OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
openproject/spec/features/users/index_spec.rb

160 lines
5.9 KiB

#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) 2012-2021 the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See COPYRIGHT and LICENSE files for more details.
#++
require 'spec_helper'
describe 'index users', type: :feature do
shared_let(:current_user) { FactoryBot.create :admin, firstname: 'admin', lastname: 'admin', created_at: 1.hour.ago }
let(:index_page) { Pages::Admin::Users::Index.new }
before do
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
login_as(current_user)
end
describe 'with some sortable users' do
Placeholder user services and administration (#8944) * Adding placeholder user contracts * Adding create, update, and delete services for placeholder users * WIP: Adding Placeholder User contract specs [ci skip] * Extract contract validation into common helper * Add common validation in BaseContract + common example for admin checks * Introduce common ModelContract shared context for validations * WIP: PlaceholderUser controller, i18n, and routes [ci skip] * Placeholder users index page and query - moved all group related scopes from User to Principal to make them also available in PlaceholderUser. * end * Create PlaceholderUser * Feature spec for editing a placeholder user * Manage PlaceholderUser memberships The managment of memberships is pretty similar for User and PlaceholderUser. This commit extacts the similarities and uses them for both. * General partial and show view for PlaceholderUser * Delete obosolete partial * Allow RequireAdminGuard to be used as a module function * Fix I18n for confirmation text * Smaller code improvements * Fix: Syntax for accessing status enums was wrong. * Use UpdateService for updating a placeholder user * Add spec for PlaceholderUsersController * First code improvements after code review. - more improvements to come. * Further code improvements after review ... still more to come * Correct namespace of delete service * Fix: Make placeholder user contract validate * Remove :type attribute from base contract of User and PlaceholerUser ...and add it to the CreateContracts. Also add type validations. Further extract shared examples for placeholder user attribute validation * Refactor: Extract membership hook calls to helper * Fix redirect paths for membership controllers * Specs already present in shared exampels. * Fix duplicates routes for users and placeholder users * Fix user path * Add attribute name and lastname We don't need a writeable check as both are equally writable * Replace more references to tab_edit_user_path * Skip specs for PlaceholderUsers::DeletionService We will tackle that service in a separate PR. * Fix module usage of RequireAdminGuard * Fix group filter for placeholder users * Fix invalid reference to expect_valid * Fix: Fix tabbed edit path for placeholder users * Fix status filtering on users * Linting * Improve generalisation of individual principal filter cell - Check for presence of groups and statuses in order to toggle visibility of their UI element. - Remove groups from placeholder user controller and cell initialization and options * Fix selector on groups assign * Remove using_shared_fixtures Co-authored-by: Oliver Günther <mail@oliverguenther.de>
4 years ago
let!(:a_user) { FactoryBot.create :user, login: 'aa_login', firstname: 'aa_first', lastname: 'xxx_a' }
let!(:b_user) { FactoryBot.create :user, login: 'bb_login', firstname: 'bb_first', lastname: 'nnn_b' }
let!(:z_user) { FactoryBot.create :user, login: 'zz_login', firstname: 'zz_first', lastname: 'ccc_z' }
it 'sorts them correctly (Regression #35012)' do
index_page.visit!
index_page.expect_listed(current_user, a_user, b_user, z_user)
index_page.order_by('First name')
index_page.expect_order(a_user, current_user, b_user, z_user)
index_page.order_by('First name')
index_page.expect_order(z_user, b_user, current_user, a_user)
index_page.order_by('Last name')
index_page.expect_order(current_user, z_user, b_user, a_user)
index_page.order_by('Last name')
index_page.expect_order(a_user, b_user, z_user, current_user)
end
end
describe 'with some more status users' do
shared_let(:anonymous) { FactoryBot.create :anonymous }
shared_let(:active_user) { FactoryBot.create :user, created_at: 1.minute.ago }
shared_let(:registered_user) { FactoryBot.create :user, status: User.statuses[:registered] }
shared_let(:invited_user) { FactoryBot.create :user, status: User.statuses[:invited] }
it 'shows the users by status and allows status manipulations',
with_settings: { brute_force_block_after_failed_logins: 5,
brute_force_block_minutes: 10 } do
index_page.visit!
# Order is by id, asc
# so first ones created are on top.
index_page.expect_listed(current_user, active_user, registered_user, invited_user)
index_page.order_by('Created on')
index_page.expect_order(invited_user, registered_user, active_user, current_user)
index_page.order_by('Created on')
index_page.expect_order(current_user, active_user, registered_user, invited_user)
index_page.lock_user(active_user)
index_page.expect_listed(current_user, active_user, registered_user, invited_user)
index_page.expect_user_locked(active_user)
expect(active_user.reload)
.to be_locked
index_page.filter_by_status('locked permanently')
index_page.expect_listed(active_user)
index_page.filter_by_status('active')
index_page.expect_listed(current_user)
index_page.filter_by_status('locked permanently')
index_page.unlock_user(active_user)
index_page.expect_non_listed
index_page.filter_by_status('active')
index_page.expect_listed(current_user, active_user)
index_page.filter_by_name(active_user.lastname[0..-3])
index_page.expect_listed(active_user)
# temporarily block user
active_user.update(failed_login_count: 6,
last_failed_login_on: 9.minutes.ago)
index_page.clear_filters
index_page.expect_listed(current_user, active_user, registered_user, invited_user)
index_page.filter_by_status('locked temporarily')
index_page.expect_listed(active_user)
index_page.reset_failed_logins(active_user)
index_page.expect_non_listed
# temporarily block user and lock permanently
active_user.reload
active_user.update(failed_login_count: 6,
last_failed_login_on: 9.minutes.ago)
index_page.clear_filters
index_page.filter_by_status('locked temporarily')
index_page.expect_listed(active_user)
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
index_page.lock_user(active_user)
index_page.expect_listed(active_user)
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
index_page.filter_by_status('locked permanently')
index_page.expect_listed(active_user)
index_page.unlock_and_reset_user(active_user)
index_page.expect_non_listed
index_page.filter_by_status('active')
index_page.expect_listed(current_user, active_user)
# activate registered user
index_page.filter_by_status('registered')
index_page.expect_listed(registered_user)
index_page.activate_user(registered_user)
index_page.filter_by_status('active')
index_page.expect_listed(current_user, active_user, registered_user)
end
context 'as global user' do
shared_let(:global_manage_user) { FactoryBot.create :user, global_permission: :manage_user }
let(:current_user) { global_manage_user }
it 'can too visit the page' do
index_page.visit!
index_page.expect_listed(current_user, active_user, registered_user, invited_user)
end
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
end
end
end