Make fixity dashboard viewable only by admins, fixes #899

pulibrary · Mar 13, 2018 · aec7cb7 · aec7cb7
1 parent 45f2afc
commit aec7cb7
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 9 deletions.
diff --git a/app/controllers/fixity_dashboard_controller.rb b/app/controllers/fixity_dashboard_controller.rb
@@ -6,6 +6,7 @@ def show
     @failures = query_service.custom_queries.find_fixity_failures.map(&:decorate)
     @recents = query_service.custom_queries.file_sets_sorted_by_updated(sort: 'desc', limit: 10).map(&:decorate)
     @upcoming = query_service.custom_queries.file_sets_sorted_by_updated(limit: 20).map(&:decorate)
+    authorize! :read, :fixity
   end
 
   def metadata_adapter

diff --git a/app/views/catalog/_fixity_dashboard_home.html.erb b/app/views/catalog/_fixity_dashboard_home.html.erb
@@ -1,12 +1,14 @@
-<div class="row">
-  <div class="col-md-12">
-    <div class="panel panel-fixity panel-classify-work">
-      <div class="panel-heading">Fixity</div>
-      <div class="panel-body">
-        <ul>
-          <li><%= link_to 'Fixity Dashboard', fixity_dashboard_path %></li>
-        </ul>
+<% if can?(:read, :fixity) %>
+  <div class="row">
+    <div class="col-md-12">
+      <div class="panel panel-fixity panel-classify-work">
+        <div class="panel-heading">Fixity</div>
+        <div class="panel-body">
+          <ul>
+            <li><%= link_to 'Fixity Dashboard', fixity_dashboard_path %></li>
+          </ul>
+        </div>
       </div>
     </div>
   </div>
-</div>
+<% end %>
diff --git a/spec/controllers/fixity_dashboard_controller_spec.rb b/spec/controllers/fixity_dashboard_controller_spec.rb
@@ -29,6 +29,11 @@
   end
 
   describe "GET #show" do
+    let(:user) { FactoryBot.create(:admin) }
+    before do
+      sign_in user if user
+    end
+
     it "returns http success" do
       get :show
       expect(response).to have_http_status(:success)
@@ -58,5 +63,14 @@
         expect(assigns[:upcoming].size).to eq 3
       end
     end
+
+    context "for non-admin users" do
+      let(:user) { nil }
+
+      it "prevents viewing" do
+        get :show
+        expect(response).to be_redirect
+      end
+    end
   end
 end
diff --git a/spec/views/catalog/_home_text.html.erb_spec.rb b/spec/views/catalog/_home_text.html.erb_spec.rb
@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+require 'rails_helper'
+
+RSpec.describe "catalog/_home_text.html.erb" do
+  before do
+    sign_in user if user
+    render
+  end
+
+  context "when the user is an admin" do
+    let(:user) { FactoryBot.create(:admin) }
+
+    it 'has a link to the fixity dashboard' do
+      expect(rendered).to have_link 'Fixity Dashboard'
+    end
+  end
+
+  context "when the user is not an admin" do
+    let(:user) { FactoryBot.create(:curator) }
+
+    it 'does not have a link to the fixity dashboard' do
+      expect(rendered).not_to have_link 'Fixity Dashboard'
+    end
+  end
+end