.name }
+    email { Faker::Internet.email }
+
+    after :build do |inventory_pool|
+      inventory_pool.shortname = inventory_pool.name.split(" ").map(&:first).join
+    end
+  end
+end

spec/features/inventory-pools/add_spec.rb

@@ -0,0 +1,53 @@
+require 'spec_helper'
+require 'pry'
+
+feature 'Manage inventory-pools', type: :feature do
+
+  context 'an admin user' do
+
+    before :each do
+      @admin = FactoryBot.create :admin
+      sign_in_as @admin
+    end
+
+    let(:name) { Faker::Company.name}
+    let(:description) { Faker::Markdown.sandwich }
+    let(:shortname) { Faker::Name.initials }
+    let(:email) { Faker::Internet.email }
+
+    scenario 'adding a new inventory-pool ' do
+
+      visit '/admin/'
+      click_on 'Inventory-Pools'
+      click_on 'Add'
+      fill_in 'name', with: name
+      fill_in 'description', with: description
+      fill_in 'shortname', with: shortname
+      fill_in 'email', with: email
+      check 'is_active'
+
+      click_on 'Add'
+
+      wait_until { current_path.match "^\/admin\/inventory-pools\/.+" }
+
+      @inventory_pool_path = current_path
+      @inventory_pool_id = current_path.match(/.*\/([^\/]+)/)[1]
+
+      expect(page).to have_content name
+      expect(page).to have_content shortname
+      expect(page).to have_content email
+      expect(page).to have_content description
+
+      # The inventory pools path includes the newly created inventory pool and
+      # we can get to it via clicking its name
+      click_on "Inventory-Pools"
+      wait_until { current_path == "/admin/inventory-pools/" }
+      expect(page).to have_content name
+      click_on name
+      wait_until { current_path == @inventory_pool_path }
+
+    end
+
+  end
+
+end

spec/features/inventory-pools/delete_spec.rb

@@ -0,0 +1,38 @@
+require 'spec_helper'
+require 'pry'
+
+
+feature 'Manage inventory-pools', type: :feature do
+
+  context ' an admin and several pools ' do
+
+    before :each do
+      @admin = FactoryBot.create :admin
+      @pools = 10.times.map { FactoryBot.create :inventory_pool }
+      sign_in_as @admin
+    end
+
+    scenario 'deleting an inventory pool' do
+
+      visit '/admin/'
+      click_on 'Inventory-Pools'
+
+      @pools.each { |pool| expect(page).to have_content pool.name }
+
+      click_on @pools.first.name
+      @inventory_pool_path = current_path
+
+      click_on 'Delete' # delete page
+      click_on 'Delete' # submit / confirm
+
+      wait_until { current_path ==  "/admin/inventory-pools/" }
+
+      @pools.drop(1).each { |pool| expect(page).to have_content pool.name }
+
+      expect(page).not_to have_content @pools.first.name
+
+    end
+
+  end
+
+end

spec/features/inventory-pools/edit_spec.rb

@@ -0,0 +1,51 @@
+require 'spec_helper'
+require 'pry'
+
+
+feature 'Manage inventory-pools', type: :feature do
+
+  context ' an admin and several pools ' do
+
+    before :each do
+      @admin = FactoryBot.create :admin
+      @pools = 10.times.map { FactoryBot.create :inventory_pool }
+      sign_in_as @admin
+    end
+
+    scenario 'edit an inventory pool' do
+
+      visit '/admin/'
+      click_on 'Inventory-Pools'
+
+      @pools.each { |pool| expect(page).to have_content pool.name }
+
+      click_on @pools.first.name
+      @inventory_pool_path = current_path
+
+      click_on 'Edit'
+
+      fill_in 'name', with: 'The New Name'
+      fill_in 'description', with: 'Foo Bar Baz'
+      fill_in 'shortname', with: 'TNN'
+      fill_in 'email', with: 'new-name@example.com'
+      uncheck 'is_active'
+
+      click_on 'Save'
+
+      wait_until {current_path == @inventory_pool_path}
+
+      expect(page).to have_content 'The New Name'
+      expect(page).to have_content 'Foo Bar Baz'
+      expect(page).to have_content 'TNN'
+      expect(page).to have_content 'new-name@example.com'
+
+      click_on 'Inventory-Pools'
+      wait_until { current_path ==  "/admin/inventory-pools/" }
+      expect(page).to have_content 'The New Name'
+
+    end
+
+  end
+
+end
+

spec/features/inventory-pools/users/roles_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+require 'pry'
+
+
+
+feature 'Manage inventory-pool users ', type: :feature do
+
+  context ' an admin, a pool, and  several users ' do
+
+    before :each do
+      @admin = FactoryBot.create :admin
+      @pool =  FactoryBot.create :inventory_pool
+      @users = 10.times.map{ FactoryBot.create :user }
+      sign_in_as @admin
+    end
+
+    scenario ' managing roles of a user' do
+
+      visit "/admin/inventory-pools/#{@pool.id}"
+      click_on "Users"
+      fill_in 'users-search-term', with: @users.first.lastname
+      wait_until { all("table.users tbody tr").count == 1 }
+      expect(page.find("table.users")).not_to have_content "customer"
+      expect(page.find("table.users")).not_to have_content "inventory_manager"
+      click_on "none"
+      @user_overview_page = current_path
+
+      click_on "Direct Roles"
+      check "customer"
+      click_on "Save"
+      wait_until { current_path == @user_overview_page }
+      click_on "Manage Direct Roles"
+      check "inventory_manager"
+      click_on "Save"
+
+      click_on "Users"
+      visit current_path # force full reload to make sure we not only see a fiction of the SPA
+      # test filtering by role:
+      select 'inventory_manager', from: 'Role'
+      wait_until { all("table.users tbody tr").count == 1 }
+      # the following also tests the current hierarchy within roles and will
+      # break once we change that
+      expect(page.find("table.users")).to have_content "customer"
+      expect(page.find("table.users")).to have_content "group_manager"
+      expect(page.find("table.users")).to have_content "lending_manager"
+      expect(page.find("table.users")).to have_content "inventory_manager"
+
+    end
+  end
+end
+
+
+
+
+

