From 382da938aab60a834fc15d31b764436502c28a84 Mon Sep 17 00:00:00 2001 From: K8Sewell Date: Tue, 3 Sep 2024 18:38:30 -0500 Subject: [PATCH 01/12] Remove netid from factory user --- spec/factories/users.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/spec/factories/users.rb b/spec/factories/users.rb index 236fae73..063d9718 100644 --- a/spec/factories/users.rb +++ b/spec/factories/users.rb @@ -7,7 +7,6 @@ factory :user do uid { FFaker::Internet.user_name } sub { "123" } - netid { "az123" } provider { "openid" } end end From 0350562a85f1fba47627e34c45e59930acfb606d Mon Sep 17 00:00:00 2001 From: K8Sewell Date: Tue, 3 Sep 2024 18:39:13 -0500 Subject: [PATCH 02/12] Add context section for non yale user --- spec/requests/download_original_spec.rb | 28 ++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/spec/requests/download_original_spec.rb b/spec/requests/download_original_spec.rb index e1304d96..b0aa040c 100644 --- a/spec/requests/download_original_spec.rb +++ b/spec/requests/download_original_spec.rb @@ -3,7 +3,8 @@ RSpec.describe "Download Original", type: :request, clean: true do let(:imgtiff) { 'image/tiff' } - let(:user) { FactoryBot.create(:user, netid: "net_id") } + let(:yale_user) { FactoryBot.create(:user, netid: "net_id") } + let(:non_yale_user) { FactoryBot.create(:user) } let(:public_work) { WORK_WITH_PUBLIC_VISIBILITY.merge({ "child_oids_ssim": ["5555555"] }) } let(:yale_work) do { @@ -86,9 +87,9 @@ end end - context 'as an authenticated user' do + context 'as an authenticated yale user' do before do - sign_in user + sign_in yale_user end context 'when file is present on S3' do it 'display if set to public' do @@ -120,4 +121,25 @@ end end end + + context 'as an authenticated non yale user' do + before do + sign_in non_yale_user + end + context 'when file is present on S3' do + it 'display if set to public' do + get "/download/tiff/#{public_work[:child_oids_ssim].first}" + expect(response).to have_http_status(:success) # 200 + expect(response.content_type).to eq imgtiff + end + it 'does not display if set to YCO' do + get "/download/tiff/#{yale_work[:child_oids_ssim].first}" + expect(response).to have_http_status(:unauthorized) # 401 + end + it 'does not display if set to private' do + get "/download/tiff/#{private_work[:child_oids_ssim].first}" + expect(response).to have_http_status(:not_found) # 404 + end + end + end end From 46cc7af27ddde66be31a2b8afaafab1ec1eaf4db Mon Sep 17 00:00:00 2001 From: K8Sewell Date: Wed, 4 Sep 2024 13:29:01 -0500 Subject: [PATCH 03/12] Supplements test coverage --- ...create_permission_requests_request_spec.rb | 61 +++++++++- .../owp_object_show_page_request_spec.rb | 38 ++++++ .../owp_agreement_term_spec.rb | 108 ++++++++++++++++++ ...rmission_request_confirmation_page_spec.rb | 98 ++++++++++++---- .../user_requests_table_page_spec.rb | 96 +++++++++++++++- 5 files changed, 370 insertions(+), 31 deletions(-) create mode 100644 spec/system/open_with_permission/owp_agreement_term_spec.rb diff --git a/spec/requests/open_with_permission/create_permission_requests_request_spec.rb b/spec/requests/open_with_permission/create_permission_requests_request_spec.rb index 236f1369..078706b5 100644 --- a/spec/requests/open_with_permission/create_permission_requests_request_spec.rb +++ b/spec/requests/open_with_permission/create_permission_requests_request_spec.rb @@ -2,7 +2,8 @@ require 'rails_helper' RSpec.describe "Permission Requests", type: :request, clean: true do - let(:user) { FactoryBot.create(:user, netid: "net_id", sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6e", uid: 'some_name', email: 'not_real@example.com') } + let(:yale_user) { FactoryBot.create(:user, netid: "net_id", sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6e", uid: 'some_name', email: 'not_real@example.com') } + let(:non_yale_user) { FactoryBot.create(:user, sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6f", uid: 'som456', email: 'not_real_either@example.com') } let(:owp_work_with_permission) do { "id": "1618909", @@ -64,15 +65,40 @@ "user_full_name": "Request Full Name"} ]}', headers: valid_header) + stub_request(:get, 'http://www.example.com/management/api/permission_sets/7bd425ee-1093-40cd-ba0c-5a2355e37d6f') + .to_return(status: 200, body: '{ + "timestamp":"2023-11-02", + "user":{"sub":"7bd425ee-1093-40cd-ba0c-5a2355e37d6f"}, + "permission_set_terms_agreed":[], + "permissions":[{ + "oid":1618909, + "permission_set":1, + "permission_set_terms":1, + "request_status":"Approved", + "request_date":"2023-11-02T20:23:18.824Z", + "access_until":"2034-11-02T20:23:18.824Z", + "user_note": "permission.user_note", + "user_full_name": "request_user.name"}, + { + "oid":1718909, + "permission_set":1, + "permission_set_terms":1, + "request_status":null, + "request_date":"2023-11-02T20:23:18.824Z", + "access_until":null, + "user_note": "lorem ipsum", + "user_full_name": "Request Full Name"} + ]}', + headers: valid_header) solr = Blacklight.default_index.connection solr.add([owp_work_with_permission, owp_work_without_permission]) solr.commit allow(User).to receive(:on_campus?).and_return(false) - sign_in user end - context 'with an authenticated user' do + context 'with an authenticated yale user' do before do + sign_in yale_user stub_request(:post, 'http://www.example.com/management/api/permission_requests') .with(body: { "oid" => "1718909", @@ -84,7 +110,33 @@ }, headers: valid_header) .to_return(status: 201, body: '{ "title": "New request created"}', headers: valid_header) - stub_request(:post, 'http://www.example.com/catalog/1718909/request_form') + end + it 'will create a new permission request and redirect to the confirmation page' do + post '/catalog/1718909/request_form', params: { + 'oid': '1718909', + 'permission_request': { + 'user_full_name': 'Request Full Name', + 'user_note': 'lorem ipsum' + } + }, headers: valid_header + expect(response).to have_http_status(:redirect) + expect(response.redirect_url).to eq('http://www.example.com/catalog/1718909/request_confirmation') + end + end + + context 'with an authenticated non yale user' do + before do + sign_in non_yale_user + stub_request(:post, 'http://www.example.com/management/api/permission_requests') + .with(body: { + "oid" => "1718909", + "user_email" => "not_real_either@example.com", + "user_full_name" => "Request Full Name", + "user_netid" => nil, + "user_note" => "lorem ipsum", + "user_sub" => "7bd425ee-1093-40cd-ba0c-5a2355e37d6f" + }, + headers: valid_header) .to_return(status: 201, body: '{ "title": "New request created"}', headers: valid_header) end it 'will create a new permission request and redirect to the confirmation page' do @@ -102,7 +154,6 @@ context 'with a NOT authenticated user' do it 'will redirect to the show page' do - sign_out user post '/catalog/1718909/request_form', params: { 'oid': '1718909', 'permission_request': { diff --git a/spec/requests/open_with_permission/owp_object_show_page_request_spec.rb b/spec/requests/open_with_permission/owp_object_show_page_request_spec.rb index 75c7f61e..df25032a 100644 --- a/spec/requests/open_with_permission/owp_object_show_page_request_spec.rb +++ b/spec/requests/open_with_permission/owp_object_show_page_request_spec.rb @@ -3,6 +3,7 @@ RSpec.describe "Open with Permission", type: :request, clean: true do let(:user) { FactoryBot.create(:user, netid: "net_id1", sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6e", uid: 'user_uid', email: 'not_real@example.com') } + let(:non_yale_user) { FactoryBot.create(:user, sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6g", uid: 'uid456', email: 'not_real_either@example.com') } let(:admin_approver_user) { FactoryBot.create(:user, netid: "net_id2", sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6d", uid: 'unique_uid', email: 'not_real@example.com') } let(:non_approved_user) { FactoryBot.create(:user, netid: "net_id3", sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6f", uid: 'some_name', email: 'not_real@example.com') } let(:owp_work_with_permission) do @@ -63,6 +64,28 @@ } ]}', headers: valid_header) + stub_request(:get, 'http://www.example.com/management/api/permission_sets/7bd425ee-1093-40cd-ba0c-5a2355e37d6g') + .to_return(status: 200, body: '{ + "timestamp":"2023-11-02", + "user":{"sub":"7bd425ee-1093-40cd-ba0c-5a2355e37d6g"}, + "permission_set_terms_agreed":[1], + "permissions":[{ + "oid":1618909, + "permission_set":1, + "permission_set_terms":1, + "request_status":"Approved", + "request_date":"2023-11-02T20:23:18.824Z", + "access_until":"2034-11-02T20:23:18.824Z"}, + { + "oid":1718909, + "permission_set":1, + "permission_set_terms":1, + "request_status":null, + "request_date":"2023-11-02T20:23:18.824Z", + "access_until":null + } + ]}', + headers: valid_header) stub_request(:get, "http://www.example.com/management/api/permission_sets/1618909/#{user.netid}") .to_return(status: 200, body: '{ "is_admin_or_approver?":"true" @@ -180,6 +203,21 @@ end end + context 'as an authenticated non yale user on the request form page' do + it 'displays metadata, username, email, input fields, and buttons if user has accepted the terms and conditions' do + sign_in non_yale_user + get "/catalog/1718909/request_form" + expect(response).to have_http_status(:success) + expect(response.body).to include('Map of India') + expect(response.body).to include(non_yale_user.uid.to_s) + expect(response.body).to include(non_yale_user.email.to_s) + expect(response.body).to include('input required="required" type="text" name="permission_request[user_full_name]" id="permission_request_user_full_name"') + expect(response.body).to include('textarea rows="3" required="required" name="permission_request[user_note]" id="permission_request_user_note"') + expect(response.body).to include('CANCEL') + expect(response.body).to include('SUBMIT REQUEST') + end + end + it 'displays the terms and conditions page if user has not accepted the terms' do sign_in non_approved_user get "/catalog/1718909/request_form" diff --git a/spec/system/open_with_permission/owp_agreement_term_spec.rb b/spec/system/open_with_permission/owp_agreement_term_spec.rb new file mode 100644 index 00000000..332ec924 --- /dev/null +++ b/spec/system/open_with_permission/owp_agreement_term_spec.rb @@ -0,0 +1,108 @@ +# frozen_string_literal: true +require 'rails_helper' + +RSpec.describe "Open with Permission", type: :system do + let(:yale_user) { FactoryBot.create(:user, netid: "net_id1", sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6e", uid: 'user_uid', email: 'not_real@example.com') } + let(:non_yale_user) { FactoryBot.create(:user, sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6g", uid: 'uid456', email: 'not_real_either@example.com') } + let(:owp_work_without_permission) do + { + "id": "1718909", + "title_tesim": ["Map of India"], + "visibility_ssi": "Open with Permission", + "child_oids_ssim": ["222222"] + } + end + let(:valid_header) do + { + 'Accept' => '*/*', + 'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', + 'Authorization' => 'Bearer valid', + 'Content-Type' => 'application/x-www-form-urlencoded', + 'User-Agent' => 'Ruby' + } + end + + around do |example| + original_blacklight_url = ENV['BLACKLIGHT_HOST'] + original_management_url = ENV['MANAGEMENT_HOST'] + original_token = ENV['OWP_AUTH_TOKEN'] + ENV['BLACKLIGHT_HOST'] = 'http://www.example.com' + ENV['MANAGEMENT_HOST'] = 'http://www.example.com/management' + ENV['OWP_AUTH_TOKEN'] = 'valid' + example.run + ENV['BLACKLIGHT_HOST'] = original_blacklight_url + ENV['MANAGEMENT_HOST'] = original_management_url + ENV['OWP_AUTH_TOKEN'] = original_token + end + before do + stub_request(:get, 'http://www.example.com/management/api/permission_sets/7bd425ee-1093-40cd-ba0c-5a2355e37d6e') + .to_return(status: 200, body: '{ + "timestamp":"2023-11-02", + "user":{"sub":"7bd425ee-1093-40cd-ba0c-5a2355e37d6e"}, + "permission_set_terms_agreed":[], + "permissions":[]}').then.to_return(status: 200, body: '{ + "timestamp":"2023-11-02", + "user":{"sub":"7bd425ee-1093-40cd-ba0c-5a2355e37d6e"}, + "permission_set_terms_agreed":[1], + "permissions":[]}') + stub_request(:get, 'http://www.example.com/management/api/permission_sets/7bd425ee-1093-40cd-ba0c-5a2355e37d6g') + .to_return(status: 200, body: '{ + "timestamp":"2023-11-02", + "user":{"sub":"7bd425ee-1093-40cd-ba0c-5a2355e37d6e"}, + "permission_set_terms_agreed":[], + "permissions":[]}').then.to_return(status: 200, body: '{ + "timestamp":"2023-11-02", + "user":{"sub":"7bd425ee-1093-40cd-ba0c-5a2355e37d6g"}, + "permission_set_terms_agreed":[1], + "permissions":[]}') + stub_request(:get, "http://www.example.com/management/api/permission_sets/1718909/terms") + .to_return(status: 200, body: "{\"id\":1,\"title\":\"Permission Set Terms\",\"body\":\"These are some terms\"}") + solr = Blacklight.default_index.connection + solr.add([owp_work_without_permission]) + solr.commit + allow(User).to receive(:on_campus?).and_return(false) + end + + context 'as an authenticated user on the request form page' do + before do + stub_request(:post, 'http://www.example.com/management/agreement_term') + .with(body: { "oid" => "1718909", "permission_set_terms_id" => "1", "user_email" => "not_real@example.com", "user_full_name" => "new", "user_netid" => "net_id1", + "user_sub" => "7bd425ee-1093-40cd-ba0c-5a2355e37d6e" }, headers: valid_header) + .to_return(status: 200) + stub_request(:post, 'http://www.example.com/management/agreement_term') + .with(body: { "oid" => "1718909", "permission_set_terms_id" => "1", "user_email" => "not_real_either@example.com", "user_full_name" => "new", "user_netid" => nil, + "user_sub" => "7bd425ee-1093-40cd-ba0c-5a2355e37d6g" }, headers: valid_header) + .to_return(status: 200) + end + context 'with yale user' do + it 'can display request form' do + login_as yale_user + visit "/catalog/1718909/request_form" + expect(page.body).to include('These are some terms') + click_on 'Agree' + expect(page).to have_http_status(:success) + expect(page.body).to include('SUBMIT') + end + end + context 'with non yale user' do + it 'can display request form' do + login_as non_yale_user + visit "/catalog/1718909/request_form" + expect(page.body).to include('These are some terms') + click_on 'Agree' + expect(page).to have_http_status(:success) + expect(page.body).to include('SUBMIT') + end + end + end + + context 'as a not authenticated user on the request form page' do + it 'redirects to the show page' do + visit "/catalog/1718909/request_form" + expect(page).to have_http_status(:success) + expect(page.current_url).to eq('http://www.example.com/catalog/1718909') + expect(page.body).to include('The material in this folder is open for research use only with permission.') + expect(page.body).to include('Please log in') + end + end +end diff --git a/spec/system/open_with_permission/permission_request_confirmation_page_spec.rb b/spec/system/open_with_permission/permission_request_confirmation_page_spec.rb index 0af336c8..6e043c9e 100644 --- a/spec/system/open_with_permission/permission_request_confirmation_page_spec.rb +++ b/spec/system/open_with_permission/permission_request_confirmation_page_spec.rb @@ -2,7 +2,8 @@ require 'rails_helper' RSpec.describe "Permission Requests", type: :system do - let(:user) { FactoryBot.create(:user, netid: "net_id", sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6e", uid: 'some_name', email: 'not_real@example.com') } + let(:yale_user) { FactoryBot.create(:user, netid: "net_id", sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6e", uid: 'sun77', email: 'not_real@example.com') } + let(:non_yale_user) { FactoryBot.create(:user, sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6f", uid: 'snm89', email: 'not_real_either@example.com') } let(:owp_work_with_permission) do { "id": "1618909", @@ -66,32 +67,85 @@ "user_full_name": "request_user.name"} ]}', headers: valid_header) - stub_request(:post, 'http://www.example.com/management/api/permission_requests') - .with(body: { - "oid" => "1718909", - "user_email" => "not_real@example.com", - "user_full_name" => "Request Full Name", - "user_netid" => "net_id", - "user_note" => "lorem ipsum", - "user_sub" => "7bd425ee-1093-40cd-ba0c-5a2355e37d6e" - }, - headers: valid_header) - .to_return(status: 201, body: '{ "title": "New request created"}') - stub_request(:post, 'http://www.example.com/catalog/1718909/request_form') - .to_return(status: 201, body: '{ "title": "New request created"}') + stub_request(:get, 'http://www.example.com/management/api/permission_sets/7bd425ee-1093-40cd-ba0c-5a2355e37d6f') + .to_return(status: 200, body: '{ + "timestamp":"2023-11-02", + "user":{"sub":"7bd425ee-1093-40cd-ba0c-5a2355e37d6f"}, + "permission_set_terms_agreed":[], + "permissions":[{ + "oid":1718909, + "permission_set":1, + "permission_set_terms":1, + "request_status":"Pending", + "request_date":"2023-11-02T20:23:18.824Z", + "access_until":null, + "user_note": "lorem ipsum", + "user_full_name": "Request Full Name" + }, + { + "oid":1618909, + "permission_set":1, + "permission_set_terms":1, + "request_status":"Approved", + "request_date":"2023-11-02T20:23:18.824Z", + "access_until":"2034-11-02T20:23:18.824Z", + "user_note": "permission.user_note", + "user_full_name": "request_user.name"} + ]}', + headers: valid_header) solr = Blacklight.default_index.connection solr.add([owp_work_with_permission, owp_work_without_permission]) solr.commit allow(User).to