sufia 6.0.0 → 6.1.0

data/spec/controllers/api/zotero_controller_spec.rb

@@ -0,0 +1,178 @@
+require 'spec_helper'
+
+describe API::ZoteroController, type: :controller do
+  let(:user) { FactoryGirl.find_or_create(:jill) }
+
+  context 'with an HTTP GET to /api/zotero' do
+    context 'with an unauthenticated client' do
+      before { get :initiate }
+
+      subject { response }
+
+      it { is_expected.to have_http_status(302) }
+      it 'describes the redirect' do
+        expect(flash[:alert]).to eq 'You need to sign in or sign up before continuing.'
+      end
+    end
+
+    context 'with an unregistered user' do
+      before do
+        allow_any_instance_of(Ability).to receive(:user_groups) { ['public'] }
+        sign_in user
+        get :initiate
+      end
+
+      subject { response }
+
+      it { is_expected.to have_http_status(302) }
+      it { is_expected.to redirect_to(root_path) }
+      it 'populates the flash with an alert' do
+        expect(flash[:alert]).to eq 'You are not authorized to perform this operation'
+      end
+    end
+
+    context 'with an invalid key/secret combo' do
+      before do
+        allow(Sufia::Zotero).to receive(:config) { broken_config }
+        sign_in user
+        get :initiate
+      end
+
+      let(:broken_config) { Hash.new(client_key: 'foo', client_secret: 'bar') }
+
+      subject { response }
+
+      it { is_expected.to have_http_status(302) }
+      it { is_expected.to redirect_to(root_path) }
+      it 'populates the flash with an alert' do
+        expect(flash[:alert]).to eq 'Invalid Zotero client key pair'
+      end
+    end
+
+    describe 'redirects to Zotero' do
+      before do
+        allow(controller).to receive(:client) { client }
+        allow(client).to receive(:get_request_token) { token }
+        allow_any_instance_of(User).to receive(:zotero_token=)
+        sign_in user
+        get :initiate
+      end
+
+      let(:token) { object_double(OAuth::RequestToken.new(client), authorize_url: 'https://www.zotero.org/oauth/authorize?identity=1&oauth_callback=http%3A%2F%2Ftest.host%2Fapi%2Fzotero%2Fcallback&oauth_token=bc2502f2750983c57224') }
+      let(:client) do
+        OAuth::Consumer.new(Sufia::Zotero.config['client_key'], Sufia::Zotero.config['client_secret'], {
+          site: 'https://www.zotero.org',
+          scheme: :query_string,
+          http_method: :get,
+          request_token_path: '/oauth/request',
+          access_token_path: '/oauth/access',
+          authorize_path: '/oauth/authorize'})
+      end
+
+      subject { response }
+
+      it { is_expected.to have_http_status(302) }
+      it 'has no flash alerts' do
+        expect(flash[:alert]).to be_nil
+      end
+      it 'has the expected callback URL' do
+        expect(subject.headers['Location']).to include('oauth_callback=http%3A%2F%2Ftest.host%2Fapi%2Fzotero%2Fcallback')
+      end
+    end
+  end
+
+  context 'with an HTTP POST/GET to /api/zotero/callback' do
+    context 'with an unauthenticated user' do
+      before { get :callback }
+
+      subject { response }
+
+      it { is_expected.to have_http_status(302) }
+      it 'describes the redirect' do
+        expect(flash[:alert]).to eq 'You need to sign in or sign up before continuing.'
+      end
+    end
+
+    context 'with an unregistered user' do
+      before do
+        allow_any_instance_of(Ability).to receive(:user_groups) { ['public'] }
+        sign_in user
+        get :callback
+      end
+
+      subject { response }
+
+      it { is_expected.to have_http_status(302) }
+      it { is_expected.to redirect_to(root_path) }
+      it 'populates the flash with an alert' do
+        expect(flash[:alert]).to eq 'You are not authorized to perform this operation'
+      end
+    end
+
+    context 'with a request lacking an oauth_token' do
+      before do
+        sign_in user
+        get :callback
+      end
+
+      subject { response }
+
+      it { is_expected.to have_http_status(302) }
+      it { is_expected.to redirect_to(routes.url_helpers.edit_profile_path(user)) }
+      it 'populates the flash with an alert' do
+        expect(flash[:alert]).to eq 'Malformed request from Zotero'
+      end
+    end
+
+    context 'with a non-matching token' do
+      before do
+        sign_in user
+        get :callback, oauth_token: 'woohoo', oauth_verifier: '12345'
+      end
+
+      subject { response }
+
+      it { is_expected.to have_http_status(302) }
+      it { is_expected.to redirect_to(routes.url_helpers.edit_profile_path(user)) }
+      it 'populates the flash with an alert' do
+        expect(flash[:alert]).to eq 'You have not yet connected to Zotero'
+      end
+    end
+
+    context 'with a signed-in, valid user' do
+      before do
+        allow_any_instance_of(User).to receive(:zotero_token) { user_token }
+        allow(Sufia.queue).to receive(:push)
+        sign_in user
+        get :callback, oauth_token: token_string, oauth_verifier: pin
+      end
+
+      let(:token_string) { 'woohoo' }
+      let(:pin) { '12345' }
+      let(:user_token) do
+        double('token',
+          params: { oauth_token: token_string },
+          get_access_token: access_token)
+      end
+      let(:zuserid) { 'myzuser' }
+      let(:access_token) do
+        double('access', params: { userID: zuserid })
+      end
+
+      subject { response }
+
+      it { is_expected.to have_http_status(302) }
+      it 'pushes an arkivo subscription job' do
+        expect(Sufia.queue).to have_received(:push).once
+      end
+      it { is_expected.to redirect_to(routes.url_helpers.profile_path(user)) }
+      it 'populates the flash with a notice' do
+        expect(flash[:alert]).to be_nil
+        expect(flash[:notice]).to eq 'Successfully connected to Zotero!'
+      end
+      it 'stores the userID in the user instance' do
+        expect(user.reload.zotero_userid).to eq zuserid
+      end
+    end
+  end
+end

