Rework visibility specs

gwu-libraries · Mar 8, 2024 · 07fc81e · 07fc81e
1 parent de68b7e
commit 07fc81e
Showing 1 changed file with 92 additions and 31 deletions.
diff --git a/spec/features/visibility_spec.rb b/spec/features/visibility_spec.rb
@@ -2,20 +2,34 @@
 
 RSpec.describe "View works via the UI" do
 
-  let(:user) { FactoryBot.create(:user) }
-  let(:admin_set) { FactoryBot.create(:admin_set) }
-  let(:public_work) { FactoryBot.create(:gw_work, admin_set: admin_set, visibility: "public") }
-  let(:auth_only_work) { FactoryBot.create(:gw_work, admin_set: admin_set, visibility: "authenticated") }
-  let(:private_work) { FactoryBot.create(:gw_work, admin_set: admin_set, visibility: "private") }
   let(:solr) { Blacklight.default_index.connection }
+  let(:admin_set) { FactoryBot.create(:admin_set) }
+
+  let(:basic_user) { FactoryBot.create(:user) }
+  let(:admin_user) { FactoryBot.create(:admin_user) }
+  let(:content_admin_user) { FactoryBot.create(:content_admin_user) }
+
+  let(:public_work) { FactoryBot.create(:gw_work, 
+                                        admin_set: admin_set, 
+                                        visibility: "public",
+                                        user: admin_user) }
+  let(:auth_only_work) { FactoryBot.create(:gw_work, 
+                                        admin_set: admin_set, 
+                                        visibility: "authenticated",
+                                        user: admin_user) }
+  let(:private_work) { FactoryBot.create(:gw_work, 
+                                        admin_set: admin_set, 
+                                        visibility: "private",
+                                        user: admin_user) }
+
 
   before do
+    ActiveFedora::Cleaner.clean!
+    solr.delete_by_query("*:*")
+
     [public_work, auth_only_work, private_work].map { |work| solr.add(work.to_solr) }
-    solr.commit
-  end
 
-  before :each do
-    visit root_path
+    solr.commit
   end
 
   after do
@@ -24,38 +38,85 @@
     solr.commit
   end
 
-  it 'can view a public work without authenticating' do
+  context 'as a non-logged in user' do
+    it 'can view public works' do
+      visit "/concern/gw_works/#{public_work.id}"
+      expect(page).to have_content(public_work.title.first)
+    end
+
+    it 'cannot view private works' do
+      visit "/concern/gw_works/#{private_work.id}"
+      expect(page).to_not have_content(private_work.title.first)
+    end
+
+    it 'cannot view authenticated works' do
+      visit "/concern/gw_works/#{auth_only_work.id}"
+      expect(page).to_not have_content(auth_only_work.title.first)
+    end
+  end
+
+  context 'as a GW Community member (authenticated, non-admin, non-content-admin)' do
+    before :each do
+      sign_in_user(basic_user)
+    end
+
+    it 'can view public works' do
+      visit "/concern/gw_works/#{public_work.id}"
+      expect(page).to have_content(public_work.title.first)
+    end
+
+    it 'cannot view private works created by others' do
+      visit "/concern/gw_works/#{private_work.id}"
+      expect(page).to_not have_content(private_work.title.first)
+      expect(page).to have_content("The page you have tried to access is private")
+    end
+
+    it 'can view authenticated works' do
+      visit "/concern/gw_works/#{auth_only_work.id}"
+      expect(page).to have_content(auth_only_work.title.first)
+    end
 
-    within ".navigation-wrap" do
-        click_on "Browse Everything"
-      end
-
-    expect(page).to have_content(public_work.title.first)
   end
 
-  it 'cannot view private or restricted works' do
+  context 'as a GW librarian (content-admin user)' do
+    before :each do
+      sign_in_user(content_admin_user)
+    end
 
-    within ".navigation-wrap" do
-        click_on "Browse Everything"
-      end
-
-    expect(page).to have_no_content(private_work.title.first)
+    it 'can view public works' do
+      visit "/concern/gw_works/#{public_work.id}"
+      expect(page).to have_content(public_work.title.first)
+    end
 
-    expect(page).to have_no_content(auth_only_work.title.first)
+    it 'cannot view a private work created by others' do
+      visit "/concern/gw_works/#{private_work.id}"
+      expect(page).to_not have_content(private_work.title.first)
+    end
 
+    it 'can view authenticated works' do
+      visit "/concern/gw_works/#{auth_only_work.id}"
+      expect(page).to have_content(auth_only_work.title.first)
+    end
   end
 
-  it 'can view restricted works but not private works after authenticating' do
+  context 'as a GW library admin (admin user)' do
+    before :each do
+      sign_in_user(admin_user)
+    end
 
-    sign_in_user(user)
-
-    within ".navigation-wrap" do
-        click_on "Browse Everything"
-      end
-
-    expect(page).to have_content(auth_only_work.title.first)
+    it 'can view public works' do
+      visit "/concern/gw_works/#{public_work.id}"
+      expect(page).to have_content(public_work.title.first)
+    end
 
-    expect(page).to have_no_content(private_work.title.first)
+    it 'can view their own private work' do
+      visit "/concern/gw_works/#{private_work.id}"
+      expect(page).to have_content(private_work.title.first)
+    end
 
+    it 'can view authenticated works' do
+      visit "/concern/gw_works/#{auth_only_work.id}"
+      expect(page).to have_content(auth_only_work.title.first)
+    end
   end
 end