286e0ca878
We were raising a `CanCan::AcessDenied` and were getting a 500 Internal Server Error. I've chosen to do the same thing we do in the ApplicationController. There are other options to handle this request, like redirecting to the login page or returning a 401 Unauthorized HTTP status.
71 lines
2.3 KiB
Ruby
71 lines
2.3 KiB
Ruby
require "rails_helper"
|
|
|
|
describe Management::SessionsController do
|
|
|
|
describe "Sign in" do
|
|
|
|
it "denies access if wrong manager credentials" do
|
|
allow_any_instance_of(ManagerAuthenticator).to receive(:auth).and_return(false)
|
|
get :create, params: { login: "nonexistent", clave_usuario: "wrong" }
|
|
|
|
expect(response).to redirect_to "/"
|
|
expect(flash[:alert]).to eq "You do not have permission to access this page."
|
|
expect(session[:manager]).to be_nil
|
|
end
|
|
|
|
it "redirects to management root path if authorized manager with right credentials" do
|
|
manager = {login: "JJB033", user_key: "31415926", date: "20151031135905"}
|
|
allow_any_instance_of(ManagerAuthenticator).to receive(:auth).and_return(manager)
|
|
|
|
get :create, params: {
|
|
login: "JJB033" ,
|
|
clave_usuario: "31415926",
|
|
fecha_conexion: "20151031135905"
|
|
}
|
|
expect(response).to be_redirect
|
|
expect(session[:manager][:login]).to eq "JJB033"
|
|
end
|
|
|
|
it "redirects to management root path if user is admin" do
|
|
user = create(:administrator).user
|
|
sign_in user
|
|
get :create
|
|
expect(response).to be_redirect
|
|
expect(session[:manager][:login]).to eq "admin_user_#{user.id}"
|
|
end
|
|
|
|
it "redirects to management root path if user is manager" do
|
|
user = create(:manager).user
|
|
sign_in user
|
|
get :create
|
|
expect(response).to be_redirect
|
|
expect(session[:manager][:login]).to eq "manager_user_#{user.id}"
|
|
end
|
|
|
|
it "denies access if user is not admin or manager" do
|
|
sign_in create(:user)
|
|
get :create
|
|
|
|
expect(response).to redirect_to "/"
|
|
expect(flash[:alert]).to eq "You do not have permission to access this page."
|
|
expect(session[:manager]).to be_nil
|
|
end
|
|
end
|
|
|
|
describe "Sign out" do
|
|
it "destroys the session data and redirect" do
|
|
session[:manager] = {user_key: "31415926", date: "20151031135905", login: "JJB033"}
|
|
session[:document_type] = "1"
|
|
session[:document_number] = "12345678Z"
|
|
|
|
delete :destroy
|
|
|
|
expect(session[:manager]).to be_nil
|
|
expect(session[:document_type]).to be_nil
|
|
expect(session[:document_number]).to be_nil
|
|
expect(response).to be_redirect
|
|
end
|
|
end
|
|
|
|
end
|