data/spec/controllers/batch_edits_controller_spec.rb

@@ -78,6 +78,13 @@ describe BatchEditsController, :type => :controller do
       expect(GenericFile.find(one.id).subject).to eq ["zzz"]
       expect(GenericFile.find(two.id).subject).to eq ["zzz"]
     end
+
+    it "should update permissions" do
+      put :update, update_type: "update", visibility: "authenticated"
+      expect(response).to be_redirect
+      expect(GenericFile.find(one.id).visibility).to eq "authenticated"
+      expect(GenericFile.find(two.id).visibility).to eq "authenticated"
+    end
   end
 
 end

data/spec/controllers/collections_controller_spec.rb

@@ -111,7 +111,7 @@ describe CollectionsController do
         expect(asset_results["response"]["numFound"]).to eq 1
         doc = asset_results["response"]["docs"].first
         expect(doc["id"]).to eq @asset2.id
-        afterupdate = GenericFile.find(@asset2.id)
+        GenericFile.find(@asset2.id)
         expect(doc[Solrizer.solr_name(:collection)]).to be_nil
       end
     end

data/spec/controllers/dashboard_controller_spec.rb

@@ -66,7 +66,7 @@ describe DashboardController, :type => :controller do
           expect(assigns[:outgoing].first).to be_kind_of ProxyDepositRequest
           expect(assigns[:outgoing].first.generic_file_id).to eq(outgoing_file.id)
         end
-     end
+      end
     end
 
     context "with activities" do

data/spec/controllers/depositors_controller_spec.rb

@@ -1,8 +1,8 @@
 require 'spec_helper'
 
