curation_concerns 0.1.0 → 0.2.0

data/spec/controllers/curation_concerns/generic_works_controller_json_spec.rb

@@ -0,0 +1,85 @@
+require 'spec_helper'
+
+# This tests the CurationConcerns::CurationConcernController module
+# which is included into spec/internal/app/controllers/generic_works_controller.rb
+describe CurationConcerns::GenericWorksController do
+  let(:user) { create(:user) }
+  before { sign_in user }
+
+  context "JSON" do
+    let(:resource) { create(:private_generic_work, user: user) }
+    let(:resource_request) { get :show, id: resource, format: :json }
+    subject { response }
+
+    describe "unauthorized" do
+      before do
+        sign_out user
+        resource_request
+      end
+      it { is_expected.to respond_unauthorized }
+    end
+
+    describe "forbidden" do
+      before do
+        sign_in create(:user)
+        resource_request
+      end
+      it { is_expected.to respond_forbidden }
+    end
+
+    describe 'not found' do
+      before { get :show, id: "non-existent-pid", format: :json }
+      it { is_expected.to respond_not_found }
+    end
+
+    describe 'created' do
+      before { post :create, generic_work: { title: ['a title'] }, format: :json }
+      it "returns 201, renders show template sets location header" do
+        # Ensure that @curation_concern is set for jbuilder template to use
+        expect(assigns[:curation_concern]).to be_instance_of ::GenericWork
+        expect(controller).to render_template('curation_concerns/base/show')
+        expect(response.code).to eq "201"
+        created_resource = assigns[:curation_concern]
+        expect(response.location).to eq main_app.curation_concerns_generic_work_path(created_resource)
+      end
+    end
+
+    describe 'failed create' do
+      before { post :create, generic_work: {}, format: :json }
+      it "returns 422 and the errors" do
+        created_resource = assigns[:curation_concern]
+        expect(response).to respond_unprocessable_entity(errors: created_resource.errors.messages.as_json)
+      end
+    end
+
+    describe 'found' do
+      before { resource_request }
+      it "returns json of the work" do
+        # Ensure that @curation_concern is set for jbuilder template to use
+        expect(assigns[:curation_concern]).to be_instance_of ::GenericWork
+        expect(controller).to render_template('curation_concerns/base/show')
+        expect(response.code).to eq "200"
+      end
+    end
+
+    describe 'updated' do
+      before { put :update, id: resource, generic_work: { title: ['updated title'] }, format: :json }
+      it "returns 200, renders show template sets location header" do
+        # Ensure that @curation_concern is set for jbuilder template to use
+        expect(assigns[:curation_concern]).to be_instance_of ::GenericWork
+        expect(controller).to render_template('curation_concerns/base/show')
+        expect(response.code).to eq "200"
+        created_resource = assigns[:curation_concern]
+        expect(response.location).to eq main_app.curation_concerns_generic_work_path(created_resource)
+      end
+    end
+
+    describe 'failed update' do
+      before { post :update, id: resource, generic_work: { title: [] }, format: :json }
+
+      it "returns 422 and the errors" do
+        expect(response).to respond_unprocessable_entity(errors: { "title": ["Your work must have a title."] })
+      end
+    end
+  end
+end

data/spec/controllers/curation_concerns/generic_works_controller_spec.rb

@@ -1,166 +1,178 @@
 require 'spec_helper'
 
+# This tests the CurationConcerns::CurationConcernController module
+# which is included into spec/internal/app/controllers/generic_works_controller.rb
 describe CurationConcerns::GenericWorksController do
-  let(:public_work_factory_name) { :public_generic_work }
-  let(:private_work_factory_name) { :work }
-
-  let(:user) { FactoryGirl.create(:user) }
+  let(:user) { create(:user) }
   before { sign_in user }
 
-  describe "#show" do
-    context "my own private work" do
-      let(:a_work) { FactoryGirl.create(private_work_factory_name, user: user) }
-      it "should show me the page" do
+  describe '#show' do
+    context 'my own private work' do
+      let(:a_work) { create(:private_generic_work, user: user) }
+      it 'shows me the page' do
         get :show, id: a_work
         expect(response).to be_success
       end
     end
 
-    context "someone elses private work" do
-      let(:a_work) { FactoryGirl.create(private_work_factory_name) }
-      it "should redirect and show unauthorized message" do
+    context 'someone elses private work' do
+      let(:a_work) { create(:private_generic_work) }
+      it 'shows unauthorized message' do
         get :show, id: a_work
-        expect(response).to fail_redirect_and_flash(main_app.root_path, 'You are not authorized to access this page.')
+        expect(response.code).to eq '401'
+        expect(response).to render_template(:unauthorized)
       end
     end
 
