Tests: sponsor member management

sethetter · sethetter · commit 54e5a8f2b2d4 · 2017-03-30T08:53:34.000-05:00
Summary: * Tests ability of sponsor owner to add/remove/update members * Tests to ensure at least one sponsor owner * Tests for forbidden actions by sponsor non-owners Resolves T212, T213 Test Plan: * make test Reviewers: doshitan Reviewed By: doshitan Maniphest Tasks: T213, T212 Differential Revision: https://phabricator.opengovfoundation.org/D142
diff --git a/app/Http/Requests/SponsorMember/Create.php b/app/Http/Requests/SponsorMember/Create.php
@@ -17,10 +17,8 @@ public function authorize()
     {
         $currentUser = $this->user();
 
-        return $this->sponsor->isActive() || (
-            $currentUser && (
-                $currentUser->isAdmin() || $this->sponsor->isSponsorOwner($currentUser->id)
-            )
+        return $currentUser && (
+            $currentUser->isAdmin() || $this->sponsor->isSponsorOwner($currentUser->id)
         );
     }
 
diff --git a/resources/views/sponsor_members/list.blade.php b/resources/views/sponsor_members/list.blade.php
@@ -24,7 +24,7 @@
                 </thead>
                 <tbody>
                     @foreach ($members as $member)
-                        <tr>
+                        <tr id="user-{{ $member->user->id }}">
                             <td>{{ $member->name }}</td>
                             <td>{{ $member->email }}</td>
                             <td>
@@ -34,7 +34,10 @@
                                             'role',
                                             $allRoles,
                                             $member->role,
-                                            [ 'onchange' => 'if (this.selectedIndex >= 0) this.form.submit();' ]
+                                            [
+                                                'onchange' => 'if (this.selectedIndex >= 0) this.form.submit();',
+                                                'class' => 'no-select2',
+                                            ]
                                             )
                                         }}
                                     {{ Form::close() }}
@@ -52,7 +55,7 @@
                                     @if ($sponsor->isSponsorOwner(Auth::user()->id) || Auth::user()->isAdmin())
                                         <div class="btn-group">
                                             {{ Form::open(['route' => ['sponsors.members.destroy', $sponsor, $member], 'method' => 'delete']) }}
-                                                <button type="submit" class="btn btn-xs btn-link">
+                                                <button type="submit" class="btn btn-xs btn-link remove">
                                                     <i class="fa fa-close"></i>
                                                 </button>
                                             {{ Form::close() }}
@@ -71,7 +74,9 @@
 
