<% if content_for?(:section_title) %>
<%= yield(:section_title) %>
diff --git a/app/views/recruiter/edit.html.erb b/app/views/recruiter/edit.html.erb
deleted file mode 100644
index dc6aff7..0000000
--- a/app/views/recruiter/edit.html.erb
+++ /dev/null
@@ -1,6 +0,0 @@
-
- Edit: <%= @candidate.name %>
- Test ID: <%= @candidate.test_hash %>
-
- <%= render partial: 'form', locals: { action: update_candidate_path(@candidate.id), candidate: @candidate, quizzes: @quizzes } %>
-
diff --git a/app/views/recruiter/login.html.erb b/app/views/recruiter/login.html.erb
deleted file mode 100644
index 9d4098d..0000000
--- a/app/views/recruiter/login.html.erb
+++ /dev/null
@@ -1,21 +0,0 @@
-
- Recruiter Login
-
- <% if flash[:error].present? %>
- <%= flash[:error] %>
- <% end %>
-
- <%= form_for :auth, url: recruiter_login_path do |form| %>
-
- <%= form.label :email %>
- <%= form.email_field :email %>
-
-
-
- <%= form.label :password %>
- <%= form.password_field :password %>
-
-
- <%= submit_tag "Log in" %>
- <% end %>
-
diff --git a/app/views/recruiter/new.html.erb b/app/views/recruiter/new.html.erb
deleted file mode 100644
index 7892256..0000000
--- a/app/views/recruiter/new.html.erb
+++ /dev/null
@@ -1,6 +0,0 @@
-
- New Candidate
-
- <%= render partial: 'form', locals:
- { action: create_candidate_path, candidate: @candidate, quizzes: @quizzes } %>
-
diff --git a/app/views/review/login.html.erb b/app/views/review/login.html.erb
deleted file mode 100644
index 6d84f0f..0000000
--- a/app/views/review/login.html.erb
+++ /dev/null
@@ -1,21 +0,0 @@
-
- Reviewer Login
-
- <% if flash[:error].present? %>
- <%= flash[:error] %>
- <% end %>
-
- <%= form_for :auth, url: review_login_path do |form| %>
-
- <%= form.label :email %>
- <%= form.email_field :email %>
-
-
-
- <%= form.label :password %>
- <%= form.password_field :password %>
-
-
- <%= submit_tag "Login" %>
- <% end %>
-
diff --git a/app/views/reviewer_mailer/candidate_submission.html.inky b/app/views/reviewer_mailer/candidate_submission.html.inky
index 4f61e26..1c5a20f 100644
--- a/app/views/reviewer_mailer/candidate_submission.html.inky
+++ b/app/views/reviewer_mailer/candidate_submission.html.inky
@@ -1,6 +1,6 @@
Candidate <%= @candidate.test_hash %> has completed the Skills Assessment Test.
- You can view the results here: <%= link_to nil, review_test_url(@candidate.test_hash) %>.
+ You can view the results here: <%= link_to nil, admin_result_url(@candidate.test_hash) %>.
-
\ No newline at end of file
+
diff --git a/app/views/reviewer_mailer/candidate_submission.text.erb b/app/views/reviewer_mailer/candidate_submission.text.erb
index 7ca4a38..e81acc2 100644
--- a/app/views/reviewer_mailer/candidate_submission.text.erb
+++ b/app/views/reviewer_mailer/candidate_submission.text.erb
@@ -2,4 +2,4 @@ PERFICIENT/digital SKILLS ASSESSMENT RESULTS
Candidate <%= @candidate.test_hash %> has completed the Skills Assessment Test.
-You can view the results here: <%= review_test_url(@candidate.test_hash) %>.
+You can view the results here: <%= admin_result_url(@candidate.test_hash) %>.
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
new file mode 100644
index 0000000..3348c50
--- /dev/null
+++ b/config/brakeman.ignore
@@ -0,0 +1,10 @@
+{
+ "ignored_warnings": [
+ {
+ "fingerprint": "da17225c940987e6239cc4ecfe27bcb1e5da2db1134435dc3e1025d97927e0ba",
+ "note": "false positive"
+ }
+ ],
+ "updated": "2016-09-19 09:06:25 -0500",
+ "brakeman_version": "3.4.0"
+}
diff --git a/config/routes.rb b/config/routes.rb
index 0a9f7e8..c5356dd 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,5 +1,8 @@
# frozen_string_literal: true
Rails.application.routes.draw do
+ get "/styleguide", to: "application#styleguide", as: :styleguide
+ get "/admin/styleguide", to: "application#styleguide"
+
post "/admin/login", to: "admin/auth#auth", as: :admin_auth
get "/admin/login", to: "admin/auth#login", as: :admin_login
get "/admin/logout", to: "admin/auth#logout", as: :admin_logout
@@ -33,46 +36,36 @@ Rails.application.routes.draw do
post "/admin/question/:question_id/edit", to: "admin/question#update", as: :admin_update_question
patch "/admin/question/:question_id/edit", to: "admin/question#update"
- get "/admin/profile", to: "admin/profile#view", as: :admin_profile
- post "/admin/profile", to: "admin/profile#update", as: :admin_update_profile
- get "/admin/profile/edit", to: "admin/profile#edit", as: :admin_edit_profile
+ get "/admin/profile", to: "admin/profile#view", as: :admin_profile
+ post "/admin/profile", to: "admin/profile#update", as: :admin_update_profile
+ get "/admin/profile/edit", to: "admin/profile#edit", as: :admin_edit_profile
- get "/admin", to: "admin#dashboard", as: :admin
+ get "/admin/candidates", to: "admin/candidate#index", as: :admin_candidates
+ get "/admin/candidate/new", to: "admin/candidate#new", as: :admin_new_candidate
+ post "/admin/candidate/new", to: "admin/candidate#create", as: :admin_create_candidate
+ get "/admin/candidate/:id", to: "admin/candidate#edit", as: :admin_edit_candidate
+ post "/admin/candidate/:id", to: "admin/candidate#update", as: :admin_update_candidate
+ get "/admin/candidate/:id/resend", to: "admin/candidate#resend_welcome", as: :admin_resend_welcome
+
+ get "/admin/results", to: "admin/result#index", as: :admin_results
+ get "/admin/result/:test_hash", to: "admin/result#view", as: :admin_result
+
+ get "/admin", to: "admin/dashboard#show", as: :admin
#########################################################################################
- post "/validate", to: "candidate#validate", as: :validate_candidate
- get "/login(/:test_id)", to: "candidate#login", as: :login
- get "/welcome", to: "candidate#welcome", as: :welcome
- get "/saved", to: "candidate#saved", as: :saved
- get "/thankyou", to: "candidate#thankyou", as: :thankyou
-
- get "/oops", to: "candidate#oops", as: :oops
+ post "/validate", to: "candidate#validate", as: :validate_candidate
+ get "/login(/:test_id)", to: "candidate#login", as: :login
+ get "/welcome", to: "candidate#welcome", as: :welcome
+ get "/saved", to: "candidate#saved", as: :saved
+ get "/thankyou", to: "candidate#thankyou", as: :thankyou
+ get "/oops", to: "candidate#oops", as: :oops
post "/question(/:answer_id)", to: "quiz#update_answer", as: :post_answer
get "/question(/:question_id)", to: "quiz#question", as: :question
post "/summary", to: "quiz#submit_summary", as: :post_summary
get "/summary", to: "quiz#summary", as: :summary
- get "/review/logout", to: "review#logout", as: :review_logout
- post "/review/login", to: "review#auth", as: :review_auth
- get "/review/login", to: "review#login", as: :review_login
- get "/review", to: "review#index", as: :review
- get "/review/:test_hash", to: "review#view", as: :review_test
-
- get "/resend/welcome/:id", to: "recruiter#resend_welcome", as: :resend_welcome
-
- get "/recruiter", to: "recruiter#index", as: :recruiter
- get "/recruiter/candidate", to: "recruiter#new", as: :new_candidate
- post "/recruiter/candidate", to: "recruiter#create", as: :create_candidate
- get "/recruiter/candidate/:id", to: "recruiter#edit", as: :edit_candidate
- post "/recruiter/candidate/:id", to: "recruiter#update", as: :update_candidate
- get "/recruiter/logout", to: "recruiter#logout", as: :recruiter_logout
- get "/recruiter/login", to: "recruiter#login", as: :recruiter_login
- post "/recruiter/login", to: "recruiter#auth", as: :recruiter_auth
-
- get "/styleguide", to: "application#styleguide", as: :styleguide
-
root to: "candidate#login"
# For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
diff --git a/test/controllers/admin/auth_controller_test.rb b/test/controllers/admin/auth_controller_test.rb
index 671f42a..c3cb40c 100644
--- a/test/controllers/admin/auth_controller_test.rb
+++ b/test/controllers/admin/auth_controller_test.rb
@@ -26,18 +26,16 @@ module Admin
assert_redirected_to admin_url
end
- test "recruiter should not admin auth" do
+ test "recruiter should auth to dashboard" do