-describe DepositorsController, :type => :controller do
-  let (:user) { FactoryGirl.find_or_create(:jill) }
-  let (:grantee) { FactoryGirl.find_or_create(:archivist) }
+describe DepositorsController do
+  let(:user) { FactoryGirl.create(:user) }
+  let(:grantee) { FactoryGirl.create(:user) }
 
   describe "as a logged in user" do
     before do
@@ -38,12 +38,16 @@ describe DepositorsController, :type => :controller do
     end
     describe "create" do
       it "should not be successful" do
-        expect { post :create, user_id: user, grantee_id: grantee, format: 'json' }.to raise_error
+        post :create, user_id: user.user_key, grantee_id: grantee.user_key, format: 'json'
+        expect(response).to redirect_to root_path
+        expect(flash[:alert]).to eq "You are not authorized to access this page."
       end
     end
     describe "destroy" do
       it "should not be successful" do
-        expect { delete :destroy, user_id: user, id: grantee, format: 'json' }.to raise_error
+        delete :destroy, user_id: user.user_key, id: grantee.user_key, format: 'json'
+        expect(response).to redirect_to root_path
+        expect(flash[:alert]).to eq "You are not authorized to access this page."
       end
     end
   end

data/spec/controllers/generic_files_controller_spec.rb

@@ -524,6 +524,7 @@ describe GenericFilesController do
 
     describe "#show" do
       it "should show me the file and set breadcrumbs" do
+        expect(GenericFile).not_to receive(:find)
         expect(controller).to receive(:add_breadcrumb).with(I18n.t('sufia.dashboard.title'), Sufia::Engine.routes.url_helpers.dashboard_index_path)
         get :show, id: generic_file
         expect(response).to be_successful
@@ -565,14 +566,14 @@ describe GenericFilesController do
   end
 
   describe "batch creation" do
-    context "when uploading a file" do 
-      let(:batch_id) { Sufia::IdService.mint }
+    context "when uploading a file" do
+      let(:batch_id) { ActiveFedora::Noid::Service.new.mint }
       let(:file1) { fixture_file_upload('/world.png','image/png') }
       let(:file2) { fixture_file_upload('/image.jpg','image/png') }
 
       it "should not create the batch on HTTP GET " do
         expect(Batch).to_not receive(:create)
-        xhr :get, :new 
+        xhr :get, :new
         expect(response).to be_success
       end
 
@@ -584,6 +585,6 @@ describe GenericFilesController do
         xhr :post, :create, files: [file2], Filename: 'An image', batch_id: batch_id, on_behalf_of: 'carolyn', terms_of_service: '1'
         expect(response).to be_success
       end
-    end  
+    end
   end
 end

data/spec/controllers/mailbox_controller_spec.rb

@@ -40,8 +40,8 @@ describe MailboxController, :type => :controller do
   end
   describe "#delete_all" do
     it "should delete message" do
-      rec1 = @another_user.send_message(@user, 'message 2', 'subject 2')
-      rec2 = @another_user.send_message(@user, 'message 3', 'subject 3')
+      @another_user.send_message(@user, 'message 2', 'subject 2')
+      @another_user.send_message(@user, 'message 3', 'subject 3')
       expect(@user.mailbox.inbox.count).to eq(3)
       get :delete_all
       expect(@user.mailbox.inbox.count).to eq(0)

data/spec/controllers/my/collections_controller_spec.rb

@@ -16,7 +16,7 @@ describe My::CollectionsController, :type => :controller do
           c.apply_depositor_metadata(@user.user_key)
           c.save!
         end
-        @unrelated_collection = Collection.new(title: "test collection").tap do |c|
+        @unrelated_collection = Collection.create(title: "test collection") do |c|
           c.apply_depositor_metadata(FactoryGirl.create(:user).user_key)
         end
       end
@@ -27,7 +27,6 @@ describe My::CollectionsController, :type => :controller do
       end
 
       it "should paginate" do          
-        other_user = FactoryGirl.create(:user)
         Collection.new(title: "test collection").tap do |c|
           c.apply_depositor_metadata(@user.user_key)
           c.save!

