also tie sample_controlled_vocab destroy to can_delete? seek4science#…

…1693
ScilifelabDataCentre · Feb 13, 2024 · eeb94b2 · eeb94b2
1 parent ae505c9
commit eeb94b2
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 6 deletions.
diff --git a/app/controllers/sample_controlled_vocabs_controller.rb b/app/controllers/sample_controlled_vocabs_controller.rb
@@ -6,7 +6,6 @@ class SampleControlledVocabsController < ApplicationController
 
   before_action :samples_enabled?, except: :typeahead
   before_action :login_required, except: %i[show index]
-  before_action :is_user_admin_auth, only: %i[destroy]
   before_action :find_and_authorize_requested_item, except: %i[index new create]
   before_action :find_assets, only: :index
   before_action :auth_to_create, only: %i[new create]

diff --git a/test/functional/sample_controlled_vocabs_controller_test.rb b/test/functional/sample_controlled_vocabs_controller_test.rb
@@ -181,6 +181,7 @@ class SampleControlledVocabsControllerTest < ActionController::TestCase
     get :edit, params: { id: cv.id }
     assert_response :success
 
+    # a system vocab cannot be edited or deleted
     cv2 = FactoryBot.create(:topics_controlled_vocab)
     refute cv2.can_edit?
 
@@ -190,6 +191,8 @@ class SampleControlledVocabsControllerTest < ActionController::TestCase
 
   test 'can_edit permission required to update' do
     login_as(FactoryBot.create(:person))
+
+    # a system vocab cannot be edited or deleted
     cv_bad = FactoryBot.create(:topics_controlled_vocab)
     refute cv_bad.can_edit?
 
@@ -235,15 +238,32 @@ class SampleControlledVocabsControllerTest < ActionController::TestCase
     assert_response :redirect
   end
 
-  test 'need to be project member to destroy' do
-    login_as(FactoryBot.create(:user))
-    cv = FactoryBot.create(:apples_sample_controlled_vocab)
+  test 'can_delete permission required to destroy' do
+    login_as(FactoryBot.create(:person))
+
+    # a system vocab cannot be edited or deleted
+    cv_bad = FactoryBot.create(:topics_controlled_vocab)
+    refute cv_bad.can_delete?
+
+    cv_good = FactoryBot.create(:apples_sample_controlled_vocab)
+    assert cv_good.can_delete?
+
+    assert_difference('SampleControlledVocab.count', -1) do
+      assert_difference('SampleControlledVocabTerm.count', -4) do
+        delete :destroy, params: { id: cv_good }
+      end
+    end
+    assert_redirected_to sample_controlled_vocabs_path
+    refute flash[:error]
+
     assert_no_difference('SampleControlledVocab.count') do
       assert_no_difference('SampleControlledVocabTerm.count') do
-        delete :destroy, params: { id: cv }
+        delete :destroy, params: { id: cv_bad }
       end
     end
-    assert_response :redirect
+    assert_redirected_to sample_controlled_vocab_path(cv_bad)
+    assert flash[:error]
+
   end
 
   test 'cannot access when disabled' do