post admin_auth_url, params: { auth:
{ email: 'pdr.recruiter@mailinator.com', password: 'password' } }
- assert_redirected_to admin_login_url
- assert_match(/incorrect.*email/, flash[:error])
+ assert_redirected_to admin_url
end
- test "reviewer should not admin auth" do
+ test "reviewer should auth to dashboard" do
post admin_auth_url, params: { auth:
{ email: 'fed.reviewer@mailinator.com', password: 'password' } }
- assert_redirected_to admin_login_url
- assert_match(/incorrect.*email/, flash[:error])
+ assert_redirected_to admin_url
end
test "should get reset_request" do
diff --git a/test/controllers/admin/candidate_controller/index_test.rb b/test/controllers/admin/candidate_controller/index_test.rb
new file mode 100644
index 0000000..cd6ebe0
--- /dev/null
+++ b/test/controllers/admin/candidate_controller/index_test.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+module Admin
+ class CandidateControllerTest < ActionDispatch::IntegrationTest
+ test "should require auth or redirect" do
+ get admin_candidates_url
+ assert_redirected_to admin_login_url
+
+ get admin_new_candidate_url
+ assert_redirected_to admin_login_url
+
+ post admin_create_candidate_url, params: { candidate: { name: 'foo', email: 'bar', experience: 'baz' } }
+ assert_redirected_to admin_login_url
+ end
+
+ test "should get candidate list" do
+ auth_recruiter
+ get admin_candidates_url
+ assert_response :success
+ assert assigns(:candidates), "@candidates not present"
+ end
+
+ test 'should have edit links' do
+ auth_recruiter
+ get admin_candidates_url
+ assert_response :success
+ assert_select "a[href='#{admin_edit_candidate_path(candidates(:martha))}']"
+ end
+ end
+end
diff --git a/test/controllers/admin/candidate_controller/new_candidate_test.rb b/test/controllers/admin/candidate_controller/new_candidate_test.rb
new file mode 100644
index 0000000..c59f58c
--- /dev/null
+++ b/test/controllers/admin/candidate_controller/new_candidate_test.rb
@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+module Admin
+ class CandidateControllerTest < ActionDispatch::IntegrationTest
+ include ActiveJob::TestHelper
+
+ test "should get new" do
+ auth_recruiter
+ get admin_new_candidate_url
+ assert_response :success
+ assert assigns(:candidate), "@candidate not present"
+ end
+
+ test "should get create" do
+ auth_recruiter
+ get admin_create_candidate_url
+ assert_response :success
+ end
+
+ test "should create new candidate" do
+ auth_recruiter
+
+ assert_enqueued_jobs 2 do
+ assert_difference("Candidate.count") do
+ post admin_create_candidate_path, params: { candidate:
+ { name: 'new name', email: 'test@mailinator.com', experience: '0-3', quiz_id: quizzes(:fed).id } }
+ end
+ end
+ assert_redirected_to admin_candidates_path
+ assert flash[:success]
+ end
+
+ test "should fail creation with improper email format" do
+ auth_recruiter
+
+ assert_enqueued_jobs 0 do
+ assert_difference("Candidate.count", 0) do
+ post admin_create_candidate_path, params: { candidate:
+ { name: 'new name', email: 'test@mailinatorcom', experience: '0-3', quiz_id: quizzes(:fed).id } }
+ end
+ end
+ assert :success
+ assert assigns(:candidate), "@candidate not present"
+ assert_match(/failed.*save/i, flash[:error])
+ end
+
+ test "should fail creation gracefully with empty email" do
+ auth_recruiter
+
+ assert_enqueued_jobs 0 do
+ assert_difference("Candidate.count", 0) do
+ post admin_create_candidate_path, params: { candidate:
+ { name: 'new name', email: "", experience: '0-3', quiz_id: quizzes(:fed).id } }
+ end
+ end
+ assert :success
+ assert assigns(:candidate), "@candidate not present"
+ assert_match(/failed.*save/i, flash[:error])
+ end
+
+ test 'should queue up a welcome email [resend]' do
+ auth_recruiter
+
+ assert_enqueued_jobs 1 do
+ get admin_resend_welcome_path(id: candidates(:peggy)), xhr: true
+ end
+ assert_response :success
+ data = JSON.parse(response.body)
+ assert_match 'queued', data["message"]
+ end
+ end
+end
diff --git a/test/controllers/admin/candidate_controller/update_candidate_test.rb b/test/controllers/admin/candidate_controller/update_candidate_test.rb
new file mode 100644
index 0000000..e4b2779
--- /dev/null
+++ b/test/controllers/admin/candidate_controller/update_candidate_test.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+module Admin
+ class CandidateControllerTest < ActionDispatch::IntegrationTest
+ test 'should edit candidate' do
+ auth_recruiter
+ candidate = candidates(:martha)
+
+ get admin_edit_candidate_path(candidate.id)
+ assert_response :success
+ assert_select 'form'
+ end
+
+ test 'should update candidate, but NOT test_hash' do
+ auth_recruiter
+ candidate = candidates(:martha)
+ post admin_update_candidate_url(id: candidate.id), params:
+ { candidate: { name: 'new name', email: "mail@martha.me", test_hash: 'SOMENEWSTRING' } }
+
+ refute_equal candidate.name, Candidate.find_by(id: candidate.id).name