-    context "someone elses public work" do
-      let(:a_work) { FactoryGirl.create(public_work_factory_name) }
-      it "should show me the page" do
+    context 'someone elses public work' do
+      let(:a_work) { create(:public_generic_work) }
+      it 'shows me the page' do
         get :show, id: a_work
         expect(response).to be_success
       end
     end
 
-    context "when I am a repository manager" do
+    context 'when I am a repository manager' do
       before { allow_any_instance_of(User).to receive(:groups).and_return(['admin']) }
-      let(:a_work) { FactoryGirl.create(private_work_factory_name) }
-      it "someone elses private work should show me the page" do
+      let(:a_work) { create(:private_generic_work) }
+      it 'someone elses private work should show me the page' do
         get :show, id: a_work
         expect(response).to be_success
       end
     end
   end
 
-  describe "#new" do
-    context "my work" do
-      it "should show me the page" do
+  describe '#new' do
+    context 'my work' do
+      it 'shows me the page' do
         get :new
         expect(response).to be_success
       end
     end
   end
 
-  describe "#create" do
-    it "should create a work" do
-      expect {
-        post :create, generic_work: { title: ["a title"] }
-      }.to change { GenericWork.count }.by(1)
+  describe '#create' do
+    it 'creates a work' do
+      expect do
+        post :create, generic_work: { title: ['a title'] }
+      end.to change { GenericWork.count }.by(1)
       expect(response).to redirect_to main_app.curation_concerns_generic_work_path(assigns[:curation_concern])
     end
   end
 
-  describe "#edit" do
-    context "my own private work" do
-      let(:a_work) { FactoryGirl.create(private_work_factory_name, user: user) }
-      it "should show me the page" do
+  describe '#edit' do
+    context 'my own private work' do
+      let(:a_work) { create(:private_generic_work, user: user) }
+      it 'shows me the page' do
         get :edit, id: a_work
+        expect(assigns[:form]).to be_kind_of CurationConcerns::GenericWorkForm
         expect(response).to be_success
       end
     end
 
-    context "someone elses private work" do
+    context 'someone elses private work' do
       routes { Rails.application.class.routes }
-      let(:a_work) { FactoryGirl.create(private_work_factory_name) }
-      it "should redirect and show unauthorized message" do
+      let(:a_work) { create(:private_generic_work) }
+      it 'shows the unauthorized message' do
         get :edit, id: a_work
-        expect(response).to fail_redirect_and_flash(main_app.curation_concerns_generic_work_path(assigns[:curation_concern]), 'You are not authorized to access this page.')
+        expect(response.code).to eq '401'
+        expect(response).to render_template(:unauthorized)
       end
     end
 
-    context "someone elses public work" do
-      let(:a_work) { FactoryGirl.create(public_work_factory_name) }
-      it "should show me the page" do
+    context 'someone elses public work' do
+      let(:a_work) { create(:public_generic_work) }
+      it 'shows the unauthorized message' do
         get :edit, id: a_work
-        expect(response).to fail_redirect_and_flash(main_app.curation_concerns_generic_work_path(assigns[:curation_concern]), 'You are not authorized to access this page.')
+        expect(response.code).to eq '401'
+        expect(response).to render_template(:unauthorized)
       end
     end
 
-    context "when I am a repository manager" do
+    context 'when I am a repository manager' do
       before { allow_any_instance_of(User).to receive(:groups).and_return(['admin']) }
-      let(:a_work) { FactoryGirl.create(private_work_factory_name) }
-      it "someone elses private work should show me the page" do
+      let(:a_work) { create(:private_generic_work) }
+      it 'someone elses private work should show me the page' do
         get :edit, id: a_work
         expect(response).to be_success
       end
     end
   end
 
-  describe "#update" do
-    let(:a_work) { FactoryGirl.create(private_work_factory_name, user: user) }
+  describe '#update' do
+    let(:a_work) { FactoryGirl.create(:private_generic_work, user: user) }
+    before do
+      allow(controller).to receive(:actor).and_return(actor)
+    end
+    let(:actor) { double(update: true, visibility_changed?: false) }
 
-    it "should update the work " do
-      patch :update, id: a_work, generic_work: {  }
+    it 'updates the work' do
+      patch :update, id: a_work, generic_work: {}
       expect(response).to redirect_to main_app.curation_concerns_generic_work_path(a_work)
     end
 