data/spec/controllers/my/files_controller_spec.rb

@@ -58,14 +58,14 @@ describe My::FilesController, :type => :controller do
 
   describe "batch processing" do
     include Sufia::Messages
-    let (:batch_id) {"batch_id"}
-    let (:batch_id2) {"batch_id2"}
-    let (:batch) {double}
+    let(:batch_id) {"batch_id"}
+    let(:batch_id2) {"batch_id2"}
+    let(:batch) {double}
 
     before do
       allow(batch).to receive(:id).and_return(batch_id)
-      User.batchuser().send_message(user, single_success(batch_id, batch), success_subject, sanitize_text = false)
-      User.batchuser().send_message(user, multiple_success(batch_id2, [batch]), success_subject, sanitize_text = false)
+      User.batchuser().send_message(user, single_success(batch_id, batch), success_subject, false)
+      User.batchuser().send_message(user, multiple_success(batch_id2, [batch]), success_subject, false)
       get :index
     end
     it "gets batches that are complete" do

data/spec/controllers/my/shares_controller_spec.rb

@@ -14,21 +14,31 @@ describe My::SharesController, :type => :controller do
       let!(:my_file) { FactoryGirl.create(:generic_file, depositor: user) }
       let!(:unshared_file) { FactoryGirl.create(:generic_file, depositor: other_user) }
 
-      let!(:shared_with_me) { FactoryGirl.create(:generic_file).tap do |r|
+      let!(:shared_with_me) {
+        FactoryGirl.create(:generic_file).tap do |r|
           r.apply_depositor_metadata other_user
           r.edit_users += [user.user_key]
           r.save!
         end
       }
 
-      let!(:shared_with_someone_else) { FactoryGirl.create(:generic_file).tap do |r|
+      let!(:read_shared_with_me) {
+        FactoryGirl.create(:generic_file, depositor: other_user).tap do |r|
+          r.read_users += [user.user_key]
+          r.save!
+        end
+      }
+
+      let!(:shared_with_someone_else) {
+        FactoryGirl.create(:generic_file).tap do |r|
           r.apply_depositor_metadata user
           r.edit_users += [other_user.user_key]
           r.save!
         end
       }
 
-      let!(:my_collection) { Collection.new(title: "My collection").tap do |c|
+      let!(:my_collection) {
+        Collection.new(title: "My collection").tap do |c|
           c.apply_depositor_metadata(user.user_key)
           c.save!
         end
@@ -68,6 +78,8 @@ describe My::SharesController, :type => :controller do
         expect(assigns[:document_list].map(&:id)).to_not include(shared_with_someone_else.id)
         # doesn't show my collections
         expect(assigns[:document_list].map(&:id)).to_not include my_collection.id
+        # doesn't show files I can see but have no edit access
+        expect(assigns[:document_list].map(&:id)).to_not include read_shared_with_me.id
       end
     end
   end

data/spec/controllers/pages_controller_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe PagesController, :type => :controller do
-  let (:page_name) {"about_page"}
+  let(:page_name) {"about_page"}
   context "content exists" do
     describe "GET #show" do
       let(:page) { ContentBlock.create!(name: page_name, value: "foo bar") }

data/spec/controllers/users_controller_spec.rb

@@ -28,6 +28,7 @@ describe UsersController, :type => :controller do
       let!(:trophy1) { user.trophies.create!(generic_file_id: file1.id) }
       let!(:trophy2) { user.trophies.create!(generic_file_id: file2.id) }
       let!(:trophy3) { user.trophies.create!(generic_file_id: file3.id) }
+      let!(:badtrophy) { user.trophies.create!(generic_file_id: 'not_a_generic_file') }
 
       it "show the user profile if user exists" do
         get :show, id: user.user_key
@@ -92,8 +93,8 @@ describe UsersController, :type => :controller do
       end
     end
   end
-  describe "#edit" do
 
+  describe "#edit" do
     it "show edit form when user edits own profile" do
       get :edit, id: user.user_key
       expect(response).to be_success
@@ -124,7 +125,7 @@ describe UsersController, :type => :controller do
       end
     end
 