+ assert_equal candidate.test_hash, Candidate.find_by(id: candidate.id).test_hash
+ assert_redirected_to admin_candidates_url
+ end
+
+ test 'should redirect to form on fail' do
+ auth_recruiter
+ candidate = candidates(:martha)
+ post admin_update_candidate_url(id: candidate.id), params:
+ { candidate: { name: 'new name', email: "mail@martha" } }
+
+ assert :success
+ assert_match(/failed.*save/i, flash[:error])
+ end
+ end
+end
diff --git a/test/controllers/admin/dashboard_controller_test.rb b/test/controllers/admin/dashboard_controller_test.rb
new file mode 100644
index 0000000..10a1474
--- /dev/null
+++ b/test/controllers/admin/dashboard_controller_test.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+module Admin
+ class DashboardControllerTest < ActionDispatch::IntegrationTest
+ test "dashboard should require auth" do
+ get admin_url
+ assert_redirected_to admin_login_url
+ end
+
+ test "should get dashboard" do
+ post admin_auth_url, params: { auth:
+ { email: 'alan.admin@mailinator.com', password: 'password' } }
+ get admin_users_url
+ assert_response :success
+ end
+ end
+end
diff --git a/test/controllers/admin/result_controller_test.rb b/test/controllers/admin/result_controller_test.rb
new file mode 100644
index 0000000..699517d
--- /dev/null
+++ b/test/controllers/admin/result_controller_test.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+module Admin
+ class ResultControllerTest < ActionDispatch::IntegrationTest
+ test "should get results list" do
+ auth_reviewer
+ get admin_results_url
+ assert_response :success
+ assert assigns(:candidates), '@candidates not present'
+ end
+
+ test "should get view" do
+ auth_reviewer
+
+ get admin_result_url(candidates(:richard).test_hash)
+ assert_response :success
+ assert assigns(:candidate), "@candidate not present"
+ assert assigns(:quiz), "@quiz not present"
+ assert assigns(:status), "@status not present"
+ end
+ end
+end
diff --git a/test/controllers/admin_controller_test.rb b/test/controllers/admin_controller_test.rb
index 56df4d6..60da372 100644
--- a/test/controllers/admin_controller_test.rb
+++ b/test/controllers/admin_controller_test.rb
@@ -2,15 +2,4 @@
require 'test_helper'
class AdminControllerTest < ActionDispatch::IntegrationTest
- test "dashboard should require auth" do
- get admin_url
- assert_redirected_to admin_login_url
- end
-
- test "should get dashboard" do
- post admin_auth_url, params: { auth:
- { email: 'alan.admin@mailinator.com', password: 'password' } }
- get admin_url
- assert_response :success
- end
end
diff --git a/test/controllers/recruiter_controller/index_test.rb b/test/controllers/recruiter_controller/index_test.rb
deleted file mode 100644
index b6b4a7c..0000000
--- a/test/controllers/recruiter_controller/index_test.rb
+++ /dev/null
@@ -1,56 +0,0 @@
-# frozen_string_literal: true
-require 'test_helper'
-
-class RecruiterControllerTest < ActionDispatch::IntegrationTest
- test "should get login" do
- get recruiter_login_url
- assert_response :success
- end
-
- test 'should logout and reset session' do
- auth_recruiter
- get recruiter_logout_path
-
- assert :success
- assert session[:user].nil?
- end
-
- test "should require auth or redirect" do
- get recruiter_url
- assert_redirected_to recruiter_login_path
-
- get new_candidate_url
- assert_redirected_to recruiter_login_path
-
- post create_candidate_url, params: { candidate: { name: 'foo', email: 'bar', experience: 'baz' } }
- assert_redirected_to recruiter_login_path
- end
-
- test "should auth to index" do
- auth_recruiter
- assert_redirected_to recruiter_path
- assert session[:user].present?
- end
-
- test "should fail auth with flash" do
- post recruiter_auth_url, params: { auth:
- { email: 'pdr.recruiter@mailinator.com', password: 'bad-password' } }
-
- assert_redirected_to recruiter_login_path
- assert flash[:error]
- end
-
- test "should get candidate list" do
- auth_recruiter
- get recruiter_url
- assert_response :success
- assert assigns(:candidates), "@candidates not present"
- end
-
- test 'should have edit links' do
- auth_recruiter
- get recruiter_url
- assert_response :success
- assert_select "a[href='#{edit_candidate_path(candidates(:martha))}']"
- end
-end
diff --git a/test/controllers/recruiter_controller/new_candidate_test.rb b/test/controllers/recruiter_controller/new_candidate_test.rb
deleted file mode 100644
index 458237b..0000000
--- a/test/controllers/recruiter_controller/new_candidate_test.rb
+++ /dev/null
@@ -1,71 +0,0 @@
-# frozen_string_literal: true
-require 'test_helper'
-
-class RecruiterControllerTest < ActionDispatch::IntegrationTest
- include ActiveJob::TestHelper
-
- test "should get new" do
- auth_recruiter
- get new_candidate_url
- assert_response :success
- assert assigns(:candidate), "@candidate not present"
- end
-
- test "should get create" do
- auth_recruiter
- get create_candidate_url
- assert_response :success
- end
-
- test "should create new candidate" do
- auth_recruiter
-
- assert_enqueued_jobs 2 do
- assert_difference("Candidate.count") do
- post create_candidate_path, params: { candidate:
- { name: 'new name', email: 'test@mailinator.com', experience: '0-3', quiz_id: quizzes(:fed).id } }
- end
- end
- assert_redirected_to recruiter_path
- assert flash[:success]
- end
-
- test "should fail creation with improper email format" do
- auth_recruiter
-
- assert_enqueued_jobs 0 do
- assert_difference("Candidate.count", 0) do
- post create_candidate_path, params: { candidate:
- { name: 'new name', email: 'test@mailinatorcom', experience: '0-3', quiz_id: quizzes(:fed).id } }
- end
- end
- assert :success
- assert assigns(:candidate), "@candidate not present"
- assert_match(/failed.*save/i, flash[:error])
- end
-
- test "should fail creation gracefully with empty email" do
- auth_recruiter
-
- assert_enqueued_jobs 0 do
- assert_difference("Candidate.count", 0) do
- post create_candidate_path, params: { candidate:
- { name: 'new name', email: "", experience: '0-3', quiz_id: quizzes(:fed).id } }
- end
- end
- assert :success
- assert assigns(:candidate), "@candidate not present"
- assert_match(/failed.*save/i, flash[:error])
- end
-
- test 'should queue up a welcome email [resend]' do
- auth_recruiter
-
- assert_enqueued_jobs 1 do
- get resend_welcome_path(id: candidates(:peggy)), xhr: true
- end
- assert_response :success
- data = JSON.parse(response.body)
- assert_match 'queued', data["message"]
- end
-end
diff --git a/test/controllers/recruiter_controller/update_candidate_test.rb b/test/controllers/recruiter_controller/update_candidate_test.rb
deleted file mode 100644
index 02a1dbe..0000000
--- a/test/controllers/recruiter_controller/update_candidate_test.rb
+++ /dev/null
@@ -1,34 +0,0 @@
-# frozen_string_literal: true
-require 'test_helper'
-
-class RecruiterControllerTest < ActionDispatch::IntegrationTest
- test 'should edit candidate' do
- auth_recruiter
- candidate = candidates(:martha)
-
- get edit_candidate_path(candidate.id)
- assert_response :success
- assert_select 'form'
- end
-
- test 'should update candidate, but NOT test_hash' do
- auth_recruiter
- candidate = candidates(:martha)
- post update_candidate_url(id: candidate.id), params:
- { candidate: { name: 'new name', email: "mail@martha.me", test_hash: 'SOMENEWSTRING' } }
-
- refute_equal candidate.name, Candidate.find_by(id: candidate.id).name
- assert_equal candidate.test_hash, Candidate.find_by(id: candidate.id).test_hash
- assert_redirected_to recruiter_url
- end
-
- test 'should redirect to form on fail' do
- auth_recruiter
- candidate = candidates(:martha)
- post update_candidate_url(id: candidate.id), params:
- { candidate: { name: 'new name', email: "mail@martha" } }
-
- assert :success
- assert_match(/failed.*save/i, flash[:error])
- end
-end
diff --git a/test/controllers/review_controller_test.rb b/test/controllers/review_controller_test.rb
deleted file mode 100644
index 5851678..0000000
--- a/test/controllers/review_controller_test.rb
+++ /dev/null
@@ -1,63 +0,0 @@
-# frozen_string_literal: true
-require 'test_helper'
-
-class ReviewControllerTest < ActionDispatch::IntegrationTest
- test "should get login" do
- get review_login_url
- assert_response :success
- end
-
- test "should require auth or redirect" do
- get review_url
- assert_redirected_to review_login_path
-
- get review_test_url(candidates(:richard).test_hash)
- assert_redirected_to review_login_path
- end
-
- test "should auth to index" do
- auth_reviewer
- assert_redirected_to review_path
- assert session[:user].present?
- end
-
- test "should fail auth with flash" do
- post review_auth_url, params: { auth:
- { email: 'fed.review@mailinator.com', password: 'bad-password' } }
-
- assert_redirected_to review_login_path
- assert flash[:error]
- end
-
- test "should get review list" do
- auth_reviewer
- get review_url
- assert_response :success
- assert assigns(:candidates), '@candidates not present'
- end
-
- test "should get index" do
- auth_reviewer
-
- get review_url
- assert_response :success
- end
-
- test "should get view" do
- auth_reviewer
-
- get review_test_url(candidates(:richard).test_hash)
- assert_response :success
- assert assigns(:candidate), "@candidate not present"
- assert assigns(:quiz), "@quiz not present"
- assert assigns(:status), "@status not present"
- end
-
- test 'should logout and reset session' do
- auth_reviewer
- get review_logout_path
-
- assert :success
- assert session[:user].nil?
- end
-end
diff --git a/test/fixtures/questions.yml b/test/fixtures/questions.yml
index 6460c5f..b498ff2 100644
--- a/test/fixtures/questions.yml
+++ b/test/fixtures/questions.yml
@@ -111,3 +111,13 @@ fed10:
- "wibbly wobbly, timey wimey"
sort: 9
active: true
+
+admin1:
+ quiz: admin
+ question: 'You have a question you want to ask.'
+ category: Admin
+ input_type: text
+ input_options:
+ sort: 0
+ active: true
+
diff --git a/test/fixtures/quizzes.yml b/test/fixtures/quizzes.yml
index daf1e5d..f4bd5fa 100644
--- a/test/fixtures/quizzes.yml
+++ b/test/fixtures/quizzes.yml
@@ -4,3 +4,8 @@ fed:
name: PDR Standard FED Screening
unit: PDR
dept: FED
+
+admin:
+ name: An extra quiz not assigned to anyone
+ unit: PDR
+ dept: NOPE
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
index 9c007a3..94e21e3 100644
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -18,6 +18,12 @@ reviewer2:
password_digest: <%= BCrypt::Password.create("password", cost: 4) %>
role: reviewer
+manager:
+ name: Mary Manager
+ email: mary.manager@mailinator.com
+ password_digest: <%= BCrypt::Password.create("password", cost: 4) %>
+ role: manager
+
admin:
name: Alan Admin
email: alan.admin@mailinator.com
diff --git a/test/integration/question_attachments_test.rb b/test/integration/question_attachments_test.rb
index e10f3e8..84b4215 100644
--- a/test/integration/question_attachments_test.rb
+++ b/test/integration/question_attachments_test.rb
@@ -20,10 +20,9 @@ class QuestionAttachmentsTest < ActionDispatch::IntegrationTest
end
test "should show attachments on review" do
- user = users :reviewer
- post review_auth_url, params: { auth: { email: user.email, password: 'password' } }
+ auth_reviewer
- get review_test_path(candidates(:richard).test_hash)
+ get admin_result_path(candidates(:richard).test_hash)
assert_response :success
assert_select "img[src=\"#{questions(:fed6).attachment}\"]"
end
diff --git a/test/policies/admin_policy_test.rb b/test/policies/admin_policy_test.rb
new file mode 100644
index 0000000..00f8494
--- /dev/null
+++ b/test/policies/admin_policy_test.rb
@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+# TODO: How the heck to you test a headless policy?...
+#
+# class AdminPolicyTest < PolicyAssertions::Test
+# def test_dashboard
+# assert_permit users(:recruiter), Admin
+# end
+# end
diff --git a/test/policies/application_policy_test.rb b/test/policies/application_policy_test.rb
new file mode 100644
index 0000000..66337a9
--- /dev/null
+++ b/test/policies/application_policy_test.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+class ApplicationPolicyTest < PolicyAssertions::Test
+ # Verify default policies are most restrictive
+
+ test 'should require a user' do
+ assert_raise Pundit::NotAuthorizedError do
+ ApplicationPolicy.new(nil, User.new)
+ end
+ end
+
+ test 'should not allow collections' do
+ assert_raise Pundit::NotAuthorizedError do
+ ApplicationPolicy::Scope.new(users(:admin), User).resolve
+ end
+ end
+
+ test 'should not permit by default' do
+ admin = users(:admin)
+ refute ApplicationPolicy.new(admin, User.new).view?
+ refute ApplicationPolicy.new(admin, User.new).show?
+ refute ApplicationPolicy.new(admin, nil).index?
+ refute ApplicationPolicy.new(admin, nil).create?
+ refute ApplicationPolicy.new(admin, nil).new?
+ refute ApplicationPolicy.new(admin, nil).update?
+ refute ApplicationPolicy.new(admin, nil).edit?
+ refute ApplicationPolicy.new(admin, nil).destroy?
+ end
+end
diff --git a/test/policies/candidate_policy_test.rb b/test/policies/candidate_policy_test.rb
new file mode 100644
index 0000000..5124ec8
--- /dev/null
+++ b/test/policies/candidate_policy_test.rb
@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+class CandidatePolicyTest < PolicyAssertions::Test
+ test 'should require current_user' do
+ assert_raise Pundit::NotAuthorizedError do
+ CandidatePolicy.new(nil, Candidate.first).view?
+ end
+ end
+
+ test 'should allow admin to scope' do
+ scope = CandidatePolicy::Scope.new(users(:admin), Candidate).resolve
+ assert_equal Candidate.count, scope.count
+ end
+
+ test 'should allow recruiter to scope' do
+ scope = CandidatePolicy::Scope.new(users(:recruiter), Candidate).resolve
+ assert_equal Candidate.count, scope.count
+ end
+
+ test 'reviewer CAN NOT scope candidates' do
+ assert_raise Pundit::NotAuthorizedError do
+ CandidatePolicy::Scope.new(users(:reviewer), Candidate).resolve
+ end
+ end
+
+ test 'manager CAN NOT scope candidates' do
+ assert_raise Pundit::NotAuthorizedError do
+ CandidatePolicy::Scope.new(users(:manager), Candidate).resolve
+ end
+ end
+
+ def test_view_and_update
+ assert_permit users(:admin), candidates(:roy)
+ assert_permit users(:recruiter), candidates(:roy)
+
+ refute_permit users(:manager), candidates(:roy)
+ refute_permit users(:reviewer), candidates(:roy)
+ end
+
+ def test_create
+ assert_permit users(:admin), Candidate
+ assert_permit users(:recruiter), Candidate
+
+ refute_permit users(:manager), Candidate
+ refute_permit users(:reviewer), Candidate
+ end
+end
diff --git a/test/policies/question_policy_test.rb b/test/policies/question_policy_test.rb
new file mode 100644
index 0000000..f8173db
--- /dev/null
+++ b/test/policies/question_policy_test.rb
@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+class QuestionPolicyTest < PolicyAssertions::Test
+ test 'should require current_user' do
+ assert_raise Pundit::NotAuthorizedError do
+ QuestionPolicy.new(nil, Question.first).view?