-    describe "changing rights" do
-      it "should prompt to change the files access" do
-        allow(controller).to receive(:actor).and_return(double(update: true, visibility_changed?: true))
+    describe 'changing rights' do
+      let(:actor) { double(update: true, visibility_changed?: true) }
+
+      it 'prompts to change the files access' do
         patch :update, id: a_work
         expect(response).to redirect_to main_app.confirm_curation_concerns_permission_path(controller.curation_concern)
       end
     end
 
-    describe "failure" do
-      it "renders the form" do
-        allow(controller).to receive(:actor).and_return(double(update: false, visibility_changed?: false))
+    describe 'failure' do
+      let(:actor) { double(update: false, visibility_changed?: false) }
+
+      it 'renders the form' do
         patch :update, id: a_work
+        expect(assigns[:form]).to be_kind_of CurationConcerns::GenericWorkForm
         expect(response).to render_template('edit')
       end
     end
 
-    context "someone elses public work" do
-      let(:a_work) { FactoryGirl.create(public_work_factory_name) }
-      it "should redirect and show unauthorized message" do
+    context 'someone elses public work' do
+      let(:a_work) { create(:public_generic_work) }
+      it 'shows the unauthorized message' do
         get :update, id: a_work
-        expect(response).to fail_redirect_and_flash(main_app.root_path, 'You are not authorized to access this page.')
+        expect(response.code).to eq '401'
+        expect(response).to render_template(:unauthorized)
       end
     end
 
-    context "when I am a repository manager" do
+    context 'when I am a repository manager' do
       before { allow_any_instance_of(User).to receive(:groups).and_return(['admin']) }
-      let(:a_work) { FactoryGirl.create(private_work_factory_name) }
-      it "someone elses private work should update the work" do
-        patch :update, id: a_work, generic_work: {  }
+      let(:a_work) { create(:private_generic_work) }
+      it 'someone elses private work should update the work' do
+        patch :update, id: a_work, generic_work: {}
         expect(response).to redirect_to main_app.curation_concerns_generic_work_path(a_work)
       end
     end
   end
 
-  describe "#destroy" do
-    let(:work_to_be_deleted) { FactoryGirl.create(private_work_factory_name, user: user) }
+  describe '#destroy' do
+    let(:work_to_be_deleted) { create(:private_generic_work, user: user) }
 
-    it "should delete the work" do
+    it 'deletes the work' do
       delete :destroy, id: work_to_be_deleted
-      expect(response).to redirect_to main_app.catalog_index_path()
-      expect { GenericWork.find(work_to_be_deleted.id) }.to raise_error
+      expect(response).to redirect_to main_app.catalog_index_path
+      expect(GenericWork).not_to exist(work_to_be_deleted.id)
     end
 
-    context "someone elses public work" do
-      let(:work_to_be_deleted) { FactoryGirl.create(private_work_factory_name) }
-      it "should redirect and show unauthorized message" do
+    context 'someone elses public work' do
+      let(:work_to_be_deleted) { create(:private_generic_work) }
+      it 'shows unauthorized message' do
         delete :destroy, id: work_to_be_deleted
-        expect(response).to fail_redirect_and_flash(main_app.root_path, 'You are not authorized to access this page.')
+        expect(response.code).to eq '401'
+        expect(response).to render_template(:unauthorized)
       end
     end
 
-    context "when I am a repository manager" do
-      let(:work_to_be_deleted) { FactoryGirl.create(private_work_factory_name) }
+    context 'when I am a repository manager' do
+      let(:work_to_be_deleted) { create(:private_generic_work) }
       before { allow_any_instance_of(User).to receive(:groups).and_return(['admin']) }
-      it "someone elses private work should delete the work" do
+      it 'someone elses private work should delete the work' do
         delete :destroy, id: work_to_be_deleted
-        expect { GenericWork.find(work_to_be_deleted.id) }.to raise_error
+        expect(GenericWork).not_to exist(work_to_be_deleted.id)
       end
     end
   end

data/spec/controllers/curation_concerns/permissions_controller_spec.rb

@@ -1,29 +1,26 @@
 require 'spec_helper'
 
 describe CurationConcerns::PermissionsController do
-  let(:user) { FactoryGirl.create(:user) }
+  let(:user) { create(:user) }
   before { sign_in user }
 
-  describe "#confirm" do
-    let(:generic_work) { FactoryGirl.create(:generic_work, user: user) }
+  describe '#confirm' do
+    let(:generic_work) { create(:generic_work, user: user) }
 
-    it "should draw the page" do
+    it 'draws the page' do
       get :confirm, id: generic_work
       expect(response).to be_success
     end
   end
 
