Use authenticate_with_role in ref card; update specs

Author: steve-sullivan

app/controllers/reference_card_forms_controller.rb

@@ -84,8 +84,6 @@ def validate_recaptcha!
   end
 
   def require_admin!
-    authenticate!
-    @user_is_admin = current_user.any_role?(Role.stackpass_admin, :framework_admin)
-    raise Error::ForbiddenError unless @user_is_admin
+    @user_is_admin = authenticate_with_role!(Role.stackpass_admin, :framework_admin)
   end
 end

spec/models/user_spec.rb

@@ -179,7 +179,7 @@
     it 'returns false when the user does not have the role' do
       user = User.new(uid: '12345')
 
-      allow(FrameworkUsers).to receive(:hardcoded_admin?).with('12345').and_return(false)
+      allow(FrameworkUsers).to receive(:TEST_UID?).with('12345').and_return(false)
       allow(FrameworkUsers).to receive(:find_by).with(lcasid: '12345').and_return(nil)
 
       expect(user.role?(:framework_admin)).to be(false)
@@ -203,7 +203,7 @@
     it 'returns false when the user has none of the requested roles' do
       user = User.new(uid: '12345')
 
-      allow(FrameworkUsers).to receive(:hardcoded_admin?).with('12345').and_return(false)
+      allow(FrameworkUsers).to receive(:TEST_UID?).with('12345').and_return(false)
       allow(FrameworkUsers).to receive(:find_by).with(lcasid: '12345').and_return(nil)
 
       expect(user.any_role?(:alma_admin, :framework_admin)).to be(false)

spec/request/framework_user_request_spec.rb

@@ -1,38 +1,42 @@
 require 'forms_helper'
 
 describe :forms_proxy_borrower_admin, type: :request do
-  context 'specs with hardcoded admin' do
-    before do
-      mock_login(CalnetHelper::TEST_UID)
-    end
-
-    it 'removes an admin user' do
-      # First, create the user (directly)
-      user = FrameworkUsers.create(lcasid: 112_233, name: 'John Doe', role: 'Admin')
-      Assignment.create(framework_users: user, role: Role.proxyborrow_admin)
-
-      # Then, delete via the controller
-      delete "/forms/proxy-borrower/delete_admin/#{user.id}"
-      expect(response).to redirect_to(forms_proxy_borrower_admin_users_path)
-      get(forms_proxy_borrower_admin_users_path)
-      expect(response.body).to include('Removed John Doe from administrator list')
-      expect(Assignment.count).to eq(0)
-    end
-
-    it 'adds an admin user' do
-      post '/forms/proxy-borrower/add_admin', params: { lcasid: '12345678', name: 'Jane Doe' }
-
-      expect(response).to redirect_to(forms_proxy_borrower_admin_users_path)
-      get(forms_proxy_borrower_admin_users_path)
-
-      expect(response).to have_http_status(:ok)
-      expect(response.body).to include('Jane Doe')
-
-      created_user = FrameworkUsers.find_by(lcasid: '12345678')
-      expect(created_user).not_to be_nil
-
-      assignment = Assignment.find_by(framework_users_id: created_user.id, role_id: Role.proxyborrow_admin.id)
-      expect(assignment).not_to be_nil
-    end
+  let(:admin_role) { Role.proxyborrow_admin }
+
+  before do
+    mock_login(CalnetHelper::TEST_UID)
+  end
+
+  it 'removes an admin user' do
+    user = FrameworkUsers.create(lcasid: 112_233, name: 'John Doe', role: 'Admin')
+    Assignment.create(framework_users: user, role: admin_role)
+
+    delete "/forms/proxy-borrower/delete_admin/#{user.id}"
+
+    expect(response).to redirect_to(forms_proxy_borrower_admin_users_path)
+
+    get forms_proxy_borrower_admin_users_path
+
+    expect(response.body).to include('Removed John Doe from administrator list')
+    expect(Assignment.count).to eq(0)
+  end
+
+  it 'adds an admin user' do
+    post '/forms/proxy-borrower/add_admin',
+         params: { lcasid: '12345678', name: 'Jane Doe' }
+
+    expect(response).to redirect_to(forms_proxy_borrower_admin_users_path)
+
+    get forms_proxy_borrower_admin_users_path
+
+    expect(response).to have_http_status(:ok)
+    expect(response.body).to include('Jane Doe')
+
+    created_user = FrameworkUsers.find_by(lcasid: '12345678')
+
+    expect(created_user).not_to be_nil
+    expect(
+      Assignment.find_by(framework_users: created_user, role: admin_role)
+    ).not_to be_nil
   end
 end

spec/system/proxy_borrower_admin_system_spec.rb

@@ -3,22 +3,38 @@
 
 describe :forms_proxy_borrower_admin, type: :system do
 
-  context 'specs with hardcoded admin' do
+  context 'specs with proxyborrower admin' do
     before do
-      # First create a DSP Rep and assignment
-      user = FrameworkUsers.create(lcasid: 112_233, name: 'John Doe', role: 'Admin')
-      @assignment = Assignment.create(framework_users_id: user.id, role_id: Role.proxyborrow_admin.id)
+      admin = FrameworkUsers.create(
+        lcasid: CalnetHelper::TEST_UID,
+        name: 'Test Admin',
+        role: 'Admin'
+      )
+
+      Assignment.create(
+        framework_users: admin,
+        role: Role.proxyborrow_admin
+      )
+
+      user = FrameworkUsers.create(
+        lcasid: 112_233,
+        name: 'John Doe',
+        role: 'Admin'
+      )
+
+      @assignment = Assignment.create(
+        framework_users: user,
+        role: Role.proxyborrow_admin
+      )
 
-      # These functions require admin privledges:
       mock_login(CalnetHelper::TEST_UID)
 
-      # Go to the Admin Users View Page:
       visit forms_proxy_borrower_admin_users_path
     end
 
     it 'removes an admin user' do
       accept_confirm 'Are you sure you want to delete John Doe?' do
-        click_link 'Remove'
+        click_link 'Remove', match: :first
       end
       expect(page).to have_no_content('<div class="col user-col">John Doe')
       expect(page).to have_content('Removed John Doe from administrator list')

spec/system/proxy_borrower_dsp_system_spec.rb

@@ -3,25 +3,15 @@
 require 'time'
 
 describe :forms_proxy_borrower_dsp, type: :system do
-  attr_reader :patron_id
-  attr_reader :patron
-  attr_reader :user
-
   let(:alma_api_key) { 'totally-fake-key' }
-
   let(:field_prefix) { 'proxy_borrower_requests_' }
-
-  before(:all) do
-    # Calculate and define the max date and an invalid date:
-    @max_date = ProxyBorrowerRequests.max_term
-
-    # Thou shalt pass parameters as Dates, since we use native date fields now:
-    @invalid_date = Time.zone.today - 1.day
-  end
+  let(:max_date) { ProxyBorrowerRequests.max_term }
+  let(:invalid_date) { Time.zone.today - 1.day }
+  let(:patron_id) { Alma::Type.sample_id_for(Alma::Type::UNDERGRAD_SLE) }
 
   before do
-    @patron_id = Alma::Type.sample_id_for(Alma::Type::UNDERGRAD_SLE)
-    @user = login_as_patron(patron_id)
+    login_as_patron(patron_id)
+
     allow(Rails.application.config).to receive(:alma_api_key).and_return(alma_api_key)
 
     req_url = "https://api-na.hosted.exlibrisgroup.com/almaws/v1/users/#{patron_id}?expand=fees&view=full"
@@ -30,8 +20,6 @@
       .with(headers: { 'Accept' => 'application/json', 'Authorization' => "apikey #{alma_api_key}" })
       .to_return(status: 200, body: File.new("spec/data/alma_patrons/#{patron_id}.json"))
 
-    @patron = Alma::User.find(patron_id)
-
     visit forms_proxy_borrower_dsp_path
   end
 
@@ -62,7 +50,7 @@
     fill_in("#{field_prefix}research_last", with: ' ')
     fill_in("#{field_prefix}research_first", with: ' ')
     fill_in("#{field_prefix}dsp_rep", with: ' ') # TODO: add server-side validation for this (currently only JS)
-    fill_in("#{field_prefix}date_term", with: @max_date)
+    fill_in("#{field_prefix}date_term", with: max_date)
 
     submit_button = find(:xpath, "//input[@type='submit']")
     submit_button.click
@@ -77,7 +65,7 @@
     fill_in("#{field_prefix}research_first", with: 'John')
     fill_in("#{field_prefix}dsp_rep", with: 'Jane Roe')
 
-    fill_in("#{field_prefix}date_term", with: @invalid_date)
+    fill_in("#{field_prefix}date_term", with: invalid_date)
 
     submit_button = find(:xpath, "//input[@type='submit']")
     submit_button.click
@@ -90,7 +78,7 @@
     fill_in("#{field_prefix}research_last", with: 'Doe')
     fill_in("#{field_prefix}research_first", with: 'John')
     fill_in("#{field_prefix}dsp_rep", with: 'Jane Roe')
-    fill_in("#{field_prefix}date_term", with: @max_date)
+    fill_in("#{field_prefix}date_term", with: max_date)
 
     submit_button = find(:xpath, "//input[@type='submit']")
     submit_button.click

spec/system/stack_pass_admin_system_spec.rb

@@ -2,22 +2,38 @@
 require 'calnet_helper'
 
 describe :forms_stack_pass_admin, type: :system do
-  context 'specs with hardcoded admin' do
+  context 'specs with stack pass admin' do
     before do
-      # First create an admin and assignment
-      user = FrameworkUsers.create(lcasid: 112_233, name: 'John Doe', role: 'Admin')
-      Assignment.create(framework_users_id: user.id, role_id: Role.stackpass_admin.id)
+      admin = FrameworkUsers.create(
+        lcasid: CalnetHelper::TEST_UID,
+        name: 'Test Admin',
+        role: 'Admin'
+      )
+
+      Assignment.create(
+        framework_users: admin,
+        role: Role.stackpass_admin
+      )
+
+      user = FrameworkUsers.create(
+        lcasid: 112_233,
+        name: 'John Doe',
+        role: 'Admin'
+      )
+
+      Assignment.create(
+        framework_users: user,
+        role: Role.stackpass_admin
+      )
 
-      # These functions require admin privledges:
       mock_login(CalnetHelper::TEST_UID)
 
-      # Go to the Admin Users View Page:
       visit forms_stack_pass_admin_users_path
     end
 
     it 'removes an admin user' do
       accept_confirm 'Are you sure you want to delete John Doe?' do
-        click_link 'Remove'
+        click_link 'Remove', match: :first
       end
       expect(page).to have_no_content('<div class="col user-col">John Doe')
       expect(page).to have_content('Removed John Doe from administrator list')