+ end
+ end
+
+ test 'should allow admin to scope' do
+ scope = QuestionPolicy::Scope.new(users(:admin), Question).resolve
+ assert_equal Question.count, scope.count
+ end
+
+ test 'should allow manager to scope' do
+ scope = QuestionPolicy::Scope.new(users(:manager), Question).resolve
+ assert_equal Question.count, scope.count
+ end
+
+ test 'should allow reviewer to scope' do
+ quiz_ids = users(:reviewer).quizzes.map(&:id)
+
+ scope = QuestionPolicy::Scope.new(users(:reviewer), Question).resolve
+ assert_equal Question.where(quiz_id: quiz_ids).count, scope.count
+ end
+
+ test 'should NOT allow recruiter to scope' do
+ assert_raise Pundit::NotAuthorizedError do
+ QuestionPolicy::Scope.new(users(:recruiter), Question).resolve
+ end
+ end
+
+ def test_view_and_options
+ assert_permit users(:admin), questions(:fed1)
+ assert_permit users(:manager), questions(:fed1)
+ assert_permit users(:reviewer), questions(:fed1)
+
+ refute_permit users(:reviewer), questions(:admin1)
+ refute_permit users(:recruiter), questions(:fed1)
+ end
+
+ def test_create_and_update
+ assert_permit users(:admin), Question
+ assert_permit users(:manager), Question
+
+ refute_permit users(:recruiter), Question
+ refute_permit users(:reviewer), Question
+ end
+end
diff --git a/test/policies/quiz_policy_test.rb b/test/policies/quiz_policy_test.rb
new file mode 100644
index 0000000..e5eb7be
--- /dev/null
+++ b/test/policies/quiz_policy_test.rb
@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+class QuizPolicyTest < PolicyAssertions::Test
+ test 'should require current_user' do
+ assert_raise Pundit::NotAuthorizedError do
+ QuizPolicy.new(nil, Quiz.first).view?
+ end
+ end
+
+ test 'should allow admin to scope' do
+ scope = QuizPolicy::Scope.new(users(:admin), Quiz).resolve
+ assert_equal Quiz.count, scope.count
+ end
+
+ test 'should allow manager to scope' do
+ scope = QuizPolicy::Scope.new(users(:manager), Quiz).resolve
+ assert_equal Quiz.count, scope.count
+ end
+
+ test 'should allow reviewer to scope' do
+ scope = QuizPolicy::Scope.new(users(:reviewer), Quiz).resolve
+ assert_equal users(:reviewer).quizzes.count, scope.count
+ end
+
+ test 'should allow recruiter to scope' do
+ scope = QuizPolicy::Scope.new(users(:recruiter), Quiz).resolve
+ assert_equal Quiz.count, scope.count
+ end
+
+ def test_view
+ assert_permit users(:admin), quizzes(:fed)
+ assert_permit users(:manager), quizzes(:fed)
+ assert_permit users(:reviewer), quizzes(:fed)
+
+ refute_permit users(:reviewer), quizzes(:admin)
+ refute_permit users(:recruiter), quizzes(:fed)
+ end
+
+ def test_create_and_update
+ assert_permit users(:admin), Quiz
+ assert_permit users(:manager), Quiz
+
+ refute_permit users(:recruiter), Quiz
+ refute_permit users(:reviewer), Quiz
+ end
+end
diff --git a/test/policies/user_policy_test.rb b/test/policies/user_policy_test.rb
new file mode 100644
index 0000000..98f0dd3
--- /dev/null
+++ b/test/policies/user_policy_test.rb
@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+class UserPolicyTest < PolicyAssertions::Test
+ test 'should require current_user' do
+ assert_raise Pundit::NotAuthorizedError do
+ UserPolicy.new(nil, User.first).view?
+ end
+ end
+
+ test 'should allow admin to scope' do
+ scope = UserPolicy::Scope.new(users(:admin), User).resolve
+ assert_equal User.count, scope.count
+ end
+
+ test 'non admins can only scope themselves' do
+ %i(manager reviewer recruiter).each do |role|
+ scope = UserPolicy::Scope.new(users(role), User).resolve
+ assert_equal 1, scope.count, "Scope did not have 1 result for #{role}"
+ assert_equal users(role), scope.first, "Scope did not contain self for #{role}"
+ end
+ end
+
+ # view?
