Merge pull request #570 from sgmap/fix_only_allowed_users_can_create_invitation
When user or gestionnaire has no access to dossier, he cannot create …
This commit is contained in:
commit
2985623bec
2 changed files with 116 additions and 63 deletions
|
@ -5,11 +5,12 @@ class InvitesController < ApplicationController
|
|||
email_sender = @current_devise_profil.email
|
||||
|
||||
class_var = @current_devise_profil.class == User ? InviteUser : InviteGestionnaire
|
||||
dossier = @current_devise_profil.dossiers.find(params[:dossier_id])
|
||||
|
||||
email = params[:email].downcase
|
||||
|
||||
user = User.find_by_email(email)
|
||||
invite = class_var.create(dossier_id: params[:dossier_id], user: user, email: email, email_sender: email_sender)
|
||||
invite = class_var.create(dossier: dossier, user: user, email: email, email_sender: email_sender)
|
||||
|
||||
if invite.valid?
|
||||
InviteMailer.invite_user(invite).deliver_now! unless invite.user.nil?
|
||||
|
|
|
@ -1,102 +1,154 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe InvitesController, type: :controller do
|
||||
let(:dossier) { create(:dossier) }
|
||||
let(:dossier) { create(:dossier, :replied) }
|
||||
let(:email) { 'plop@octo.com' }
|
||||
|
||||
describe '#POST create' do
|
||||
let(:invite) { Invite.last }
|
||||
|
||||
before do
|
||||
sign_in create(:gestionnaire)
|
||||
sign_in signed_in_profile
|
||||
end
|
||||
|
||||
subject { post :create, params: {dossier_id: dossier.id, email: email} }
|
||||
|
||||
it { expect { subject }.to change(InviteGestionnaire, :count).by(1) }
|
||||
context "when gestionnaire is signed_in" do
|
||||
let(:signed_in_profile) { create(:gestionnaire) }
|
||||
|
||||
context 'when is a user who is loged' do
|
||||
before do
|
||||
sign_in create(:user)
|
||||
shared_examples_for "he can not create invitation" do
|
||||
it { expect { subject }.to raise_error(ActiveRecord::RecordNotFound) }
|
||||
it { expect { subject rescue nil }.to change(InviteGestionnaire, :count).by(0) }
|
||||
end
|
||||
|
||||
it { expect { subject }.to change(InviteGestionnaire, :count).by(1) }
|
||||
end
|
||||
|
||||
context 'when email is assign to an user' do
|
||||
let! (:user) { create(:user, email: email) }
|
||||
|
||||
before do
|
||||
subject
|
||||
context 'when gestionnaire has no access to dossier' do
|
||||
it_behaves_like "he can not create invitation"
|
||||
end
|
||||
|
||||
describe 'Invite information' do
|
||||
let(:email) { 'PLIP@octo.com' }
|
||||
let(:invite) { Invite.last }
|
||||
context 'when gestionnaire is invited for avis on dossier' do
|
||||
before { Avis.create(gestionnaire: signed_in_profile, claimant: create(:gestionnaire), dossier: dossier) }
|
||||
|
||||
it 'email is on lower case' do
|
||||
expect(invite.email).to eq 'plip@octo.com'
|
||||
end
|
||||
it_behaves_like "he can not create invitation"
|
||||
end
|
||||
|
||||
it { expect(invite.user).to eq user }
|
||||
it { expect(flash[:notice]).to be_present }
|
||||
end
|
||||
|
||||
context 'when email is not assign to an user' do
|
||||
before do
|
||||
subject
|
||||
end
|
||||
|
||||
it { expect(invite.user).to be_nil }
|
||||
it { expect(flash[:notice]).to be_present }
|
||||
end
|
||||
|
||||
describe 'not an email' do
|
||||
context 'when email is not valid' do
|
||||
let(:email) { 'plip.com' }
|
||||
|
||||
context 'when gestionnaire has access to dossier' do
|
||||
before do
|
||||
subject
|
||||
signed_in_profile.procedures << dossier.procedure
|
||||
end
|
||||
|
||||
it { expect { subject }.not_to change(Invite, :count) }
|
||||
it { expect(flash[:alert]).to be_present }
|
||||
end
|
||||
it { expect { subject }.to change(InviteGestionnaire, :count).by(1) }
|
||||
|
||||
context 'when email is already used' do
|
||||
let!(:invite) { create(:invite, dossier: dossier) }
|
||||
context 'when is a user who is loged' do
|
||||
before do
|
||||
sign_in create(:user)
|
||||
end
|
||||
|
||||
before do
|
||||
subject
|
||||
it { expect { subject }.to change(InviteGestionnaire, :count).by(1) }
|
||||
end
|
||||
|
||||
it { expect { subject }.not_to change(Invite, :count) }
|
||||
it { expect(flash[:alert]).to be_present }
|
||||
context 'when email is assign to an user' do
|
||||
let! (:user) { create(:user, email: email) }
|
||||
|
||||
before do
|
||||
subject
|
||||
end
|
||||
|
||||
describe 'Invite information' do
|
||||
let(:email) { 'PLIP@octo.com' }
|
||||
let(:invite) { Invite.last }
|
||||
|
||||
it 'email is on lower case' do
|
||||
expect(invite.email).to eq 'plip@octo.com'
|
||||
end
|
||||
end
|
||||
|
||||
it { expect(invite.user).to eq user }
|
||||
it { expect(flash[:notice]).to be_present }
|
||||
end
|
||||
|
||||
context 'when email is not assign to an user' do
|
||||
before do
|
||||
subject
|
||||
end
|
||||
|
||||
it { expect(invite.user).to be_nil }
|
||||
it { expect(flash[:notice]).to be_present }
|
||||
end
|
||||
|
||||
describe 'not an email' do
|
||||
context 'when email is not valid' do
|
||||
let(:email) { 'plip.com' }
|
||||
|
||||
before do
|
||||
subject
|
||||
end
|
||||
|
||||
it { expect { subject }.not_to change(Invite, :count) }
|
||||
it { expect(flash[:alert]).to be_present }
|
||||
end
|
||||
|
||||
context 'when email is already used' do
|
||||
let!(:invite) { create(:invite, dossier: dossier) }
|
||||
|
||||
before do
|
||||
subject
|
||||
end
|
||||
|
||||
it { expect { subject }.not_to change(Invite, :count) }
|
||||
it { expect(flash[:alert]).to be_present }
|
||||
end
|
||||
end
|
||||
|
||||
describe 'send invitation email' do
|
||||
context 'when user does not exist' do
|
||||
it 'send email' do
|
||||
expect(InviteMailer).to receive(:invite_guest).and_return(InviteMailer)
|
||||
expect(InviteMailer).to receive(:deliver_now!)
|
||||
|
||||
subject
|
||||
end
|
||||
end
|
||||
|
||||
context 'when user exist' do
|
||||
before do
|
||||
create :user, email: email
|
||||
end
|
||||
|
||||
it 'send email' do
|
||||
expect(InviteMailer).to receive(:invite_user).and_return(InviteMailer)
|
||||
expect(InviteMailer).to receive(:deliver_now!)
|
||||
|
||||
subject
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'send invitation email' do
|
||||
context 'when user does not exist' do
|
||||
it 'send email' do
|
||||
expect(InviteMailer).to receive(:invite_guest).and_return(InviteMailer)
|
||||
expect(InviteMailer).to receive(:deliver_now!)
|
||||
context "when user is signed_in" do
|
||||
let(:signed_in_profile) { create(:user) }
|
||||
|
||||
subject
|
||||
end
|
||||
shared_examples_for "he can not create a invite" do
|
||||
it { expect { subject }.to raise_error(ActiveRecord::RecordNotFound) }
|
||||
it { expect { subject rescue nil }.to change(InviteUser, :count).by(0) }
|
||||
end
|
||||
|
||||
context 'when user exist' do
|
||||
context 'when user has no access to dossier' do
|
||||
it_behaves_like "he can not create a invite"
|
||||
end
|
||||
|
||||
context 'when user is invited on dossier' do
|
||||
before { Invite.create(user: signed_in_profile, email: signed_in_profile.email, dossier: dossier) }
|
||||
|
||||
it_behaves_like "he can not create a invite"
|
||||
end
|
||||
|
||||
context 'when user has access to dossier' do
|
||||
before do
|
||||
create :user, email: email
|
||||
dossier.update_attributes(user: signed_in_profile)
|
||||
end
|
||||
|
||||
it 'send email' do
|
||||
expect(InviteMailer).to receive(:invite_user).and_return(InviteMailer)
|
||||
expect(InviteMailer).to receive(:deliver_now!)
|
||||
|
||||
subject
|
||||
end
|
||||
it { expect { subject }.to change(InviteUser, :count).by(1) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue