spec/controllers/groups_controller_spec.rb

# frozen_string_literal: true

#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
#
# See COPYRIGHT and LICENSE files for more details.
#++
require "spec_helper"

RSpec.describe GroupsController do
  let(:group) { create(:group, members: group_members) }
  let(:group_members) { [] }

  before do
    login_as current_user
  end

  context "as admin" do
    shared_let(:admin) { create(:admin) }
    let(:current_user) { admin }

    it "indexes" do
      get :index
      expect(response).to be_successful
      expect(response).to render_template "index"
    end

    it "shows" do
      get :show, params: { id: group.id }
      expect(response).to be_successful
      expect(response).to render_template "show"
    end

    it "shows new" do
      get :new
      expect(response).to be_successful
      expect(response).to render_template "new"
    end

    it "creates" do
      expect do
        post :create, params: { group: { lastname: "New group" } }
      end.to change(Group, :count).by(1)
      expect(response).to redirect_to groups_path
    end

    it "edits" do
      get :edit, params: { id: group.id }

      expect(response).to be_successful
      expect(response).to render_template "edit"
    end

    it "updates" do
      expect do
        put :update, params: { id: group.id, group: { lastname: "new name" } }
      end.to change { group.reload.name }.to("new name")

      expect(response).to redirect_to groups_path
    end

    it "destroys" do
      perform_enqueued_jobs do
        delete :destroy, params: { id: group.id }
      end

      expect { group.reload }.to raise_error ActiveRecord::RecordNotFound

      expect(response).to redirect_to groups_path
    end

    context "with two existing users" do
      let(:user1) { create(:user) }
      let(:user2) { create(:user) }

      it "adds users" do
        post :add_users, params: { id: group.id, user_ids: [user1.id, user2.id] }
        expect(group.reload.users.count).to eq 2
      end
    end

    context "with a group member" do
      let(:user1) { create(:user) }
      let(:user2) { create(:user) }
      let(:group_members) { [user1] }

      it "adds users" do
        post :add_users, params: { id: group.id, user_ids: [user2.id] }
        expect(group.reload.users.count).to eq 2
      end
    end

    context "with a global role membership" do
      render_views

      let!(:member_group) do
        create(:global_member,
               principal: group,
               roles: [create(:global_role)])
      end

      it "displays edit memberships" do
        get :edit, params: { id: group.id, tab: "memberships" }

        expect(response).to be_successful
        expect(response).to render_template "edit"
      end
    end

    context "with project and role" do
      let(:project) { create(:project) }
      let(:role1) { create(:project_role) }
      let(:role2) { create(:project_role) }

      it "creates membership" do
        post :create_memberships,
             params: { id: group.id, membership: { project_id: project.id, role_ids: [role1.id, role2.id] } }

        expect(group.reload.members.count).to eq 1
        expect(group.members.first.roles.count).to eq 2
      end

      context "with an existing membership" do
        let!(:member_group) do
          create(:member,
                 project:,
                 principal: group,
                 roles: [role1])
        end

        it "edits a membership" do
          expect(group.members.count).to eq 1
          expect(group.members.first.roles.count).to eq 1

          put :edit_membership,
              params: {
                id: group.id,
                membership_id: group.members.first.id,
                membership: { project_id: project.id, role_ids: [role1.id, role2.id] }
              }

          group.reload
          expect(group.members.count).to eq 1
          expect(group.members.first.roles.count).to eq 2
        end

        it "can destroy the membership" do
          delete :destroy_membership, params: { id: group.id, membership_id: group.members.first.id }
          expect(group.reload.members.count).to eq 0
        end
      end
    end
  end

  context "as regular user" do
    let(:user) { create(:user) }
    let(:current_user) { user }

    it "forbids index" do
      get :index
      expect(response).not_to be_successful
      expect(response).to have_http_status :forbidden
    end

    it "shows" do
      get :show, params: { id: group.id }
      expect(response).not_to be_successful
      expect(response).to have_http_status :not_found
    end

    context "when having view_members permission in a project the group belongs to" do
      let(:project) { create(:project) }
      let(:user) { create(:user, member_with_permissions: { project => [:view_members] }) }
      let(:group_members) { create_list(:user, 2) }

      before do
        create(:member, project:, principal: group, roles: [create(:project_role)])
      end

      it "shows" do
        get :show, params: { id: group.id }
        expect(response).to be_successful
      end

      it "shows members" do
        get :show, params: { id: group.id }
        expect(assigns(:group_users)).to match_array(group_members)
      end
    end

    context "when having view_members permission in a project the group does not belong to" do
      let(:project) { create(:project) }
      let(:other_project) { create(:project) }
      let(:user) { create(:user, member_with_permissions: { other_project => [:view_members] }) }
      let(:group_members) { create_list(:user, 2) }

      before do
        create(:member, project:, principal: group, roles: [create(:project_role)])
      end

      it "does not show members" do
        get :show, params: { id: group.id }

        expect(response).to have_http_status :not_found
        expect(assigns(:group_users)).to be_blank
      end
    end

    it "forbids new" do
      get :new
      expect(response).not_to be_successful
      expect(response).to have_http_status :forbidden
    end

    it "forbids create" do
      expect do
        post :create, params: { group: { lastname: "New group" } }
      end.not_to(change(Group, :count))

      expect(response).not_to be_successful
      expect(response).to have_http_status :forbidden
    end

    it "forbids edit" do
      get :edit, params: { id: group.id }

      expect(response).not_to be_successful
      expect(response).to have_http_status :forbidden
    end
  end
end
Freeze string literals in specs 2025-05-05 09:29:55 +02:00			`# frozen_string_literal: true`

[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`#-- copyright`
			`# OpenProject is an open source project management software.`
remove years from copyrights (except for COPYRIGHT file) 2024-07-30 13:42:36 +02:00			`# Copyright (C) the OpenProject GmbH`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License version 3.`
			`#`
			`# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:`
			`# Copyright (C) 2006-2013 Jean-Philippe Lang`
			`# Copyright (C) 2010-2013 the ChiliProject Team`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License`
			`# as published by the Free Software Foundation; either version 2`
			`# of the License, or (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program; if not, write to the Free Software`
			`# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`#`
Move license and copyright docs to root, fix names and references 2021-09-02 21:49:06 +02:00			`# See COPYRIGHT and LICENSE files for more details.`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`#++`
			`require "spec_helper"`

Enable RSpec zero monkey patching mode 2023-05-31 12:15:15 +02:00			`RSpec.describe GroupsController do`
lint: autocorrect RSpec/FactoryBot/ConsistentParenthesesStyle 2023-03-07 15:04:32 +01:00			`let(:group) { create(:group, members: group_members) }`
Feature/member notifications (#8958 ) 2021-04-20 13:45:42 +02:00			`let(:group_members) { [] }`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00
			`before do`
			`login_as current_user`
			`end`

			`context "as admin" do`
lint: autocorrect RSpec/FactoryBot/ConsistentParenthesesStyle 2023-03-07 15:04:32 +01:00			`shared_let(:admin) { create(:admin) }`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`let(:current_user) { admin }`

Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "indexes" do`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`get :index`
			`expect(response).to be_successful`
			`expect(response).to render_template "index"`
			`end`

Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "shows" do`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`get :show, params: { id: group.id }`
			`expect(response).to be_successful`
			`expect(response).to render_template "show"`
			`end`

Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "shows new" do`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`get :new`
			`expect(response).to be_successful`
			`expect(response).to render_template "new"`
			`end`

Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "creates" do`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`expect do`
			`post :create, params: { group: { lastname: "New group" } }`
Make rubocop happier 2022-01-28 16:36:10 +01:00			`end.to change(Group, :count).by(1)`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`expect(response).to redirect_to groups_path`
			`end`

Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "edits" do`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`get :edit, params: { id: group.id }`

			`expect(response).to be_successful`
			`expect(response).to render_template "edit"`
			`end`

Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "updates" do`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`expect do`
			`put :update, params: { id: group.id, group: { lastname: "new name" } }`
			`end.to change { group.reload.name }.to("new name")`

			`expect(response).to redirect_to groups_path`
			`end`

Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "destroys" do`
Feature/member notifications (#8958 ) 2021-04-20 13:45:42 +02:00			`perform_enqueued_jobs do`
			`delete :destroy, params: { id: group.id }`
			`end`
[36238] Extract and fix user references in other objects (#9007 ) 2021-02-16 08:46:53 +01:00
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`expect { group.reload }.to raise_error ActiveRecord::RecordNotFound`

			`expect(response).to redirect_to groups_path`
			`end`

			`context "with two existing users" do`
lint: autocorrect RSpec/FactoryBot/ConsistentParenthesesStyle 2023-03-07 15:04:32 +01:00			`let(:user1) { create(:user) }`
			`let(:user2) { create(:user) }`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00
Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "adds users" do`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`post :add_users, params: { id: group.id, user_ids: [user1.id, user2.id] }`
			`expect(group.reload.users.count).to eq 2`
			`end`
			`end`

			`context "with a group member" do`
lint: autocorrect RSpec/FactoryBot/ConsistentParenthesesStyle 2023-03-07 15:04:32 +01:00			`let(:user1) { create(:user) }`
			`let(:user2) { create(:user) }`
Feature/member notifications (#8958 ) 2021-04-20 13:45:42 +02:00			`let(:group_members) { [user1] }`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00
Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "adds users" do`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`post :add_users, params: { id: group.id, user_ids: [user2.id] }`
			`expect(group.reload.users.count).to eq 2`
			`end`
			`end`

Filter out global roles when editing project memberships for group 2022-01-19 11:22:58 +01:00			`context "with a global role membership" do`
			`render_views`

			`let!(:member_group) do`
Make rubocop happier 2022-01-28 16:36:10 +01:00			`create(:global_member,`
			`principal: group,`
			`roles: [create(:global_role)])`
Filter out global roles when editing project memberships for group 2022-01-19 11:22:58 +01:00			`end`

fix rubocop warning 2022-01-19 17:09:48 +01:00			`it "displays edit memberships" do`
Filter out global roles when editing project memberships for group 2022-01-19 11:22:58 +01:00			`get :edit, params: { id: group.id, tab: "memberships" }`

			`expect(response).to be_successful`
			`expect(response).to render_template "edit"`
			`end`
			`end`

[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`context "with project and role" do`
lint: autocorrect RSpec/FactoryBot/ConsistentParenthesesStyle 2023-03-07 15:04:32 +01:00			`let(:project) { create(:project) }`
introduce ProjectRole model 2023-10-05 15:28:31 +02:00			`let(:role1) { create(:project_role) }`
			`let(:role2) { create(:project_role) }`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00
Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "creates membership" do`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`post :create_memberships,`
Harmonize params name for membership creation and update 2022-01-20 11:39:46 +01:00			`params: { id: group.id, membership: { project_id: project.id, role_ids: [role1.id, role2.id] } }`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00
			`expect(group.reload.members.count).to eq 1`
			`expect(group.members.first.roles.count).to eq 2`
			`end`

			`context "with an existing membership" do`
			`let!(:member_group) do`
Remove FactoryBot.* prefix where applicable 2022-01-24 19:22:35 +01:00			`create(:member,`
Make rubocop happier 2022-01-28 16:36:10 +01:00			`project:,`
			`principal: group,`
			`roles: [role1])`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`end`

Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "edits a membership" do`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`expect(group.members.count).to eq 1`
			`expect(group.members.first.roles.count).to eq 1`

			`put :edit_membership,`
			`params: {`
			`id: group.id,`
			`membership_id: group.members.first.id,`
			`membership: { project_id: project.id, role_ids: [role1.id, role2.id] }`
			`}`

			`group.reload`
			`expect(group.members.count).to eq 1`
			`expect(group.members.first.roles.count).to eq 2`
			`end`

			`it "can destroy the membership" do`
			`delete :destroy_membership, params: { id: group.id, membership_id: group.members.first.id }`
			`expect(group.reload.members.count).to eq 0`
			`end`
			`end`
			`end`
			`end`

			`context "as regular user" do`
lint: autocorrect RSpec/FactoryBot/ConsistentParenthesesStyle 2023-03-07 15:04:32 +01:00			`let(:user) { create(:user) }`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`let(:current_user) { user }`

Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "forbids index" do`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`get :index`
			`expect(response).not_to be_successful`
Conform to RSpecRails/HaveHttpStatus cop 2024-06-24 17:35:16 +02:00			`expect(response).to have_http_status :forbidden`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`end`

Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "shows" do`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`get :show, params: { id: group.id }`
Fix more controller actions 2026-02-03 12:17:51 +01:00			`expect(response).not_to be_successful`
			`expect(response).to have_http_status :not_found`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`end`

Fix check for view_members permission when viewing groups 2026-01-14 15:06:07 +01:00			`context "when having view_members permission in a project the group belongs to" do`
			`let(:project) { create(:project) }`
			`let(:user) { create(:user, member_with_permissions: { project => [:view_members] }) }`
			`let(:group_members) { create_list(:user, 2) }`

			`before do`
			`create(:member, project:, principal: group, roles: [create(:project_role)])`
			`end`

Fix more controller actions 2026-02-03 12:17:51 +01:00			`it "shows" do`
			`get :show, params: { id: group.id }`
			`expect(response).to be_successful`
			`end`

Fix check for view_members permission when viewing groups 2026-01-14 15:06:07 +01:00			`it "shows members" do`
			`get :show, params: { id: group.id }`
			`expect(assigns(:group_users)).to match_array(group_members)`
			`end`
			`end`

			`context "when having view_members permission in a project the group does not belong to" do`
			`let(:project) { create(:project) }`
			`let(:other_project) { create(:project) }`
			`let(:user) { create(:user, member_with_permissions: { other_project => [:view_members] }) }`
			`let(:group_members) { create_list(:user, 2) }`

			`before do`
			`create(:member, project:, principal: group, roles: [create(:project_role)])`
			`end`

			`it "does not show members" do`
			`get :show, params: { id: group.id }`
Fix more controller actions 2026-02-03 12:17:51 +01:00
			`expect(response).to have_http_status :not_found`
			`expect(assigns(:group_users)).to be_blank`
Fix check for view_members permission when viewing groups 2026-01-14 15:06:07 +01:00			`end`
			`end`

Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "forbids new" do`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`get :new`
			`expect(response).not_to be_successful`
Conform to RSpecRails/HaveHttpStatus cop 2024-06-24 17:35:16 +02:00			`expect(response).to have_http_status :forbidden`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`end`

Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "forbids create" do`
safe automatic fixes by rubocop (#8994 ) 2021-02-11 16:02:18 +01:00			`expect do`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`post :create, params: { group: { lastname: "New group" } }`
Make rubocop happier 2022-01-28 16:36:10 +01:00			`end.not_to(change(Group, :count))`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00
			`expect(response).not_to be_successful`
Conform to RSpecRails/HaveHttpStatus cop 2024-06-24 17:35:16 +02:00			`expect(response).to have_http_status :forbidden`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`end`

Make rubocop happier 2022-01-28 16:36:10 +01:00			`it "forbids edit" do`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`get :edit, params: { id: group.id }`

			`expect(response).not_to be_successful`
Conform to RSpecRails/HaveHttpStatus cop 2024-06-24 17:35:16 +02:00			`expect(response).to have_http_status :forbidden`
[35815] Add visible show page for all users to groups (#8949 ) 2021-02-01 09:25:12 +01:00			`end`
			`end`
			`end`