spec/features/inventory-pools/users/suspension_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+require 'pry'
+
+
+feature 'Manage inventory-pool users ', type: :feature do
+
+  context ' an admin, a pool, and  several users ' do
+
+    before :each do
+      @admin = FactoryBot.create :admin
+      @pool =  FactoryBot.create :inventory_pool
+      @users = 10.times.map{ FactoryBot.create :user }
+      sign_in_as @admin
+    end
+
+    scenario ' managing the suspension of a user' do
+
+      visit "/admin/inventory-pools/#{@pool.id}"
+      click_on "Users"
+      fill_in 'users-search-term', with: @users.first.lastname
+      wait_until { all("table.users tbody tr").count == 1 }
+      click_on "unsuspended"
+      @user_overview_page = current_path
+
+      click_on "Suspension"
+      fill_in 'suspended_until', with: Date.today.iso8601
+      fill_in 'suspended_reason', with: 'Some reason'
+      click_on 'Save'
+      wait_until {current_path == @user_overview_page}
+      expect(page).to have_content 'is suspended'
+
+      # remove suspension
+      click_on 'Remove Suspension'
+      expect(page).to have_content 'Not suspended'
+
+
+      click_on 'Manage Suspension'
+      fill_in 'suspended_until', with: (Date.today + 100.years).iso8601
+      click_on 'Save'
+      click_on 'Users'
+      check "Suspended"
+      wait_until { all("table.users tbody tr").count == 1 }
+      expect(page.find("table.users")).to have_content 'forever'
+
+    end
+  end
+end
+
+
+
+
+

src/all/leihs/admin/front/breadcrumbs.cljs

@@ -1,5 +1,4 @@
-(ns leihs.admin.front.breadcrumbs
-  (:refer-clojure :exclude [str keyword])
+(ns leihs.admin.front.breadcrumbs (:refer-clojure :exclude [str keyword])
   (:require
     [leihs.core.breadcrumbs :as core-breadcrumbs]
     [leihs.core.core :refer [keyword str presence]]
@@ -29,16 +28,22 @@
 (defn delegations-li [] (li :delegations [:span icons/delegations " Delegations "]))
 
 
+(defn group-add-li [] (li :group-add [:span [:i.fas.fa-plus-circle] " Add group "]))
 (defn group-delete-li [id] (li :group-delete [:span [:i.fas.fa-times] " Delete "] {:group-id id} {}))
 (defn group-edit-li [id] (li :group-edit [:span [:i.fas.fa-edit] " Edit "] {:group-id id} {}))
 (defn group-li [id] (li :group [:span icons/group " Group "] {:group-id id} {}))
-(defn group-add-li [] (li :group-add [:span [:i.fas.fa-plus-circle] " Add group "]))
+(defn group-users-li [group-id] (li :group-users [:span icons/users " Users "] {:group-id group-id} {}))
 (defn groups-li [] (li :groups [:span icons/groups " Groups "] {} {}))
-(defn group-users-li [group-id]
-  (li :group-users
-      [:span icons/users " Users "]
-      {:group-id group-id} {}))
 
+(defn inventory-pool-add-li [] (li :inventory-pool-add [:span [:i.fas.fa-plus-circle] " Add Inventory-Pool "]))
+(defn inventory-pool-delete-li [id] (li :inventory-pool-delete [:span [:i.fas.fa-times] " Delete "] {:inventory-pool-id id} {}))
+(defn inventory-pool-edit-li [id] (li :inventory-pool-edit [:span [:i.fas.fa-edit] " Edit "] {:inventory-pool-id id} {}))
+(defn inventory-pool-li [id] (li :inventory-pool [:span icons/inventory-pool " Inventory-Pool "] {:inventory-pool-id id} {}))
+(defn inventory-pool-users-li [inventory-pool-id] (li :inventory-pool-users [:span icons/users " Users "] {:inventory-pool-id inventory-pool-id} {}))
+(defn inventory-pool-user-li [inventory-pool-id user-id] (li :inventory-pool-user [:span icons/user " User "] {:inventory-pool-id inventory-pool-id :user-id user-id} {}))
+(defn inventory-pool-user-roles-li [inventory-pool-id user-id] (li :inventory-pool-user-roles [:span icons/edit " Manage Direct Roles "] {:inventory-pool-id inventory-pool-id :user-id user-id} {}))
+(defn inventory-pool-user-suspension-li [inventory-pool-id user-id] (li :inventory-pool-user-suspension [:span icons/edit " Manage Suspension"] {:inventory-pool-id inventory-pool-id :user-id user-id} {}))
+(defn inventory-pools-li [] (li :inventory-pools [:span icons/inventory-pools " Inventory-Pools "]))
 
 (defn email-li [address] [:li.breadcrumb-item {:key (str "mailto:" address )} [:a {:href (str "mailto:" address )} [:i.fas.fa-envelope] " Email "]])
 (defn leihs-li [] (li :home [:span icons/home " Home "]))