             <hr>
 
-            {{ Html::linkRoute('sponsors.members.create', trans('messages.sponsor_member.add'), [$sponsor], ['class' => 'btn btn-primary'])}}
+            @if ($sponsor->isSponsorOwner(Auth::user()->id) || Auth::user()->isAdmin())
+                {{ Html::linkRoute('sponsors.members.create', trans('messages.sponsor_member.add'), [$sponsor], ['class' => 'btn btn-primary add-member'])}}
+            @endif
         </div>
     </div>
 @endsection
diff --git a/tests/Browser/Pages/Sponsor/MembersPage.php b/tests/Browser/Pages/Sponsor/MembersPage.php
@@ -0,0 +1,50 @@
+<?php
+
+namespace Tests\Browser\Pages\Sponsor;
+
+use App\Models\Sponsor;
+use Laravel\Dusk\Browser;
+use Tests\Browser\Pages\Page;
+
+class MembersPage extends Page
+{
+    public $sponsor;
+
+    public function __construct(Sponsor $sponsor)
+    {
+        $this->sponsor = $sponsor;
+    }
+
+    /**
+     * Get the URL for the page.
+     *
+     * @return string
+     */
+    public function url()
+    {
+        return route('sponsors.members.index', [$this->sponsor], false);
+    }
+
+    /**
+     * Assert that the browser is on the page.
+     *
+     * @return void
+     */
+    public function assert(Browser $browser)
+    {
+        $browser->assertPathIs($this->url());
+    }
+
+    /**
+     * Get the element shortcuts for the page.
+     *
+     * @return array
+     */
+    public function elements()
+    {
+        return [
+            '@addMemberButton' => '.add-member',
+        ];
+    }
+
+}
diff --git a/tests/Browser/SponsorTest.php b/tests/Browser/SponsorTest.php
@@ -159,4 +159,153 @@ public function testNonOwnerCantEditSponsorSettings()
                 ;
         });
     }
+
+    public function testSponsorOwnerCanAddMembers()
+    {
+        $owner = factory(User::class)->create();
+        $sponsor = FactoryHelpers::createActiveSponsorWithUser($owner);
+
+        $user = factory(User::class)->create();
+        $role = Sponsor::ROLE_EDITOR;
+
+        $this->browse(function ($browser) use ($owner, $sponsor, $user, $role) {
+            $browser
+                ->loginAs($owner)
+                ->visit(new SponsorPages\MembersPage($sponsor))
+                ->assertDontSeeIn('table', $user->display_name)
+                ->click('@addMemberButton')
+                ->assertRouteIs('sponsors.members.create', $sponsor)
+                ->type('email', $user->email)
+                ->select('role', $role)
+                ->press(trans('messages.sponsor_member.add_user'))
+                ->assertRouteIs('sponsors.members.index', $sponsor)
+                ->assertSeeIn('table', $user->display_name)
+                ->assertSeeIn('tr#user-'.$user->id, trans('messages.sponsor_member.roles.'.$role))
+                ;
+        });
+    }
+
+    public function testNonSponsorOwnerCannotAddMembers()
+    {
+        $owner = factory(User::class)->create();
+        $editor = factory(User::class)->create();
+
+        $sponsor = FactoryHelpers::createActiveSponsorWithUser($owner);
+        $sponsor->addMember($editor->id, Sponsor::ROLE_EDITOR);
+
+        $this->browse(function ($browser) use ($sponsor, $editor) {
+            $browser
+                ->loginAs($editor)
+                ->visit(new SponsorPages\MembersPage($sponsor))
+                ->assertMissing('@addMemberButton')
+                ->visitRoute('sponsors.members.create', $sponsor)
+                ->assertSee('Whoops, looks like something went wrong') // 403 status
+                ;
+        });
+    }
+
+    public function testSponsorOwnerCanRemoveMembers()
+    {
+        $owner = factory(User::class)->create();
+        $editor = factory(User::class)->create();
+
+        $sponsor = FactoryHelpers::createActiveSponsorWithUser($owner);
+        $sponsor->addMember($editor->id, Sponsor::ROLE_EDITOR);
+
+        $this->browse(function ($browser) use ($owner, $sponsor, $editor) {
+            $browser
+                ->loginAs($owner)
+                ->visit(new SponsorPages\MembersPage($sponsor))
+                ->assertSeeIn('table', $editor->display_name)
+                ->with('tr#user-' . $editor->id, function ($userRow) {
+                    $userRow->press('.remove');
+                })
+                ->assertVisible('.alert.alert-info') // some success
+                ->assertRouteIs('sponsors.members.index', $sponsor)
+                ->assertDontSeeIn('table', $editor->display_name)
+                ;
+        });
+    }
+
+    public function testNonSponsorOwnerCannotRemoveMembers()
+    {
+        $owner = factory(User::class)->create();
+        $editor = factory(User::class)->create();
+
+        $sponsor = FactoryHelpers::createActiveSponsorWithUser($owner);
+        $sponsor->addMember($editor->id, Sponsor::ROLE_EDITOR);
+
+        $this->browse(function ($browser) use ($sponsor, $editor) {
+            $browser
+                ->loginAs($editor)
+                ->visit(new SponsorPages\MembersPage($sponsor))
+                ->assertMissing('tr .remove')
+                ;
+        });
+    }
+
+    public function testSponsorOwnerCanUpdateMemberRoles()
+    {
+        $owner = factory(User::class)->create();
+        $editor = factory(User::class)->create();
+
+        $sponsor = FactoryHelpers::createActiveSponsorWithUser($owner);
+        $sponsor->addMember($editor->id, Sponsor::ROLE_EDITOR);
+
+        $newRole = Sponsor::ROLE_STAFF;
+
+        $this->browse(function ($browser) use ($owner, $sponsor, $editor, $newRole) {
+            $browser
+                ->loginAs($owner)
+                ->visit(new SponsorPages\MembersPage($sponsor))
+                ->assertSeeIn('table', $editor->display_name)
+                ->with('tr#user-' . $editor->id, function ($userRow) use ($newRole) {
+                    $userRow->select('role', $newRole);
+                })
+                ->assertVisible('.alert.alert-info') // some success
+                ->assertRouteIs('sponsors.members.index', $sponsor)
+                ->assertSeeIn('tr#user-' . $editor->id, trans('messages.sponsor_member.roles.'.$newRole))
+                ;
+        });
+    }
+
+    public function testNonSponsorOwnerCannotUpdateMemberRoles()
+    {
+        $owner = factory(User::class)->create();
+        $editor = factory(User::class)->create();
+
+        $sponsor = FactoryHelpers::createActiveSponsorWithUser($owner);
+        $sponsor->addMember($editor->id, Sponsor::ROLE_EDITOR);
+
+        $this->browse(function ($browser) use ($sponsor, $editor) {
+            $browser
+                ->loginAs($editor)
+                ->visit(new SponsorPages\MembersPage($sponsor))
+                ->assertMissing('tr select')
+                ;
+        });
+    }
+
+    public function testEnsuresAtLeastOneOwner()
+    {
+        $owner = factory(User::class)->create();
+
+        $sponsor = FactoryHelpers::createActiveSponsorWithUser($owner);
+        $sponsor->addMember(factory(User::class)->create()->id, Sponsor::ROLE_EDITOR);
+
+        $originalRole = Sponsor::ROLE_OWNER;
+        $newRole = Sponsor::ROLE_STAFF;
+
+        $this->browse(function ($browser) use ($sponsor, $owner, $originalRole, $newRole) {
+            $browser
+                ->loginAs($owner)
+                ->visit(new SponsorPages\MembersPage($sponsor))
+                ->with('tr#user-' . $owner->id, function ($userRow) use ($originalRole, $newRole) {
+                    $userRow->select('role', $newRole);
+                })
+                ->assertSeeIn('.alert', trans('messages.sponsor_member.need_owner'))
+                ->assertSeeIn('tr#user-' . $owner->id, trans('messages.sponsor_member.roles.' . $originalRole))
+                ;
+        });
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -17,10 +17,8 @@ public function authorize()`
`17`	`17`	`{`
`18`	`18`	`$currentUser = $this->user();`
`19`	`19`
`20`		`- return $this->sponsor->isActive() \|\| (`
`21`		`- $currentUser && (`
`22`		`- $currentUser->isAdmin() \|\| $this->sponsor->isSponsorOwner($currentUser->id)`
`23`		`- )`
	`20`	`+ return $currentUser && (`
	`21`	`+ $currentUser->isAdmin() \|\| $this->sponsor->isSponsorOwner($currentUser->id)`
`24`	`22`	`);`
`25`	`23`	`}`
`26`	`24`