-  describe "#copy" do
-    let(:generic_work) { FactoryGirl.create(:generic_work, user: user) }
-    let(:worker) { double }
+  describe '#copy' do
+    let(:generic_work) { create(:generic_work, user: user) }
 
-    it "should add a worker to the queue" do
-      expect(VisibilityCopyWorker).to receive(:new).with(generic_work.id).and_return(worker)
-      expect(CurationConcerns.queue).to receive(:push).with(worker)
+    it 'adds a worker to the queue' do
+      expect(VisibilityCopyJob).to receive(:perform_later).with(generic_work.id)
       post :copy, id: generic_work
       expect(response).to redirect_to main_app.curation_concerns_generic_work_path(generic_work)
       expect(flash[:notice]).to eq 'Updating file permissions. This may take a few minutes. You may want to refresh your browser or return to this record later to see the updated file permissions.'
     end
   end
-
 end

data/spec/controllers/curation_concerns/single_use_links_controller_spec.rb

@@ -0,0 +1,79 @@
+require 'spec_helper'
+
+describe CurationConcerns::SingleUseLinksController, type: :controller do
+  routes { CurationConcerns::Engine.routes }
+  let(:user) { FactoryGirl.find_or_create(:jill) }
+
+  let(:file) do
+    FileSet.create do |file|
+      file.apply_depositor_metadata(user)
+    end
+  end
+
+  describe "logged in user with edit permission" do
+    let(:hash) { "some-dummy-sha2-hash" }
+
+    before do
+      sign_in user
+      allow(DateTime).to receive(:now).and_return(DateTime.now)
+      expect(Digest::SHA2).to receive(:new).and_return(hash)
+    end
+
+    describe "GET 'download'" do
+      it "and_return http success" do
+        get 'new_download', id: file
+        expect(response).to be_success
+        expect(assigns[:link]).to eq routes.url_helpers.download_single_use_link_path(hash)
+      end
+    end
+
+    describe "GET 'show'" do
+      it "and_return http success" do
+        get 'new_show', id: file
+        expect(response).to be_success
+        expect(assigns[:link]).to eq routes.url_helpers.show_single_use_link_path(hash)
+      end
+    end
+  end
+
+  describe "logged in user without edit permission" do
+    before do
+      @other_user = FactoryGirl.find_or_create(:archivist)
+      file.read_users << @other_user
+      file.save
+      sign_in @other_user
+      file.read_users << @other_user
+      file.save
+    end
+
+    describe "GET 'download'" do
+      it "and_return http success" do
+        get 'new_download', id: file
+        expect(response).not_to be_success
+      end
+    end
+
+    describe "GET 'show'" do
+      it "and_return http success" do
+        get 'new_show', id: file
+        expect(response).not_to be_success
+      end
+    end
+  end
+
+  describe "unknown user" do
+    describe "GET 'download'" do
+      it "and_return http failure" do
+        get 'new_download', id: file
+        expect(response).not_to be_success
+      end
+    end
+
+    describe "GET 'show'" do
+      it "and_return http failure" do
+        get 'new_show', id: file
+        expect(response).not_to be_success
+      end
+    end
+  end
+end

data/spec/controllers/curation_concerns/single_use_links_viewer_controller_spec.rb

@@ -0,0 +1,74 @@
+require 'spec_helper'
+
+describe CurationConcerns::SingleUseLinksViewerController do
+  routes { CurationConcerns::Engine.routes }
+  let(:file) do
+    file = FileSet.create do |lfile|
+      lfile.label = 'world.png'
+      lfile.apply_depositor_metadata('mjg')
+    end
+    Hydra::Works::AddFileToFileSet.call(file, File.open(fixture_path + '/world.png'), :original_file)
+    file
+  end
+
+  describe "retrieval links" do
+    let :show_link do
+      SingleUseLink.create itemId: file.id, path: Rails.application.routes.url_helpers.curation_concerns_file_set_path(id: file)
+    end
+
+    let :download_link do
+      SingleUseLink.create itemId: file.id, path: Rails.application.routes.url_helpers.download_path(id: file)
+    end
+
+    let :show_link_hash do
+      show_link.downloadKey
+    end
+
+    let :download_link_hash do
+      download_link.downloadKey
+    end
+
+    describe "GET 'download'" do
+      let(:expected_content) { ActiveFedora::Base.find(file.id).original_file.content }
+
+      it "and_return http success" do
+        expect(controller).to receive(:send_file_headers!).with(filename: 'world.png', disposition: 'inline', type: 'image/png')
+        get :download, id: download_link_hash
+        expect(response.body).to eq expected_content
+        expect(response).to be_success
+        expect { SingleUseLink.find_by_downloadKey!(download_link_hash) }.to raise_error ActiveRecord::RecordNotFound
+      end
+
+      context "and the key is not found" do
+        before { SingleUseLink.find_by_downloadKey!(download_link_hash).destroy }
+
+        it "returns 404 if the key is not present" do
+          get :download, id: download_link_hash
+          expect(response).to render_template('error/single_use_error')
+        end
+      end
+    end
+
+    describe "GET 'show'" do
+      it "and_return http success" do
+        get 'show', id: show_link_hash
+        expect(response).to be_success
+        expect(assigns[:presenter].id).to eq file.id
+        expect { SingleUseLink.find_by_downloadKey!(show_link_hash) }.to raise_error ActiveRecord::RecordNotFound
+      end
+
+      context "and the key is not found" do
+        before { SingleUseLink.find_by_downloadKey!(show_link_hash).destroy }
+        it "returns 404 if the key is not present" do
+          get :show, id: show_link_hash
+          expect(response).to render_template('error/single_use_error')
+        end
+      end
+
+      it "returns 404 on attempt to get show path with download hash" do
+        get :show, id: download_link_hash
+        expect(response).to render_template('error/single_use_error')
+      end
+    end
+  end
+end

