-
Notifications
You must be signed in to change notification settings - Fork 63
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
allow deletion of contact email addresses for exhibits
* contact_email_controller.rb: new controller exposing ContactEmail#destroy * _contact.html.erb: add link to delete command and initially hidden span for contact email delete err msg. move contact id hidden field inside contact div so that it gets deleted with the other contact form field stuff. * _form.html.erb: pass exhibit into contact partial. * _confirmation_status.html.erb: move column spacing out of this partial and into _contact.html.erb. * exhibits.js: listeners for contact email delete ajax events, remove contact email delete functionality when copying the first contact email field for adding blanks to the list. * spotlight.en.yml: confirmation and error message content. * routes.rb: contact email deletion route. * ability.rb: allow exhibit admins to manage contact email addresses * contact_email_controller_spec.rb, contact_emails.rb, administration_spec.rb: tests for contact email deletion
- Loading branch information
1 parent
46ae30d
commit 690d4cb
Showing
11 changed files
with
203 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
module Spotlight | ||
## | ||
# CRUD actions for exhibit contact emails | ||
class ContactEmailController < Spotlight::ApplicationController | ||
rescue_from ActiveRecord::RecordNotFound, with: :record_not_found | ||
|
||
before_action :authenticate_user! | ||
load_and_authorize_resource :exhibit, class: 'Spotlight::Exhibit' | ||
load_and_authorize_resource through: :exhibit | ||
|
||
def destroy | ||
@contact_email.destroy | ||
render json: { success: true, error: nil } | ||
end | ||
|
||
private | ||
|
||
def record_not_found(_error) | ||
render json: { success: false, error: 'Not Found' }, status: :not_found | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,20 @@ | ||
<%= contact.hidden_field :id %> | ||
<div class="row contact"> | ||
<%= contact.hidden_field :id %> | ||
<div class="col-md-8<%= ' has-error' if contact.object.errors[:email].present? %>"> | ||
<%= text_field_tag "#{contact.object_name}[email]", contact.object.email, class: 'exhibit-contact form-control' %> | ||
<% if contact.object.errors[:email].present? %> | ||
<span class="help-block"><%=contact.object.errors[:email].join(", ".html_safe) %></span> | ||
<% end %> | ||
<p> | ||
<span class="contact-email-delete-error text-danger callout-danger" style="display: none;"><%= t('.email_delete_error') %> <span class="error-msg"></span></span> | ||
</p> | ||
</div> | ||
<div class="col-md-4"> | ||
<% if contact.object.id %> | ||
<span class="contact-email-delete-wrapper"> | ||
<%= link_to "<span class=\"btn-xs btn-danger\">#{t('.email_delete_button')}</span>".html_safe, exhibit_contact_email_path(exhibit_id: exhibit.id, id: contact.object.id), class: 'contact-email-delete', method: :delete, data: { confirm: t('.email_delete_confirmation'), remote: true } %> | ||
</span> | ||
<% end %> | ||
<%= render partial: 'confirmation_status', locals: {contact_email: contact.object} unless contact.object.new_record? %> | ||
</div> | ||
<%= render partial: 'confirmation_status', locals: {contact_email: contact.object} unless contact.object.new_record? %> | ||
</div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
63 changes: 63 additions & 0 deletions
63
spec/controllers/spotlight/contact_email_controller_spec.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
describe Spotlight::ContactEmailController, type: :controller do | ||
routes { Spotlight::Engine.routes } | ||
let(:contact_email) { FactoryGirl.create(:contact_email) } | ||
|
||
context 'when not logged in' do | ||
describe 'DELETE destroy' do | ||
it 'redirects to the login page' do | ||
# note about odd behavior: it was discovered in testing that if format: :json is explicitly specified here, the user is redirected | ||
# to login on rails 4, but gets a 401 on rails 5. we suspect differing CanCan behavior, but didn't investigate in depth. | ||
delete :destroy, params: { id: contact_email, exhibit_id: contact_email.exhibit } | ||
# custom logic in ApplicationController redirects user to app login page on CanCan::AccessDenied if user can't read current exhibit | ||
expect(response).to redirect_to main_app.new_user_session_path | ||
end | ||
end | ||
end | ||
|
||
context 'when logged in' do | ||
before { sign_in user } | ||
|
||
context 'as a visitor' do | ||
let(:user) { FactoryGirl.create(:exhibit_visitor) } | ||
|
||
describe 'DELETE destroy' do | ||
it 'redirects to the home page' do | ||
delete :destroy, params: { id: contact_email, exhibit_id: contact_email.exhibit } | ||
# custom logic in ApplicationController redirects user to app root on CanCan::AccessDenied if user's allowed to view current exhibit | ||
expect(response).to redirect_to main_app.root_path | ||
end | ||
end | ||
end | ||
|
||
context 'as an exhibit curator' do | ||
let(:user) { FactoryGirl.create(:exhibit_curator, exhibit: contact_email.exhibit) } | ||
|
||
describe 'DELETE destroy' do | ||
it 'redirects to the home page' do | ||
delete :destroy, params: { id: contact_email, exhibit_id: contact_email.exhibit } | ||
# custom logic in ApplicationController redirects user to app root on CanCan::AccessDenied if user's allowed to view current exhibit | ||
expect(response).to redirect_to main_app.root_path | ||
end | ||
end | ||
end | ||
|
||
context 'as an exhibit admin' do | ||
let(:user) { FactoryGirl.create(:exhibit_admin, exhibit: contact_email.exhibit) } | ||
|
||
describe 'DELETE destroy' do | ||
it 'is successful when the record exists' do | ||
delete :destroy, params: { id: contact_email, exhibit_id: contact_email.exhibit } | ||
expect(response).to be_successful | ||
expect(JSON.parse(response.body)).to eq('success' => true, 'error' => nil) | ||
end | ||
|
||
it 'gives a 404 with appropriate message when the record no longer exists' do | ||
contact_email.destroy | ||
delete :destroy, params: { id: contact_email, exhibit_id: contact_email.exhibit } | ||
expect(response.status).to eq 404 | ||
expect(JSON.parse(response.body)).to eq('success' => false, 'error' => 'Not Found') | ||
end | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
FactoryGirl.define do | ||
factory :contact_email, class: Spotlight::ContactEmail do | ||
email 'exhibit_contact@example.com' | ||
exhibit | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters