KG - Update Protocol Authorization Bug(s)

app/controllers/dashboard/protocols_controller.rb

@@ -110,8 +110,7 @@ def create
 
   def edit
     @protocol_type      = @protocol.type
-    protocol_role       = @protocol.project_roles.find_by(identity_id: @user.id)
-    @permission_to_edit = protocol_role.nil? ? false : protocol_role.can_edit?
+    @permission_to_edit = @authorization.nil? ? false : @authorization.can_edit?
 
     @protocol.populate_for_edit
     session[:breadcrumbs].
@@ -131,12 +130,12 @@ def update
     attrs[:start_date]  = Time.strptime(attrs[:start_date], "%m-%d-%Y") if attrs[:start_date]
     attrs[:end_date]    = Time.strptime(attrs[:end_date],   "%m-%d-%Y") if attrs[:end_date]
 
-    protocol_role       = @protocol.project_roles.find_by(identity_id: @user.id)
+    permission_to_edit  = @authorization.present? ? @authorization.can_edit? : false
 
     # admin is not able to activate study_type_question_group
-    if @admin && protocol_role.nil? && @protocol.update_attributes(attrs)
+    if !permission_to_edit && @protocol.update_attributes(attrs)
       flash[:success] = "#{@protocol.type} Updated!"
-    elsif (!@admin || @admin && !protocol_role.nil? && protocol_role.can_edit?) && @protocol.update_attributes(attrs.merge(study_type_question_group_id: StudyTypeQuestionGroup.active_id))
+    elsif permission_to_edit && @protocol.update_attributes(attrs.merge(study_type_question_group_id: StudyTypeQuestionGroup.active_id))
       flash[:success] = "#{@protocol.type} Updated!"
     else
       @errors = @protocol.errors

spec/controllers/dashboard/protocols/get_edit_spec.rb

@@ -54,26 +54,26 @@
       end
     end
 
-    context 'user has Admin access' do
-      context 'user not authorized to view Protocol' do
-        before :each do
-          @logged_in_user = create(:identity)
-          @protocol       = create(:protocol_without_validations, type: 'Project')
+    context 'user does not have Admin access nor a valid project role' do
+      before :each do
+        @logged_in_user = create(:identity)
+        @protocol       = create(:protocol_without_validations, type: 'Project')
 
-          log_in_dashboard_identity(obj: @logged_in_user)
-
-          get :edit, id: @protocol.id
-        end
+        log_in_dashboard_identity(obj: @logged_in_user)
 
-        it 'should set @admin to false' do
-          expect(assigns(:admin)).to eq(false)
-        end
+        get :edit, id: @protocol.id
+      end
 
-        it { is_expected.to respond_with :ok }
-        it { is_expected.to render_template "service_requests/_authorization_error" }
+      it 'should set @admin to false' do
+        expect(assigns(:admin)).to eq(false)
       end
 
-      context 'user authorized to view Protocol as Super User' do
+      it { is_expected.to respond_with :ok }
+      it { is_expected.to render_template "service_requests/_authorization_error" }
+    end
+
+    context 'user has Admin access but not a valid project role' do
+      context 'user authorized to edit Protocol as Super User' do
         before :each do
           @logged_in_user = create(:identity)
           @protocol       = create(:protocol_without_validations, type: 'Project')
@@ -94,7 +94,7 @@
         it { is_expected.to respond_with :ok }
       end
 
-      context 'user authorized to view Protocol as Service Provider' do
+      context 'user authorized to edit Protocol as Service Provider' do
         before :each do
           @logged_in_user = create(:identity)
           @protocol       = create(:protocol_without_validations, type: 'Project')

spec/controllers/dashboard/protocols/put_update_spec.rb

@@ -81,26 +81,26 @@
       end
     end
 
-    context 'user has Admin access' do
-      context 'user not authorized to view Protocol' do
-        before :each do
-          @logged_in_user = create(:identity)
-          @protocol       = create(:protocol_without_validations, type: 'Project')
-
-          log_in_dashboard_identity(obj: @logged_in_user)
+    context 'user does not have Admin access nor a valid project role' do
+      before :each do
+        @logged_in_user = create(:identity)
+        @protocol       = create(:protocol_without_validations, type: 'Project')
 
-          xhr :get, :update, id: @protocol.id
-        end
+        log_in_dashboard_identity(obj: @logged_in_user)
 
-        it 'should set @admin to false' do
-          expect(assigns(:admin)).to eq(false)
-        end
+        xhr :get, :update, id: @protocol.id
+      end
 
-        it { is_expected.to respond_with :ok }
-        it { is_expected.to render_template "service_requests/_authorization_error" }
+      it 'should set @admin to false' do
+        expect(assigns(:admin)).to eq(false)
       end
 
-      context 'user authorized to view Protocol as Super User' do
+      it { is_expected.to respond_with :ok }
+      it { is_expected.to render_template "service_requests/_authorization_error" }
+    end
+
+    context 'user has Admin access but not a valid project role' do
+      context 'user authorized to edit Protocol as Super User' do
         before :each do
           @logged_in_user = create(:identity)
           @protocol       = create(:protocol_without_validations, type: 'Project')
@@ -111,7 +111,7 @@
 
           log_in_dashboard_identity(obj: @logged_in_user)
 
-          xhr :get, :update, id: @protocol.id
+          xhr :get, :update, id: @protocol.id, protocol: { title: "some value" }
         end
 
         it 'should set @admin to true' do
@@ -121,7 +121,7 @@
         it { is_expected.to respond_with :ok }
       end
 
-      context 'user authorized to view Protocol as Service Provider' do
+      context 'user authorized to edit Protocol as Service Provider' do
         before :each do
           @logged_in_user = create(:identity)
           @protocol       = create(:protocol_without_validations, type: 'Project')
@@ -132,7 +132,7 @@
 
           log_in_dashboard_identity(obj: @logged_in_user)
 
-          xhr :get, :update, id: @protocol.id
+          xhr :get, :update, id: @protocol.id, protocol: { title: "some value" }
         end
 
         it 'should set @admin to true' do