-    describe "when the user has trophies" do
+    context "when the user has trophies" do
       let(:file1) { GenericFile.create { |f| f.apply_depositor_metadata(user) } }
       let(:file2) { GenericFile.create { |f| f.apply_depositor_metadata(user) } }
       let(:file3) { GenericFile.create { |f| f.apply_depositor_metadata(user) } }
@@ -235,7 +236,7 @@ describe UsersController, :type => :controller do
       end
       it "should remove a trophy" do
         expect {
-          post :update, id: user.user_key,  'remove_trophy_'+file.id => 'yes'
+          post :update, id: user.user_key, 'remove_trophy_'+file.id => 'yes'
         }.to change { user.trophies.count }.by(-1)
         expect(response).to redirect_to(@routes.url_helpers.profile_path(user.to_param))
         expect(flash[:notice]).to include("Your profile has been updated")
@@ -296,21 +297,21 @@ describe UsersController, :type => :controller do
   end
 
   describe "#toggle_trophy" do
-     let(:file) { GenericFile.create { |f| f.apply_depositor_metadata(user) } }
-     let(:file_id) { file.id }
-     let(:another_user) { FactoryGirl.create(:user) }
+    let(:file) { GenericFile.create { |f| f.apply_depositor_metadata(user) } }
+    let(:file_id) { file.id }
+    let(:another_user) { FactoryGirl.create(:user) }
 
-     it "should trophy a file" do
+    it "should trophy a file" do
       post :toggle_trophy, {id: user.user_key, file_id: file_id}
       json = JSON.parse(response.body)
       expect(json['user_id']).to eq user.id
       expect(json['generic_file_id']).to eq file_id
     end
-     it "should not trophy a file for a different user" do
+    it "should not trophy a file for a different user" do
       post :toggle_trophy, {id: another_user.user_key, file_id: file_id}
       expect(response).to_not be_success
     end
-     it "should not trophy a file with no edit privs" do
+    it "should not trophy a file with no edit privs" do
       sign_in another_user
       post :toggle_trophy, {id: another_user.user_key, file_id: file_id}
       expect(response).to_not be_success

data/spec/factories/api_items.rb

@@ -0,0 +1,91 @@
+FactoryGirl.define do
+  factory :post_item, class: Hash do
+    skip_create
+
+    token 'mock_token'
+
+    metadata do
+      {
+        resourceType: 'Dataset',
+        title: 'Findings from NSF Study',
+        creators: [
+          {
+            creatorType: 'author',
+            firstName: 'John',
+            lastName: 'Doe'
+          },
+          {
+            creatorType: 'seriesEditor',
+            firstName: 'Rafael',
+            lastName: 'Nadal'
+          },
+          {
+            creatorType: 'inventor',
+            name: 'Babs McGee'
+          },
+          {
+            creatorType: 'contributor',
+            name: 'Jane Doeski'
+          },
+        ],
+        description: 'This was funded by the NSF in 2013',
+        publisher: 'National Science Foundation',
+        dateCreated: '2014-11-02T14:24:64Z',
+        basedNear: 'Paris, France',
+        identifier: 'isbn:1234567890',
+        url: 'http://example.org/nsf/2013/datasets/',
+        language: 'English--New Jerseyan',
+        rights: 'http://creativecommons.org/licenses/by-sa/3.0/us/',
+        tags: [
+          'datasets',
+          'nsf',
+          'stuff'
+        ]
+      }
+    end
+
+    file do
+      {
+        base64: 'YXJraXZvCg==',
+        md5: 'f03313ded2feb96f0a641b8eb098aae0',
+        filename: 'file.txt',
+        contentType: 'text/plain'
+      }
+    end
+
+    initialize_with { attributes }
+  end
+
+  factory :put_item, class: Hash, parent: :post_item do
+    metadata do
+      {
+        resourceType: 'Article',
+        title: 'THE REAL FINDINGS',
+        creators: [
+          {
+            creatorType: 'author',
+            firstName: 'John',
+            lastName: 'Doe'
+          },
+          {
+            creatorType: 'inventor',
+            name: 'Babs McGee'
+          },
+        ],
+        rights: 'http://creativecommons.org/licenses/by-sa/3.0/us/',
+        tags: [
+          'datasets'
+        ]
+      }
+    end
+
+    file do
+      {
+        base64: 'IyBIRUFERVIKClRoaXMgaXMgYSBwYXJhZ3JhcGghCg==',
+        md5: '3923077bb477097b8496dbcff5fa44b3',
+        filename: 'replaced.md',
+        contentType: 'text/x-markdown'
+      }
+    end
+  end
+end