receive(:on_campus?).and_return(false) - login_as user end - it 'submitting a successful permission request will load the confirmation page' do - visit 'catalog/1718909/request_confirmation' - expect(page.body).to include "Map of India" - expect(page.body).to include "Pending" - expect(page.body).to include "Request Full Name" - expect(page.body).to include "lorem ipsum" - expect(page.body).to include "CONTINUE" + context 'with an authenticated yale user' do + before do + login_as yale_user + stub_request(:post, 'http://www.example.com/management/api/permission_requests') + .with(body: { + "oid" => "1718909", + "user_email" => "not_real@example.com", + "user_full_name" => "Request Full Name", + "user_netid" => "net_id", + "user_note" => "lorem ipsum", + "user_sub" => "7bd425ee-1093-40cd-ba0c-5a2355e37d6e" + }, + headers: valid_header) + .to_return(status: 201, body: '{ "title": "New request created"}') + end + it 'submitting a successful permission request will load the confirmation page' do + visit 'catalog/1718909/request_confirmation' + expect(page.body).to include "Map of India" + expect(page.body).to include "Pending" + expect(page.body).to include "Request Full Name" + expect(page.body).to include "lorem ipsum" + expect(page.body).to include "CONTINUE" + end + end + + context 'with an authenticated non yale user' do + before do + login_as non_yale_user + stub_request(:post, 'http://www.example.com/management/api/permission_requests') + .with(body: { + "oid" => "1718909", + "user_email" => "not_real_either@example.com", + "user_full_name" => "Request Full Name", + "user_netid" => nil, + "user_note" => "lorem ipsum", + "user_sub" => "7bd425ee-1093-40cd-ba0c-5a2355e37d6f" + }, + headers: valid_header) + .to_return(status: 201, body: '{ "title": "New request created"}') + end + it 'submitting a successful permission request will load the confirmation page' do + visit 'catalog/1718909/request_confirmation' + expect(page.body).to include "Map of India" + expect(page.body).to include "Pending" + expect(page.body).to include "Request Full Name" + expect(page.body).to include "lorem ipsum" + expect(page.body).to include "CONTINUE" + end end end diff --git a/spec/system/open_with_permission/user_requests_table_page_spec.rb b/spec/system/open_with_permission/user_requests_table_page_spec.rb index 7bebf999..710bf47d 100644 --- a/spec/system/open_with_permission/user_requests_table_page_spec.rb +++ b/spec/system/open_with_permission/user_requests_table_page_spec.rb @@ -2,7 +2,8 @@ require 'rails_helper' RSpec.describe "Open with Permission", type: :system do - let(:user) { FactoryBot.create(:user, netid: "net_id", sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6e", uid: 'some_name', email: 'not_real@example.com') } + let(:yale_user) { FactoryBot.create(:user, netid: "net_id", sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6e", uid: 'some_name', email: 'not_real@example.com') } + let(:non_yale_user) { FactoryBot.create(:user, sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6f", uid: 'som789', email: 'not_real_either@example.com') } let(:owp_work_six_with_approved_permission) do { "id": "1618909", @@ -117,6 +118,52 @@ } ]}', headers: valid_header) + stub_request(:get, 'http://www.example.com/management/api/permission_sets/7bd425ee-1093-40cd-ba0c-5a2355e37d6f') + .to_return(status: 200, body: '{ + "timestamp":"2023-11-02", + "user":{"sub":"7bd425ee-1093-40cd-ba0c-5a2355e37d6f"}, + "permission_set_terms_agreed":[1], + "permissions":[{ + "oid":1618909, + "permission_set":1, + "permission_set_terms":1, + "request_status":"Approved", + "request_date":"2023-11-02T20:23:18.824Z", + "access_until":"2034-11-02T20:23:18.824Z"}, + { + "oid":1718909, + "permission_set":1, + "permission_set_terms":1, + "request_status":"Denied", + "request_date":"2024-11-02T20:23:18.824Z", + "access_until":null + }, + { + "oid":1818909, + "permission_set":1, + "permission_set_terms":1, + "request_status":"Pending", + "request_date":"2025-11-02T20:23:18.824Z", + "access_until":null + }, + { + "oid":1918909, + "permission_set":1, + "permission_set_terms":1, + "request_status":"Approved", + "request_date":"2026-11-02T20:23:18.824Z", + "access_until":"2034-11-02T20:23:18.824Z" + }, + { + "oid":11018909, + "permission_set":1, + "permission_set_terms":1, + "request_status":"Denied", + "request_date":"2027-11-02T20:23:18.824Z", + "access_until":null + } + ]}', + headers: valid_header) stub_request(:get, "http://www.example.com/management/api/permission_sets/1618909/terms") .to_return(status: 200, body: "{\"id\":1,\"title\":\"Permission Set Terms\",\"body\":\"These are some terms\"}", headers: valid_header) stub_request(:get, "http://www.example.com/management/api/permission_sets/1718909/terms") @@ -140,9 +187,50 @@ end context 'as an authenticated user on the requests page' do - context 'with correct permission' do + context 'as a yale user' do + before do + login_as yale_user + visit '/permission_requests' + end + + it 'can display as expected' do + expect(page).to have_http_status(:success) + # Header is present + expect(page).to have_content 'Access Requests' + # table has 5 columns: title, call number, request date, status, access expires + expect(page).to have_content 'Title' + expect(page).to have_content 'Call Number' + expect(page).to have_content 'Request Date' + expect(page).to have_content 'Status' + expect(page).to have_content 'Access Expires' + # has icons for sorting columns and they work + expect(page).to have_css '.double-arrow' + # title column displays owp object's title as a link + expect(page).to have_link 'Map of New Zealand', href: '/catalog/11018909' + # call number column displays owp object's call number + expect(page).to have_content '1234567890' + # request date column displays request date + expect(page).to have_content '11/02/27' + # status column displays request status + # status column displays Pending, Approved or Denied + expect(page).to have_content('Pending').once + expect(page).to have_content('Approved').twice + expect(page).to have_content('Denied').twice + # access expires column displays access until + # access expires column displays N/A for Pending or Denied requests + expect(page).to have_content('N/A', count: 3) + expect(page).to have_content('11/02/34').twice + end + + it 'can search as expected' do + click_on 'Search' + expect(page.current_url).to eq 'http://web.library.yale.edu/gsearch' + end + end + + context 'as a non yale user' do before do - login_as user + login_as non_yale_user visit '/permission_requests' end @@ -184,7 +272,7 @@ context 'as a NOT authenticated user on the requests page' do it 'will redirect to homepage' do - logout user + # logout user visit '/permission_requests' expect(page.current_url).to eq ENV['BLACKLIGHT_HOST'] end From b8e41bee36a43e539ca48131f1094ee4e74137e0 Mon Sep 17 00:00:00 2001 From: K8Sewell Date: Wed, 4 Sep 2024 18:47:15 -0500 Subject: [PATCH 04/12] Change param sent to be the one expected by management --- app/helpers/access_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/helpers/access_helper.rb b/app/helpers/access_helper.rb index d7af8d85..6d2088f6 100644 --- a/app/helpers/access_helper.rb +++ b/app/helpers/access_helper.rb @@ -92,7 +92,7 @@ def retrieve_admin_credentials(document) return nil if current_user.nil? # #{ENV['MANAGEMENT_HOST']} # for local debugging - http://yul-dc-management-1:3001/management or http://yul-dc_management_1:3001/management - url = URI.parse("#{ENV['MANAGEMENT_HOST']}/api/permission_sets/#{document.id}/#{current_user.netid}") + url = URI.parse("#{ENV['MANAGEMENT_HOST']}/api/permission_sets/#{document.id}/#{current_user.uid}") response = Net::HTTP.get_response(url, { 'Authorization' => "Bearer #{ENV['OWP_AUTH_TOKEN']}" }) JSON.parse(response.body) end From 2625f84521ae2284bac64ff7cad068a19dce08f5 Mon Sep 17 00:00:00 2001 From: K8Sewell Date: Wed, 4 Sep 2024 18:49:00 -0500 Subject: [PATCH 05/12] Add contexts for non yale users --- spec/requests/annotation_request_spec.rb | 207 ++++++++++++++++++----- spec/requests/iiif_request_spec.rb | 32 +++- spec/requests/manifests_request_spec.rb | 40 ++++- spec/requests/pdfs_request_spec.rb | 176 ++++++++++++++++--- 4 files changed, 376 insertions(+), 79 deletions(-) diff --git a/spec/requests/annotation_request_spec.rb b/spec/requests/annotation_request_spec.rb index 5bd128d9..f1e0acb9 100644 --- a/spec/requests/annotation_request_spec.rb +++ b/spec/requests/annotation_request_spec.rb @@ -4,7 +4,8 @@ # WebMock.allow_net_connect! RSpec.describe 'AnnotationsController', type: :request, clean: true, js: true do - let(:user) { FactoryBot.create(:user, netid: "net_id") } + let(:yale_user) { FactoryBot.create(:user, netid: "net_id") } + let(:non_yale_user) { FactoryBot.create(:user) } let(:public_work) do { "id": "2034600", @@ -94,59 +95,177 @@ end end - describe 'GET /annotation/ .. /fulltext while on campus' do - before do - allow(User).to receive(:on_campus?).and_return(true) - end - it 'returns a full text annotation' do - get '/annotation/oid/2034600/canvas/998833/fulltext' - expect(response).to have_http_status(:success) - expect(response.body).to include("This is the full text public") + describe 'GET /annotation/ .. /fulltext not logged in' do + context 'while on campus' do + before do + allow(User).to receive(:on_campus?).and_return(true) + end + it 'returns a full text annotation' do + get '/annotation/oid/2034600/canvas/998833/fulltext' + expect(response).to have_http_status(:success) + expect(response.body).to include("This is the full text public") + end + it 'returns a full text annotation on yale only' do + get '/annotation/oid/1618909/canvas/998834/fulltext' + expect(response).to have_http_status(:success) + expect(response.body).to include("This is the full text Yale only") + end + it 'returns 401 for a full text annotation on Open with Permission parent' do + get '/annotation/oid/1618909/canvas/9988344/fulltext' + expect(response).to have_http_status(:unauthorized) + end + it 'returns 401 for a full text annotation because of mismatch parent' do + get '/annotation/oid/2034600/canvas/998834/fulltext' + expect(response).to have_http_status(:unauthorized) + end + it 'returns 401 for a full text annotation unknown visibility' do + get '/annotation/oid/1618904/canvas/998835/fulltext' + expect(response).to have_http_status(:unauthorized) + end end - it 'returns a full text annotation on yale only' do - get '/annotation/oid/1618909/canvas/998834/fulltext' - expect(response).to have_http_status(:success) - expect(response.body).to include("This is the full text Yale only") - end - it 'returns 401 for a full text annotation on Open with Permission parent' do - get '/annotation/oid/1618909/canvas/9988344/fulltext' - expect(response).to have_http_status(:unauthorized) - end - it 'returns 401 for a full text annotation because of mismatch parent' do - get '/annotation/oid/2034600/canvas/998834/fulltext' - expect(response).to have_http_status(:unauthorized) - end - it 'returns 401 for a full text annotation unknown visibility' do - get '/annotation/oid/1618904/canvas/998835/fulltext' - expect(response).to have_http_status(:unauthorized) + context 'while not on campus' do + before do + allow(User).to receive(:on_campus?).and_return(false) + end + it 'returns a full text annotation' do + get '/annotation/oid/2034600/canvas/998833/fulltext' + expect(response).to have_http_status(:success) + expect(response.body).to include("This is the full text public") + end + it 'returns a full text annotation on yale only' do + get '/annotation/oid/1618909/canvas/998834/fulltext' + expect(response).to have_http_status(:unauthorized) + end + it 'returns 401 for a full text annotation on Open with Permission parent' do + get '/annotation/oid/1618909/canvas/9988344/fulltext' + expect(response).to have_http_status(:unauthorized) + end + it 'returns 401 for a full text annotation because of mismatch parent' do + get '/annotation/oid/2034600/canvas/998834/fulltext' + expect(response).to have_http_status(:unauthorized) + end + it 'returns 401 for a full text annotation unknown visibility' do + get '/annotation/oid/1618904/canvas/998835/fulltext' + expect(response).to have_http_status(:unauthorized) + end end end - describe 'GET /annotation/ .. /fulltext while logged in' do + describe 'GET /annotation/ .. /fulltext while logged in as yale user' do before do - sign_in user + sign_in yale_user end - it 'returns a full text annotation' do - get '/annotation/oid/2034600/canvas/998833/fulltext' - expect(response).to have_http_status(:success) - expect(response.body).to include("This is the full text public") + context 'while on campus' do + before do + allow(User).to receive(:on_campus?).and_return(true) + end + it 'returns a full text annotation' do + get '/annotation/oid/2034600/canvas/998833/fulltext' + expect(response).to have_http_status(:success) + expect(response.body).to include("This is the full text public") + end + it 'returns a full text annotation on yale only' do + get '/annotation/oid/1618909/canvas/998834/fulltext' + expect(response).to have_http_status(:success) + expect(response.body).to include("This is the full text Yale only") + end + it 'returns 401 for a full text annotation on Open with Permission parent' do + get '/annotation/oid/1618909/canvas/9988344/fulltext' + expect(response).to have_http_status(:unauthorized) + end + it 'returns 401 for a full text annotation because of mismatch parent' do + get '/annotation/oid/2034600/canvas/998834/fulltext' + expect(response).to have_http_status(:unauthorized) + end + it 'returns 401 for a full text annotation unknown visibility' do + get '/annotation/oid/1618904/canvas/998835/fulltext' + expect(response).to have_http_status(:unauthorized) + end end - it 'returns a full text annotation on yale only' do - get '/annotation/oid/1618909/canvas/998834/fulltext' - expect(response).to have_http_status(:success) - expect(response.body).to include("This is the full text Yale only") + context 'while not on campus' do + before do + allow(User).to receive(:on_campus?).and_return(false) + end + it 'returns a full text annotation' do + get '/annotation/oid/2034600/canvas/998833/fulltext' + expect(response).to have_http_status(:success) + expect(response.body).to include("This is the full text public") + end + it 'returns a full text annotation on yale only' do + get '/annotation/oid/1618909/canvas/998834/fulltext' + expect(response).to have_http_status(:success) + expect(response.body).to include("This is the full text Yale only") + end + it 'returns 401 for a full text annotation on Open with Permission parent' do + get '/annotation/oid/1618909/canvas/9988344/fulltext' + expect(response).to have_http_status(:unauthorized) + end + it 'returns 401 for a full text annotation because of mismatch parent' do + get '/annotation/oid/2034600/canvas/998834/fulltext' + expect(response).to have_http_status(:unauthorized) + end + it 'returns 401 for a full text annotation unknown visibility' do + get '/annotation/oid/1618904/canvas/998835/fulltext' + expect(response).to have_http_status(:unauthorized) + end end - it 'returns 401 for a full text annotation on Open with Permission parent' do - get '/annotation/oid/1618909/canvas/9988344/fulltext' - expect(response).to have_http_status(:unauthorized) + end + describe 'GET /annotation/ .. /fulltext while logged in as non yale user' do + before do + sign_in non_yale_user end - it 'returns 401 for a full text annotation because of mismatch parent' do - get '/annotation/oid/2034600/canvas/998834/fulltext' - expect(response).to have_http_status(:unauthorized) + context 'while on campus' do + before do + allow(User).to receive(:on_campus?).and_return(true) + end + it 'returns a full text annotation' do + get '/annotation/oid/2034600/canvas/998833/fulltext' + expect(response).to have_http_status(:success) + expect(response.body).to include("This is the full text public") + end + it 'returns a full text annotation on yale only' do + get '/annotation/oid/1618909/canvas/998834/fulltext' + expect(response).to have_http_status(:success) + expect(response.body).to include("This is the full text Yale only") + end + it 'returns 401 for a full text annotation on Open with Permission parent' do + get '/annotation/oid/1618909/canvas/9988344/fulltext' + expect(response).to have_http_status(:unauthorized) + end + it 'returns 401 for a full text annotation because of mismatch parent' do + get '/annotation/oid/2034600/canvas/998834/fulltext' + expect(response).to have_http_status(:unauthorized) + end + it 'returns 401 for a full text annotation unknown visibility' do + get '/annotation/oid/1618904/canvas/998835/fulltext' + expect(response).to have_http_status(:unauthorized) + end end - it 'returns 401 for a full text annotation unknown visibility' do - get '/annotation/oid/1618904/canvas/998835/fulltext' - expect(response).to have_http_status(:unauthorized) + context 'while not on campus' do + before do + allow(User).to receive(:on_campus?).and_return(false) + end + it 'returns a full text annotation' do + get '/annotation/oid/2034600/canvas/998833/fulltext' + expect(response).to have_http_status(:success) + expect(response.body).to include("This is the full text public") + end + it 'returns 401 for a full text annotation on yale only' do + get '/annotation/oid/1618909/canvas/998834/fulltext' + expect(response).to have_http_status(:unauthorized) + end + it 'returns 401 for a full text annotation on Open with Permission parent' do + get '/annotation/oid/1618909/canvas/9988344/fulltext' + expect(response).to have_http_status(:unauthorized) + end + it 'returns 401 for a full text annotation because of mismatch parent' do + get '/annotation/oid/2034600/canvas/998834/fulltext' + expect(response).to have_http_status(:unauthorized) + end + it 'returns 401 for a full text annotation unknown visibility' do + get '/annotation/oid/1618904/canvas/998835/fulltext' + expect(response).to have_http_status(:unauthorized) + end end end end diff --git a/spec/requests/iiif_request_spec.rb b/spec/requests/iiif_request_spec.rb index 14529003..600b5ab7 100644 --- a/spec/requests/iiif_request_spec.rb +++ b/spec/requests/iiif_request_spec.rb @@ -4,7 +4,8 @@ RSpec.describe "Iiifs", type: :request do let(:thumbnail_size) { "!1200,630" } - let(:user) { FactoryBot.create(:user, netid: "net_id") } + let(:yale_user) { FactoryBot.create(:user, netid: "net_id") } + let(:non_yale_user) { FactoryBot.create(:user) } let(:public_work) { WORK_WITH_PUBLIC_VISIBILITY.merge({ "child_oids_ssim": ["5555555"] }) } let(:yale_work) do { @@ -68,9 +69,9 @@ end end - context 'as an authenticated user' do + context 'as an authenticated yale user' do before do - sign_in user + sign_in yale_user end it 'display if set to public' do get "/check-iiif", headers: { 'X-Origin-URI' => "/iiif/2/5555555/full/#{thumbnail_size}/0/default.jpg" } @@ -78,7 +79,7 @@ expect(response).to have_http_status(:success) end - it 'do not display if set to yale only' do + it 'display if set to yale only' do get "/check-iiif", headers: { 'X-Origin-URI' => "/iiif/2/1111111/full/#{thumbnail_size}/0/default.jpg" } expect(response).to have_http_status(:success) @@ -90,4 +91,27 @@ expect(response).to have_http_status(:unauthorized) end end + + context 'as an authenticated non yale user' do + before do + sign_in non_yale_user + end + it 'display if set to public' do + get "/check-iiif", headers: { 'X-Origin-URI' => "/iiif/2/5555555/full/#{thumbnail_size}/0/default.jpg" } + + expect(response).to have_http_status(:success) + end + + it 'do not display if set to yale only' do + get "/check-iiif", headers: { 'X-Origin-URI' => "/iiif/2/1111111/full/#{thumbnail_size}/0/default.jpg" } + + expect(response).to have_http_status(:unauthorized) + end + + it 'returns an unauthorized response if there is no visibility key' do + get "/check-iiif", headers: { 'X-Origin-URI' => "/iiif/2/2222222/full/#{thumbnail_size}/0/default.jpg" } + + expect(response).to have_http_status(:unauthorized) + end + end end diff --git a/spec/requests/manifests_request_spec.rb b/spec/requests/manifests_request_spec.rb index 3153e08c..739c7a5b 100644 --- a/spec/requests/manifests_request_spec.rb +++ b/spec/requests/manifests_request_spec.rb @@ -3,7 +3,8 @@ # WebMock.allow_net_connect! RSpec.describe 'Manifests', type: :request, clean: true do - let(:user) { FactoryBot.create(:user, netid: "net_id") } + let(:yale_user) { FactoryBot.create(:user, netid: "net_id") } + let(:non_yale_user) { FactoryBot.create(:user) } let(:public_work) { WORK_WITH_PUBLIC_VISIBILITY } let(:redirected_work) { WORK_REDIRECTED } let(:yale_work) do @@ -81,9 +82,42 @@ end end - context 'as an authenticated user' do + context 'as an authenticated non yale user' do before do - sign_in user + sign_in non_yale_user + end + + it 'display if set to public' do + get '/manifests/2055095' + manifest = JSON.parse(response.body) + + expect(manifest['visibility_ssi']).to eq('Public') + expect(manifest['title_tesim'][0]).to eq('A General dictionary of the English language') + end + + it 'returns a 401 if set to yale only' do + get '/manifests/1618909' + manifest = JSON.parse(response.body) + + expect(manifest['error']).to eq('unauthorized') + end + + it 'returns a 401 if there is no visibility key' do + get '/manifests/1234567' + manifest = JSON.parse(response.body) + + expect(manifest['error']).to eq('unauthorized') + end + + it 'returns a 404 if redirected' do + get '/manifests/16685691' + expect(response.body).to include "the item you've requested does not appear to exist" + end + end + + context 'as an authenticated yale user' do + before do + sign_in yale_user end it 'display if set to public' do diff --git a/spec/requests/pdfs_request_spec.rb b/spec/requests/pdfs_request_spec.rb index 2c0ec0fe..cb486010 100644 --- a/spec/requests/pdfs_request_spec.rb +++ b/spec/requests/pdfs_request_spec.rb @@ -4,6 +4,8 @@ # WebMock.allow_net_connect! RSpec.describe 'PdfController', type: :request do + let(:yale_user) { FactoryBot.create(:user, netid: 'netid', sub: '7bd425ee-1093-40cd-ba0c-5a2355e37d6e', uid: 'sun345') } + let(:non_yale_user) { FactoryBot.create(:user, sub: '7bd425ee-1093-40cd-ba0c-5a2355e37d6f', uid: 'moon678') } let(:public_work) do { "id": "2034600", @@ -25,6 +27,13 @@ "visibility_ssi": "Yale Community Only" } end + let(:owp_work) do + { + "id": "1818909", + "title_tesim": ["[Map of Australia]. [owp-only copy]"], + "visibility_ssi": "Open with Permission" + } + end let(:no_visibility_work) do { "id": "1234567", @@ -39,51 +48,162 @@ .to_return(status: 200, body: File.open(File.join('spec', 'fixtures', '2034600.pdf')).read) stub_request(:get, 'https://yul-test-samples.s3.amazonaws.com/pdfs/09/16/18/90/1618909.pdf') .to_return(status: 200, body: File.open(File.join('spec', 'fixtures', '2034600.pdf')).read) + stub_request(:get, 'https://yul-test-samples.s3.amazonaws.com/pdfs/09/18/18/90/1818909.pdf') + .to_return(status: 200, body: File.open(File.join('spec', 'fixtures', '2034600.pdf')).read) + stub_request(:get, 'http://www.example.com/management/api/permission_sets/7bd425ee-1093-40cd-ba0c-5a2355e37d6e') + .to_return(status: 200, body: '{ + "timestamp":"2023-11-02", + "user":{"sub":"7bd425ee-1093-40cd-ba0c-5a2355e37d6e"}, + "permission_set_terms_agreed":[], + "permissions":[]}') + stub_request(:get, "http://www.example.com/management/api/permission_sets/1818909/sun345") + .to_return(status: 200, body: '{ "is_admin_or_approver?": "false" }') + stub_request(:get, "http://www.example.com/management/api/permission_sets/1818909/moon678") + .to_return(status: 200, body: '{ "is_admin_or_approver?": "false" }') + stub_request(:get, 'http://www.example.com/management/api/permission_sets/7bd425ee-1093-40cd-ba0c-5a2355e37d6f') + .to_return(status: 200, body: '{ + "timestamp":"2023-11-02", + "user":{"sub":"7bd425ee-1093-40cd-ba0c-5a2355e37d6f"}, + "permission_set_terms_agreed":[], + "permissions":[]}') + solr = Blacklight.default_index.connection - solr.add([public_work, yale_work, no_visibility_work, pubic_work_with_no_pdf, redirected_work]) + solr.add([public_work, yale_work, owp_work, no_visibility_work, pubic_work_with_no_pdf, redirected_work]) solr.commit allow(S3Service).to receive(:etag).and_return("TEST") allow(User).to receive(:on_campus?).and_return(false) end around do |example| + original_management_url = ENV['MANAGEMENT_HOST'] + original_token = ENV['OWP_AUTH_TOKEN'] original_sample_bucket = ENV['S3_SOURCE_BUCKET_NAME'] + ENV['MANAGEMENT_HOST'] = 'http://www.example.com/management' + ENV['OWP_AUTH_TOKEN'] = 'valid' ENV['S3_SOURCE_BUCKET_NAME'] = 'yul-test-samples' example.run + ENV['MANAGEMENT_HOST'] = original_management_url + ENV['OWP_AUTH_TOKEN'] = original_token ENV['S3_SOURCE_BUCKET_NAME'] = original_sample_bucket end describe 'GET /show' do - it 'returns a pdf document of the oid with public access' do - get '/pdfs/2034600.pdf' - expect(response).to have_http_status(:success) - expect(response.content_type).to eq 'application/pdf' - expect(response.body).to include 'PDF-1.4' - expect(response.headers['X-Robots-Tag']).to be('noindex') + context 'with unauthenticated user' do + context 'while not on campus' do + it 'returns a pdf document of the oid with public access' do + get '/pdfs/2034600.pdf' + expect(response).to have_http_status(:success) + expect(response.content_type).to eq 'application/pdf' + expect(response.body).to include 'PDF-1.4' + expect(response.headers['X-Robots-Tag']).to be('noindex') + end + it 'returns unauthorized for oid with no visibility' do + get '/pdfs/1234567.pdf' + expect(response).to have_http_status(:unauthorized) + end + it 'returns unauthorized for oid with Yale Only' do + get '/pdfs/1618909.pdf' + expect(response).to have_http_status(:unauthorized) + end + it 'returns unauthorized for oid with Open with Permission' do + get '/pdfs/1818909.pdf' + expect(response).to have_http_status(:unauthorized) + end + it 'returns not found for oid with Redirect' do + get '/pdfs/16685691.pdf' + expect(response).to have_http_status(:not_found) + end + end + context 'while on campus' do + before do + allow(User).to receive(:on_campus?).and_return(true) + end + it 'returns a pdf document of the oid with public access' do + get '/pdfs/2034600.pdf' + expect(response).to have_http_status(:success) + expect(response.content_type).to eq 'application/pdf' + expect(response.body).to include 'PDF-1.4' + expect(response.headers['X-Robots-Tag']).to be('noindex') + end + it 'returns unauthorized for oid with no visibility' do + get '/pdfs/1234567.pdf' + expect(response).to have_http_status(:unauthorized) + end + it 'returns pdf for oid with Yale Only' do + get '/pdfs/1618909.pdf' + expect(response).to have_http_status(:success) + expect(response.content_type).to eq 'application/pdf' + expect(response.body).to include 'PDF-1.4' + end + it 'returns unauthorized for oid with Open with Permission' do + get '/pdfs/1818909.pdf' + expect(response).to have_http_status(:unauthorized) + end + it 'returns not found for oid with Redirect' do + get '/pdfs/16685691.pdf' + expect(response).to have_http_status(:not_found) + end + end end - it 'returns not found for oid with no visibility' do - get '/pdfs/1234567.pdf' - expect(response).to have_http_status(:unauthorized) - end - it 'returns unauthorized for oid with Yale Only' do - get '/pdfs/1618909.pdf' - expect(response).to have_http_status(:unauthorized) - end - it 'returns not found for oid with Redirect' do - get '/pdfs/16685691.pdf' - expect(response).to have_http_status(:not_found) - end - end - describe 'GET /show while on campus' do - before do - allow(User).to receive(:on_campus?).and_return(true) + context 'with authenticated yale user' do + before do + sign_in yale_user + end + it 'returns a pdf document of the oid with public access' do + get '/pdfs/2034600.pdf' + expect(response).to have_http_status(:success) + expect(response.content_type).to eq 'application/pdf' + expect(response.body).to include 'PDF-1.4' + expect(response.headers['X-Robots-Tag']).to be('noindex') + end + it 'returns not found for oid with no visibility' do + get '/pdfs/1234567.pdf' + expect(response).to have_http_status(:unauthorized) + end + it 'returns pdf for oid with Yale Only' do + get '/pdfs/1618909.pdf' + expect(response).to have_http_status(:success) + expect(response.content_type).to eq 'application/pdf' + expect(response.body).to include 'PDF-1.4' + end + it 'returns unauthorized for oid with Open with Permission' do + get '/pdfs/1818909.pdf' + expect(response).to have_http_status(:unauthorized) + end + it 'returns not found for oid with Redirect' do + get '/pdfs/16685691.pdf' + expect(response).to have_http_status(:not_found) + end end - it 'returns pdf for oid with Yale Only' do - get '/pdfs/1618909.pdf' - expect(response).to have_http_status(:success) - expect(response.content_type).to eq 'application/pdf' - expect(response.body).to include 'PDF-1.4' + + context 'with authenticated non yale user' do + before do + sign_in non_yale_user + end + it 'returns a pdf document of the oid with public access' do + get '/pdfs/2034600.pdf' + expect(response).to have_http_status(:success) + expect(response.content_type).to eq 'application/pdf' + expect(response.body).to include 'PDF-1.4' + expect(response.headers['X-Robots-Tag']).to be('noindex') + end + it 'returns not found for oid with no visibility' do + get '/pdfs/1234567.pdf' + expect(response).to have_http_status(:unauthorized) + end + it 'returns unauthorized for oid with Yale Only' do + get '/pdfs/1618909.pdf' + expect(response).to have_http_status(:unauthorized) + end + it 'returns unauthorized for oid with Open with Permission' do + get '/pdfs/1818909.pdf' + expect(response).to have_http_status(:unauthorized) + end + it 'returns not found for oid with Redirect' do + get '/pdfs/16685691.pdf' + expect(response).to have_http_status(:not_found) + end end end end From e15bba489912019f668f91e5d3afcffa4654d8c7 Mon Sep 17 00:00:00 2001 From: K8Sewell Date: Wed, 4 Sep 2024 23:23:15 -0500 Subject: [PATCH 06/12] Add owp tests --- spec/requests/download_original_spec.rb | 134 +++++++++++++++++++++++- 1 file changed, 130 insertions(+), 4 deletions(-) diff --git a/spec/requests/download_original_spec.rb b/spec/requests/download_original_spec.rb index b0aa040c..e03bb1b5 100644 --- a/spec/requests/download_original_spec.rb +++ b/spec/requests/download_original_spec.rb @@ -3,8 +3,8 @@ RSpec.describe "Download Original", type: :request, clean: true do let(:imgtiff) { 'image/tiff' } - let(:yale_user) { FactoryBot.create(:user, netid: "net_id") } - let(:non_yale_user) { FactoryBot.create(:user) } + let(:yale_user) { FactoryBot.create(:user, netid: 'net_id', sub: '7bd425ee-1093-40cd-ba0c-5a2355e37d6e', uid: 'sun345') } + let(:non_yale_user) { FactoryBot.create(:user, sub: '7bd425ee-1093-40cd-ba0c-5a2355e37d6f', uid: 'moon678') } let(:public_work) { WORK_WITH_PUBLIC_VISIBILITY.merge({ "child_oids_ssim": ["5555555"] }) } let(:yale_work) do { @@ -14,6 +14,22 @@ "child_oids_ssim": ["11111"] } end + let(:owp_work_without_permission) do + { + "id": "1818909", + "title_tesim": ["[Map of Australia]. [owp-only copy]"], + "visibility_ssi": "Open with Permission", + "child_oids_ssim": ["44444"] + } + end + let(:owp_work_with_permission) do + { + "id": "1918909", + "title_tesim": ["Fictional Work"], + "visibility_ssi": "Open with Permission", + "child_oids_ssim": ["66666"] + } + end let(:private_work) do { "id": "1234567", @@ -30,6 +46,14 @@ "child_oids_ssim": ["3333333"] } end + let(:not_available_yet_owp) do + { + "id": "2345678999", + "title_tesim": ["Fiction Work"], + "visibility_ssi": "Open with Permission", + "child_oids_ssim": ["77777"] + } + end around do |example| original_download_bucket = ENV['S3_DOWNLOAD_BUCKET_NAME'] @@ -56,6 +80,16 @@ .to_return(status: 404) stub_request(:head, 'https://yul-test-samples.s3.amazonaws.com/download/tiff/33/33/33/33/3333333.tif') .to_return(status: 404) + stub_request(:head, 'https://yul-test-samples.s3.amazonaws.com/download/tiff/44/44/44/44444.tif') + .to_return(status: 200, body: '') + stub_request(:get, 'https://yul-test-samples.s3.amazonaws.com/download/tiff/66/66/66/66666.tif') + .to_return(status: 200, body: '') + stub_request(:head, 'https://yul-test-samples.s3.amazonaws.com/download/tiff/66/66/66/66666.tif') + .to_return(status: 200, body: '') + stub_request(:get, 'https://yul-test-samples.s3.amazonaws.com/download/tiff/77/77/77/77777.tif') + .to_return(status: 404) + stub_request(:head, 'https://yul-test-samples.s3.amazonaws.com/download/tiff/77/77/77/77777.tif') + .to_return(status: 404) stub_request(:get, "http://www.example.com/management/api/download/stage/child/3333333") .with( headers: { @@ -65,8 +99,67 @@ } ) .to_return(status: 200, body: '', headers: {}) + stub_request(:get, "http://www.example.com/management/api/download/stage/child/77777") + .with( + headers: { + 'Accept' => '*/*', + 'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', + 'User-Agent' => 'Ruby' + } + ) + .to_return(status: 200, body: '', headers: {}) + stub_request(:get, 'http://www.example.com/management/api/permission_sets/7bd425ee-1093-40cd-ba0c-5a2355e37d6e') + .to_return(status: 200, body: '{ + "timestamp":"2023-11-02", + "user":{"sub":"7bd425ee-1093-40cd-ba0c-5a2355e37d6e"}, + "permission_set_terms_agreed":[1], + "permissions":[{ + "oid":1918909, + "permission_set":1, + "permission_set_terms":1, + "request_status":"Approved", + "request_date":"2023-11-02T20:23:18.824Z", + "access_until":"2034-11-02T20:23:18.824Z", + "user_note": "permission.user_note", + "user_full_name": "request_user.name"}]}') + stub_request(:get, "http://www.example.com/management/api/permission_sets/1818909/sun345") + .to_return(status: 200, body: '{ "is_admin_or_approver?": "false" }') + stub_request(:get, "http://www.example.com/management/api/permission_sets/1918909/sun345") + .to_return(status: 200, body: '{ "is_admin_or_approver?": "false" }') + stub_request(:get, "http://www.example.com/management/api/permission_sets/2345678999/sun345") + .to_return(status: 200, body: '{ "is_admin_or_approver?": "false" }') + stub_request(:get, 'http://www.example.com/management/api/permission_sets/7bd425ee-1093-40cd-ba0c-5a2355e37d6f') + .to_return(status: 200, body: '{ + "timestamp":"2023-11-02", + "user":{"sub":"7bd425ee-1093-40cd-ba0c-5a2355e37d6f"}, + "permission_set_terms_agreed":[1], + "permissions":[{ + "oid":1918909, + "permission_set":1, + "permission_set_terms":1, + "request_status":"Approved", + "request_date":"2023-11-02T20:23:18.824Z", + "access_until":"2034-11-02T20:23:18.824Z", + "user_note": "permission.user_note", + "user_full_name": "request_user.name"}, + { + "oid":2345678999, + "permission_set":1, + "permission_set_terms":1, + "request_status":"Approved", + "request_date":"2023-11-02T20:23:18.824Z", + "access_until":"2034-11-02T20:23:18.824Z", + "user_note": "permission.user_note", + "user_full_name": "request_user.name"} + ]}') + stub_request(:get, "http://www.example.com/management/api/permission_sets/1818909/moon678") + .to_return(status: 200, body: '{ "is_admin_or_approver?": "false" }') + stub_request(:get, "http://www.example.com/management/api/permission_sets/1918909/moon678") + .to_return(status: 200, body: '{ "is_admin_or_approver?": "false" }') + stub_request(:get, "http://www.example.com/management/api/permission_sets/2345678999/moon678") + .to_return(status: 200, body: '{ "is_admin_or_approver?": "false" }') solr = Blacklight.default_index.connection - solr.add([public_work, yale_work, private_work, not_available_yet]) + solr.add([public_work, yale_work, owp_work_with_permission, owp_work_without_permission, private_work, not_available_yet, not_available_yet_owp]) solr.commit allow(User).to receive(:on_campus?).and_return(false) end @@ -81,6 +174,10 @@ get "/download/tiff/#{yale_work[:child_oids_ssim].first}" expect(response).to have_http_status(:unauthorized) # 401 end + it 'does not display if set to OWP' do + get "/download/tiff/#{owp_work_without_permission[:child_oids_ssim].first}" + expect(response).to have_http_status(:unauthorized) # 401 + end it 'does not display if set to private' do get "/download/tiff/#{private_work[:child_oids_ssim].first}" expect(response).to have_http_status(:not_found) # 404 @@ -102,17 +199,30 @@ expect(response).to have_http_status(:success) # 200 expect(response.content_type).to eq imgtiff end + it 'display if set to OWP with permission' do + get "/download/tiff/#{owp_work_with_permission[:child_oids_ssim].first}" + expect(response).to have_http_status(:success) # 200 + expect(response.content_type).to eq imgtiff + end + it 'does not display if set to OWP without permission' do + get "/download/tiff/#{owp_work_without_permission[:child_oids_ssim].first}" + expect(response).to have_http_status(:unauthorized) # 401 + end it 'does not display if set to private' do get "/download/tiff/#{private_work[:child_oids_ssim].first}" expect(response).to have_http_status(:not_found) # 404 end end context 'when file is not present on S3' do - it 'presents user with try again message' do + it 'stages tiff for download when user has viewing access' do get "/download/tiff/#{not_available_yet[:child_oids_ssim].first}" expect(response).to have_http_status(:see_other) # 303 expect(response.redirect_url).to eq 'http://www.example.com/download/tiff/3333333/staged' end + it 'does not stage tiff for download when user does not have viewing access' do + get "/download/tiff/#{not_available_yet_owp[:child_oids_ssim].first}" + expect(response).to have_http_status(:unauthorized) # 401 + end end context 'when child object does not exist' do it 'presents user with not found message' do @@ -136,10 +246,26 @@ get "/download/tiff/#{yale_work[:child_oids_ssim].first}" expect(response).to have_http_status(:unauthorized) # 401 end + it 'display if set to OWP with permission' do + get "/download/tiff/#{owp_work_with_permission[:child_oids_ssim].first}" + expect(response).to have_http_status(:success) # 200 + expect(response.content_type).to eq imgtiff + end + it 'does not display if set to OWP without permission' do + get "/download/tiff/#{owp_work_without_permission[:child_oids_ssim].first}" + expect(response).to have_http_status(:unauthorized) # 401 + end it 'does not display if set to private' do get "/download/tiff/#{private_work[:child_oids_ssim].first}" expect(response).to have_http_status(:not_found) # 404 end end + context 'when file is not present on S3' do + it 'stages tiff for download' do + get "/download/tiff/#{not_available_yet_owp[:child_oids_ssim].first}" + expect(response).to have_http_status(:see_other) # 303 + expect(response.redirect_url).to eq 'http://www.example.com/download/tiff/77777/staged' + end + end end end From 5687c0b0ec0ee3a99c42f63013a1281a056bb4cb Mon Sep 17 00:00:00 2001 From: K8Sewell Date: Wed, 4 Sep 2024 23:23:40 -0500 Subject: [PATCH 07/12] Use uid not netid --- .../owp_object_show_page_request_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/requests/open_with_permission/owp_object_show_page_request_spec.rb b/spec/requests/open_with_permission/owp_object_show_page_request_spec.rb index df25032a..1db64226 100644 --- a/spec/requests/open_with_permission/owp_object_show_page_request_spec.rb +++ b/spec/requests/open_with_permission/owp_object_show_page_request_spec.rb @@ -86,17 +86,17 @@ } ]}', headers: valid_header) - stub_request(:get, "http://www.example.com/management/api/permission_sets/1618909/#{user.netid}") + stub_request(:get, "http://www.example.com/management/api/permission_sets/1618909/#{user.uid}") .to_return(status: 200, body: '{ "is_admin_or_approver?":"true" }', headers: valid_header) - stub_request(:get, "http://www.example.com/management/api/permission_sets/1618909/#{admin_approver_user.netid}") + stub_request(:get, "http://www.example.com/management/api/permission_sets/1618909/#{admin_approver_user.uid}") .to_return(status: 200, body: '{ "is_admin_or_approver?":"true" }', headers: valid_header) - stub_request(:get, "http://www.example.com/management/api/permission_sets/1718909/#{non_approved_user.netid}") + stub_request(:get, "http://www.example.com/management/api/permission_sets/1718909/#{non_approved_user.uid}") .to_return(status: 200, body: '{ "is_admin_or_approver?":"false" }', From 5cbb56eb56207351ab3724d635af64ecd4d31e88 Mon Sep 17 00:00:00 2001 From: K8Sewell Date: Wed, 4 Sep 2024 23:30:51 -0500 Subject: [PATCH 08/12] Remove comment --- .../system/open_with_permission/user_requests_table_page_spec.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/spec/system/open_with_permission/user_requests_table_page_spec.rb b/spec/system/open_with_permission/user_requests_table_page_spec.rb index 710bf47d..8fc22946 100644 --- a/spec/system/open_with_permission/user_requests_table_page_spec.rb +++ b/spec/system/open_with_permission/user_requests_table_page_spec.rb @@ -272,7 +272,6 @@ context 'as a NOT authenticated user on the requests page' do it 'will redirect to homepage' do - # logout user visit '/permission_requests' expect(page.current_url).to eq ENV['BLACKLIGHT_HOST'] end From b70852236edd204614006d3cbc4ebd5bb40648a2 Mon Sep 17 00:00:00 2001 From: K8Sewell Date: Thu, 5 Sep 2024 00:04:05 -0500 Subject: [PATCH 09/12] Add tests for terms and conditions --- ...create_permission_requests_request_spec.rb | 39 ++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/spec/requests/open_with_permission/create_permission_requests_request_spec.rb b/spec/requests/open_with_permission/create_permission_requests_request_spec.rb index 078706b5..94f0e0bd 100644 --- a/spec/requests/open_with_permission/create_permission_requests_request_spec.rb +++ b/spec/requests/open_with_permission/create_permission_requests_request_spec.rb @@ -99,6 +99,10 @@ context 'with an authenticated yale user' do before do sign_in yale_user + stub_request(:post, 'http://www.example.com/management/agreement_term') + .with(body: { "oid" => "1718909", "permission_set_terms_id" => "1", "user_email" => "not_real@example.com", "user_full_name" => "new", "user_netid" => "net_id", + "user_sub" => "7bd425ee-1093-40cd-ba0c-5a2355e37d6e" }, headers: valid_header) + .to_return(status: 200) stub_request(:post, 'http://www.example.com/management/api/permission_requests') .with(body: { "oid" => "1718909", @@ -111,6 +115,18 @@ headers: valid_header) .to_return(status: 201, body: '{ "title": "New request created"}', headers: valid_header) end + it 'can accept terms and redirect to request form' do + post '/catalog/1718909/terms_and_conditions', params: { + 'oid': '1718909', + 'user_email': yale_user.email, + 'user_netid': yale_user.netid, + 'user_sub': yale_user.sub, + 'user_full_name': "new", + 'permission_set_terms_id': 1 + }, headers: valid_header + expect(response).to have_http_status(:redirect) + expect(response.redirect_url).to eq('http://www.example.com/catalog/1718909/request_form') + end it 'will create a new permission request and redirect to the confirmation page' do post '/catalog/1718909/request_form', params: { 'oid': '1718909', @@ -127,6 +143,10 @@ context 'with an authenticated non yale user' do before do sign_in non_yale_user + stub_request(:post, 'http://www.example.com/management/agreement_term') + .with(body: { "oid" => "1718909", "permission_set_terms_id" => "1", "user_email" => "not_real_either@example.com", "user_full_name" => "new", "user_netid" => nil, + "user_sub" => "7bd425ee-1093-40cd-ba0c-5a2355e37d6f" }, headers: valid_header) + .to_return(status: 200) stub_request(:post, 'http://www.example.com/management/api/permission_requests') .with(body: { "oid" => "1718909", @@ -139,6 +159,18 @@ headers: valid_header) .to_return(status: 201, body: '{ "title": "New request created"}', headers: valid_header) end + it 'can accept terms and redirect to request form' do + post '/catalog/1718909/terms_and_conditions', params: { + 'oid': '1718909', + 'user_email': non_yale_user.email, + 'user_netid': non_yale_user.netid, + 'user_sub': non_yale_user.sub, + 'user_full_name': "new", + 'permission_set_terms_id': 1 + }, headers: valid_header + expect(response).to have_http_status(:redirect) + expect(response.redirect_url).to eq('http://www.example.com/catalog/1718909/request_form') + end it 'will create a new permission request and redirect to the confirmation page' do post '/catalog/1718909/request_form', params: { 'oid': '1718909', @@ -153,7 +185,12 @@ end context 'with a NOT authenticated user' do - it 'will redirect to the show page' do + it 'will not accept terms and will redirect to show page' do + post '/catalog/1718909/terms_and_conditions' + expect(response).to have_http_status(:redirect) + expect(response.redirect_url).to eq('http://www.example.com/catalog/1718909') + end + it 'sending request form will redirect to the show page not confirmation page' do post '/catalog/1718909/request_form', params: { 'oid': '1718909', 'permission_request': { From 1e8f92f1dd510868ea5f2c4d06b3c67d3bd93513 Mon Sep 17 00:00:00 2001 From: K8Sewell Date: Thu, 5 Sep 2024 00:52:51 -0500 Subject: [PATCH 10/12] Switch from netid to uid --- app/helpers/access_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/helpers/access_helper.rb b/app/helpers/access_helper.rb index 6d2088f6..3da93c00 100644 --- a/app/helpers/access_helper.rb +++ b/app/helpers/access_helper.rb @@ -101,7 +101,7 @@ def retrieve_admin_fulltext_credentials(document) return nil if current_user.nil? # #{ENV['MANAGEMENT_HOST']} # for local debugging - http://yul-dc-management-1:3001/management or http://yul-dc_management_1:3001/management - url = URI.parse("#{ENV['MANAGEMENT_HOST']}/api/permission_sets/#{document}/#{current_user.netid}") + url = URI.parse("#{ENV['MANAGEMENT_HOST']}/api/permission_sets/#{document}/#{current_user.uid}") response = Net::HTTP.get_response(url, { 'Authorization' => "Bearer #{ENV['OWP_AUTH_TOKEN']}" }) JSON.parse(response.body) end From 04f997a2aa07434f6cd4f79ee199b9921ede9def Mon Sep 17 00:00:00 2001 From: K8Sewell Date: Thu, 5 Sep 2024 00:53:25 -0500 Subject: [PATCH 11/12] Update tests to use uid not netid --- spec/system/fulltext_search_spec.rb | 8 ++++---- spec/system/show_page_spec.rb | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/spec/system/fulltext_search_spec.rb b/spec/system/fulltext_search_spec.rb index 338bc756..5b56b940 100644 --- a/spec/system/fulltext_search_spec.rb +++ b/spec/system/fulltext_search_spec.rb @@ -3,7 +3,7 @@ require 'rails_helper' RSpec.describe 'Fulltext search', type: :system, clean: true, js: true do - let(:user) { FactoryBot.create(:user) } + let(:user) { FactoryBot.create(:user, netid: "netid") } let(:owp_user_no_access) { FactoryBot.create(:user, netid: "net_id", sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6e", uid: 'some_name', email: 'not_real@example.com') } let(:owp_user_with_access) { FactoryBot.create(:user, netid: "net_id_2", sub: "27bd425ee-1093-40cd-ba0c-5a2355e37d6e2", uid: 'some_other_name', email: 'not_really@example.com') } let(:valid_header) do @@ -101,17 +101,17 @@ "access_until":"2034-11-02T20:23:18.824Z"} ]}', headers: valid_header) - stub_request(:get, "http://www.example.com/management/api/permission_sets/161890909/#{user.netid}") + stub_request(:get, "http://www.example.com/management/api/permission_sets/161890909/#{user.uid}") .to_return(status: 200, body: '{ "is_admin_or_approver?":"false" }', headers: valid_header) - stub_request(:get, "http://www.example.com/management/api/permission_sets/161890909/#{owp_user_with_access.netid}") + stub_request(:get, "http://www.example.com/management/api/permission_sets/161890909/#{owp_user_with_access.uid}") .to_return(status: 200, body: '{ "is_admin_or_approver?":"false" }', headers: valid_header) - stub_request(:get, "http://www.example.com/management/api/permission_sets/161890909/#{owp_user_no_access.netid}") + stub_request(:get, "http://www.example.com/management/api/permission_sets/161890909/#{owp_user_no_access.uid}") .to_return(status: 200, body: '{ "is_admin_or_approver?":"false" }', diff --git a/spec/system/show_page_spec.rb b/spec/system/show_page_spec.rb index 61b572a9..e550e43d 100644 --- a/spec/system/show_page_spec.rb +++ b/spec/system/show_page_spec.rb @@ -3,7 +3,7 @@ RSpec.describe 'Show Page', type: :system, js: true, clean: true do let(:user) { FactoryBot.create(:user) } - let(:management_approver) { FactoryBot.create(:user, netid: 'net_id2', sub: '1234') } + let(:management_approver) { FactoryBot.create(:user, netid: 'net_id2', sub: '1234', uid: 'sun345') } let(:request_user) { FactoryBot.create(:user, netid: "net_id", sub: "7bd425ee-1093-40cd-ba0c-5a2355e37d6e", uid: 'some_name', email: 'not_real@example.com') } let(:thumbnail_size_in_opengraph) { "!1200,630" } let(:thumbnail_size_in_solr) { "!200,200" } @@ -200,17 +200,17 @@ .to_return(status: 200, body: File.open(File.join('spec', 'fixtures', '2041002.json')).read) stub_request(:get, 'http://www.example.com/management/api/permission_sets/123') .to_return(status: 200, body: '{"timestamp":"2023-11-02","user":{"sub":"123"},"permission_set_terms_agreed":[],"permissions":[{"oid":12345,"permission_set":1,"permission_set_terms":1,"request_status":"Approved","request_date":"2023-11-02T20:23:18.824Z","access_until":"2024-11-02T20:23:18.824Z"}]}', headers: valid_header) - stub_request(:get, "http://www.example.com/management/api/permission_sets/12345/#{user.netid}") + stub_request(:get, "http://www.example.com/management/api/permission_sets/12345/#{user.uid}") .to_return(status: 200, body: '{ "is_admin_or_approver?":"false" }', headers: valid_header) - stub_request(:get, "http://www.example.com/management/api/permission_sets/54321/#{user.netid}") + stub_request(:get, "http://www.example.com/management/api/permission_sets/54321/#{user.uid}") .to_return(status: 200, body: '{ "is_admin_or_approver?":"false" }', headers: valid_header) - stub_request(:get, "http://www.example.com/management/api/permission_sets/12345/#{management_approver.netid}") + stub_request(:get, "http://www.example.com/management/api/permission_sets/12345/#{management_approver.uid}") .to_return(status: 200, body: '{ "is_admin_or_approver?":"true" }', @@ -471,7 +471,7 @@ login_as management_approver end # flappy - passes locally and sometimes in CI - xit 'can access the object and view UV and metadata normally without approver_status' do + it 'can access the object and view UV and metadata normally without approved status' do visit 'catalog/12345' expect(page).not_to have_content "The material in this folder is open for research use only with permission. Researchers who wish to gain access or who have received permission to view this item, please log in to your account to request permission or to view the materials in this folder." expect(page).not_to have_content "You are currently logged in to your account. However, you do not have permission to view this folder. If you would like to request permission, please fill out this form." From c4fc385c943b47efc8e334805682ba68fff82bb5 Mon Sep 17 00:00:00 2001 From: K8Sewell Date: Thu, 5 Sep 2024 01:07:20 -0500 Subject: [PATCH 12/12] Undo including flappy spec --- spec/system/show_page_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/system/show_page_spec.rb b/spec/system/show_page_spec.rb index e550e43d..28a7c0e6 100644 --- a/spec/system/show_page_spec.rb +++ b/spec/system/show_page_spec.rb @@ -471,7 +471,7 @@ login_as management_approver end # flappy - passes locally and sometimes in CI - it 'can access the object and view UV and metadata normally without approved status' do + xit 'can access the object and view UV and metadata normally without approved status' do visit 'catalog/12345' expect(page).not_to have_content "The material in this folder is open for research use only with permission. Researchers who wish to gain access or who have received permission to view this item, please log in to your account to request permission or to view the materials in this folder." expect(page).not_to have_content "You are currently logged in to your account. However, you do not have permission to view this folder. If you would like to request permission, please fill out this form."