Skip to content

Commit

Permalink
Merge pull request #440 from sparc-request/kg-admin_update_protocol_bug
Browse files Browse the repository at this point in the history 
KG - Update Protocol Authorization Bug(s)
  • Loading branch information
@jleonardw9
jleonardw9 committed Jun 1, 2016
2 parents 61ebe24 + e5756f9 commit a6d5ce6
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 39 deletions.
9 changes: 4 additions & 5 deletions app/controllers/dashboard/protocols_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,8 +111,7 @@ def create

def edit
@protocol_type = @protocol.type
protocol_role = @protocol.project_roles.find_by(identity_id: @user.id)
@permission_to_edit = protocol_role.nil? ? false : protocol_role.can_edit?
@permission_to_edit = @authorization.nil? ? false : @authorization.can_edit?

@protocol.populate_for_edit
session[:breadcrumbs].
Expand All @@ -132,12 +131,12 @@ def update
attrs[:start_date] = Time.strptime(attrs[:start_date], "%m-%d-%Y") if attrs[:start_date]
attrs[:end_date] = Time.strptime(attrs[:end_date], "%m-%d-%Y") if attrs[:end_date]

protocol_role = @protocol.project_roles.find_by(identity_id: @user.id)
permission_to_edit = @authorization.present? ? @authorization.can_edit? : false

# admin is not able to activate study_type_question_group
if @admin && protocol_role.nil? && @protocol.update_attributes(attrs)
if !permission_to_edit && @protocol.update_attributes(attrs)
flash[:success] = "#{@protocol.type} Updated!"
elsif (!@admin || @admin && !protocol_role.nil? && protocol_role.can_edit?) && @protocol.update_attributes(attrs.merge(study_type_question_group_id: StudyTypeQuestionGroup.active_id))
elsif permission_to_edit && @protocol.update_attributes(attrs.merge(study_type_question_group_id: StudyTypeQuestionGroup.active_id))
flash[:success] = "#{@protocol.type} Updated!"
else
@errors = @protocol.errors
Expand Down
32 changes: 16 additions & 16 deletions spec/controllers/dashboard/protocols/get_edit_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,26 +54,26 @@
end
end

context 'user has Admin access' do
context 'user not authorized to view Protocol' do
before :each do
@logged_in_user = create(:identity)
@protocol = create(:protocol_without_validations, type: 'Project')
context 'user does not have Admin access nor a valid project role' do
before :each do
@logged_in_user = create(:identity)
@protocol = create(:protocol_without_validations, type: 'Project')

log_in_dashboard_identity(obj: @logged_in_user)

get :edit, id: @protocol.id
end
log_in_dashboard_identity(obj: @logged_in_user)

it 'should set @admin to false' do
expect(assigns(:admin)).to eq(false)
end
get :edit, id: @protocol.id
end

it { is_expected.to respond_with :ok }
it { is_expected.to render_template "service_requests/_authorization_error" }
it 'should set @admin to false' do
expect(assigns(:admin)).to eq(false)
end

context 'user authorized to view Protocol as Super User' do
it { is_expected.to respond_with :ok }
it { is_expected.to render_template "service_requests/_authorization_error" }
end

context 'user has Admin access but not a valid project role' do
context 'user authorized to edit Protocol as Super User' do
before :each do
@logged_in_user = create(:identity)
@protocol = create(:protocol_without_validations, type: 'Project')
Expand All @@ -94,7 +94,7 @@
it { is_expected.to respond_with :ok }
end

context 'user authorized to view Protocol as Service Provider' do
context 'user authorized to edit Protocol as Service Provider' do
before :each do
@logged_in_user = create(:identity)
@protocol = create(:protocol_without_validations, type: 'Project')
Expand Down
36 changes: 18 additions & 18 deletions spec/controllers/dashboard/protocols/put_update_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,26 +81,26 @@
end
end

context 'user has Admin access' do
context 'user not authorized to view Protocol' do
before :each do
@logged_in_user = create(:identity)
@protocol = create(:protocol_without_validations, type: 'Project')

log_in_dashboard_identity(obj: @logged_in_user)
context 'user does not have Admin access nor a valid project role' do
before :each do
@logged_in_user = create(:identity)
@protocol = create(:protocol_without_validations, type: 'Project')

xhr :get, :update, id: @protocol.id
end
log_in_dashboard_identity(obj: @logged_in_user)

it 'should set @admin to false' do
expect(assigns(:admin)).to eq(false)
end
xhr :get, :update, id: @protocol.id
end

it { is_expected.to respond_with :ok }
it { is_expected.to render_template "service_requests/_authorization_error" }
it 'should set @admin to false' do
expect(assigns(:admin)).to eq(false)
end

context 'user authorized to view Protocol as Super User' do
it { is_expected.to respond_with :ok }
it { is_expected.to render_template "service_requests/_authorization_error" }
end

context 'user has Admin access but not a valid project role' do
context 'user authorized to edit Protocol as Super User' do
before :each do
@logged_in_user = create(:identity)
@protocol = create(:protocol_without_validations, type: 'Project')
Expand All @@ -111,7 +111,7 @@

log_in_dashboard_identity(obj: @logged_in_user)

xhr :get, :update, id: @protocol.id
xhr :get, :update, id: @protocol.id, protocol: { title: "some value" }
end

it 'should set @admin to true' do
Expand All @@ -121,7 +121,7 @@
it { is_expected.to respond_with :ok }
end

context 'user authorized to view Protocol as Service Provider' do
context 'user authorized to edit Protocol as Service Provider' do
before :each do
@logged_in_user = create(:identity)
@protocol = create(:protocol_without_validations, type: 'Project')
Expand All @@ -132,7 +132,7 @@

log_in_dashboard_identity(obj: @logged_in_user)

xhr :get, :update, id: @protocol.id
xhr :get, :update, id: @protocol.id, protocol: { title: "some value" }
end

it 'should set @admin to true' do
Expand Down

0 comments on commit a6d5ce6

Please sign in to comment.