data/spec/controllers/downloads_controller_spec.rb

@@ -3,49 +3,74 @@ require 'spec_helper'
 describe DownloadsController do
   describe '#show' do
     let(:user) { FactoryGirl.create(:user) }
-    let(:another_user) { FactoryGirl.create(:user) }
-    let(:generic_file) {
+    let(:file_set) do
       FactoryGirl.create(:file_with_work, user: user, content: File.open(fixture_file_path('files/image.png')))
-    }
-
-    it "raise not_found if the object does not exist" do
+    end
+    it 'raise not_found if the object does not exist' do
       get :show, id: '8675309'
       expect(response).to be_not_found
     end
 
     context "when user doesn't have access" do
+      let(:another_user) { FactoryGirl.create(:user) }
       before do
-        # generic_file
         sign_in another_user
       end
-      it "redirects to root" do
-        get :show, id: generic_file.to_param
+      it 'redirects to root' do
+        get :show, id: file_set.to_param
         expect(response).to redirect_to root_path
-        expect(flash["alert"]).to eq "You are not authorized to access this page."
+        expect(flash['alert']).to eq 'You are not authorized to access this page.'
       end
     end
 
     context "when user isn't logged in" do
-      # before { generic_file }
-      it "redirects to sign in" do
-        get :show, id: generic_file.to_param
+      it 'redirects to sign in' do
+        get :show, id: file_set.to_param
         expect(response).to redirect_to new_user_session_path
-        expect(flash["alert"]).to eq "You are not authorized to access this page."
+        expect(flash['alert']).to eq 'You are not authorized to access this page.'
       end
     end
 
-    it 'sends the file if the user has access' do
-      # generic_file
-      sign_in user
-      get :show, id: generic_file.to_param
-      expect(response.body).to eq generic_file.original_file.content
-    end
+    context "when the user has access" do
+      before do
+        sign_in user
+      end
+
+      it 'sends the original file' do
+        get :show, id: file_set
+        expect(response.body).to eq file_set.original_file.content
+      end
 
-    it 'sends requested file content' do
-      Hydra::Works::AddFileToGenericFile.call(generic_file, File.open(fixture_file_path('world.png')), :thumbnail)
-      sign_in user
-      get :show, id: generic_file.to_param, file: 'thumbnail'
-      expect(response.body).to eq generic_file.thumbnail.content
+      context "with an alternative file" do
+        context "that is persisted" do
+          let(:file) { File.open(fixture_file_path('world.png'), 'rb') }
+
+          let(:content) { file.read }
+
+          before do
+            allow(CurationConcerns::DerivativePath).to receive(:derivative_path_for_reference).and_return(fixture_file_path('world.png'))
+          end
+
+          it 'sends requested file content' do
+            get :show, id: file_set, file: 'thumbnail'
+            expect(response.body).to eq content
+            expect(response.headers['Content-Length']).to eq "4218"
+            expect(response.headers['Accept-Ranges']).to eq "bytes"
+          end
+        end
+
+        context "that isn't persisted" do
+          it "returns 404 if the requested file does not exist" do
+            get :show, id: file_set, file: 'thumbnail'
+            expect(response.status).to eq 404
+          end
+        end
+      end
+
+      it "returns 404 if the requested association does not exist" do
+        get :show, id: file_set, file: 'non-existant'
+        expect(response.status).to eq 404
+      end
     end
   end
 end