+ test 'admin can view any user role' do
+ assert_permit users(:admin), users(:admin), 'view?'
+ assert_permit users(:admin), users(:manager), 'view?'
+ assert_permit users(:admin), users(:reviewer), 'view?'
+ assert_permit users(:admin), users(:recruiter), 'view?'
+ end
+
+ test 'manager can only view herself' do
+ assert_permit users(:manager), users(:manager), 'view?'
+
+ refute_permit users(:manager), users(:admin), 'view?'
+ refute_permit users(:manager), users(:reviewer), 'view?'
+ refute_permit users(:manager), users(:recruiter), 'view?'
+ end
+
+ test 'reviewer can only view herself' do
+ assert_permit users(:reviewer), users(:reviewer), 'view?'
+
+ refute_permit users(:reviewer), users(:admin), 'view?'
+ refute_permit users(:reviewer), users(:manager), 'view?'
+ refute_permit users(:reviewer), users(:recruiter), 'view?'
+ end
+
+ test 'recruiter can only view herself' do
+ assert_permit users(:recruiter), users(:recruiter), 'view?'
+
+ refute_permit users(:recruiter), users(:admin), 'view?'
+ refute_permit users(:recruiter), users(:manager), 'view?'
+ refute_permit users(:recruiter), users(:reviewer), 'view?'
+ end
+
+ # update?
+ test 'admin can update any user role' do
+ assert_permit users(:admin), users(:admin), 'update?'
+ assert_permit users(:admin), users(:manager), 'update?'
+ assert_permit users(:admin), users(:reviewer), 'update?'
+ assert_permit users(:admin), users(:recruiter), 'update?'
+ end
+
+ test 'manager can only update herself' do
+ assert_permit users(:manager), users(:manager), 'update?'
+
+ refute_permit users(:manager), users(:admin), 'update?'
+ refute_permit users(:manager), users(:reviewer), 'update?'
+ refute_permit users(:manager), users(:recruiter), 'update?'
+ end
+
+ test 'reupdateer can only update herself' do
+ assert_permit users(:reviewer), users(:reviewer), 'update?'
+
+ refute_permit users(:reviewer), users(:admin), 'update?'
+ refute_permit users(:reviewer), users(:manager), 'update?'
+ refute_permit users(:reviewer), users(:recruiter), 'update?'
+ end
+
+ test 'recruiter can only update herself' do
+ assert_permit users(:recruiter), users(:recruiter), 'update?'
+
+ refute_permit users(:recruiter), users(:admin), 'update?'
+ refute_permit users(:recruiter), users(:manager), 'update?'
+ refute_permit users(:recruiter), users(:reviewer), 'update?'
+ end
+
+ # create
+ test 'only admin can create users' do
+ assert_permit users(:admin), User, 'create?'
+
+ refute_permit users(:manager), User, 'create?'
+ refute_permit users(:reviewer), User, 'create?'
+ refute_permit users(:recruiter), User, 'create?'
+ end
+end
diff --git a/test/test_helper.rb b/test/test_helper.rb
index 2eca63e..65a1a33 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -7,12 +7,13 @@ SimpleCov.start 'rails' do
add_group 'Models', %w(app/models app/validators)
add_group 'Services & Workers', %w(app/workers app/services)
add_group "Jobs", 'app/jobs'
+ add_group "Policies", 'app/policies'
end
require File.expand_path('../../config/environment', __FILE__)
require 'rails/test_help'
-require "minitest/autorun"
require 'minitest/reporters'
+require 'policy_assertions'
Dir[Rails.root.join("test/test_helpers/**/*.rb")].each { |f| require f }
Minitest::Reporters.use! [Minitest::Reporters::DefaultReporter.new(color: true)]
diff --git a/test/test_helpers/auth_test_helper.rb b/test/test_helpers/auth_test_helper.rb
index 7bddabe..152a7b6 100644
--- a/test/test_helpers/auth_test_helper.rb
+++ b/test/test_helpers/auth_test_helper.rb
@@ -4,13 +4,28 @@ module AuthTestHelper
post validate_candidate_url, params: { test_id: candidate.test_hash }
end
+ def auth_user user
+ post admin_auth_url, params: { auth:
+ { email: user.email, password: 'password' } }
+ end
+
+ def auth_admin
+ post admin_auth_url, params: { auth:
+ { email: 'alan.admin@mailinator.com', password: 'password' } }
+ end
+
+ def auth_manager
+ post admin_auth_url, params: { auth:
+ { email: 'mary.manager@mailinator.com', password: 'password' } }
+ end
+
def auth_recruiter
- post recruiter_auth_url, params: { auth:
+ post admin_auth_url, params: { auth:
{ email: 'pdr.recruiter@mailinator.com', password: 'password' } }
end
def auth_reviewer
- post review_auth_url, params: { auth:
+ post admin_auth_url, params: { auth:
{ email: 'fed.reviewer@mailinator.com', password: 'password' } }
end
end