add preview specs

openpoke · Jul 26, 2024 · 0e50826 · 0e50826
1 parent 8e6a317
commit 0e50826
Show file tree

Hide file tree

Showing 32 changed files with 475 additions and 352 deletions.
diff --git a/decidim-accountability/spec/system/preview_accountability_with_share_token_spec.rb b/decidim-accountability/spec/system/preview_accountability_with_share_token_spec.rb
@@ -2,9 +2,9 @@
 
 require "spec_helper"
 
-describe "Preview accountability with share token" do
+describe "preview accountability with a share token" do
   let(:manifest_name) { "accountability" }
 
   include_context "with a component"
-  it_behaves_like "preview component with share_token"
+  it_behaves_like "preview component with a share_token"
 end
diff --git a/decidim-admin/app/controllers/decidim/admin/share_tokens_controller.rb b/decidim-admin/app/controllers/decidim/admin/share_tokens_controller.rb
@@ -2,25 +2,25 @@
 
 module Decidim
   module Admin
-    # This is an abstrac controller allows sharing unpublished things.
+    # This is an abstract controller allows sharing unpublished things.
     # Final implementation must inherit from this controller and implement the `resource` method.
     class ShareTokensController < Decidim::Admin::ApplicationController
       include Decidim::Admin::Filterable
 
-      helper_method :share_token, :resource, :resource_title, :share_tokens_path
+      helper_method :current_token, :resource, :resource_title, :share_tokens_path
 
       def index
-        enforce_permission_to :read, :share_token
+        enforce_permission_to :read, :share_tokens
         @share_tokens = filtered_collection
       end
 
       def new
-        enforce_permission_to :create, :share_token
+        enforce_permission_to :create, :share_tokens
         @form = form(ShareTokenForm).instance
       end
 
       def create
-        enforce_permission_to :create, :share_token
+        enforce_permission_to :create, :share_tokens
         @form = form(ShareTokenForm).from_params(params, resource:)
 
         CreateShareToken.call(@form) do
@@ -37,15 +37,15 @@ def create
       end
 
       def edit
-        enforce_permission_to(:update, :share_token, share_token:)
-        @form = form(ShareTokenForm).from_model(share_token)
+        enforce_permission_to(:update, :share_tokens, share_token: current_token)
+        @form = form(ShareTokenForm).from_model(current_token)
       end
 
       def update
-        enforce_permission_to(:update, :share_token, share_token:)
+        enforce_permission_to(:update, :share_tokens, share_token: current_token)
         @form = form(ShareTokenForm).from_params(params, resource:)
 
-        UpdateShareToken.call(@form, share_token) do
+        UpdateShareToken.call(@form, current_token) do
           on(:ok) do
             flash[:notice] = I18n.t("share_tokens.update.success", scope: "decidim.admin")
             redirect_to share_tokens_path
@@ -59,9 +59,9 @@ def update
       end
 
       def destroy
-        enforce_permission_to(:destroy, :share_token, share_token:)
+        enforce_permission_to(:destroy, :share_tokens, share_token: current_token)
 
-        Decidim::Commands::DestroyResource.call(share_token, current_user) do
+        Decidim::Commands::DestroyResource.call(current_token, current_user) do
           on(:ok) do
             flash[:notice] = I18n.t("share_tokens.destroy.success", scope: "decidim.admin")
           end
@@ -80,7 +80,7 @@ def resource
         raise NotImplementedError
       end
 
-      # Override also this method if resouce does not respond to a translatable name or title
+      # Override also this method if resource does not respond to a translatable name or title
       def resource_title
         translated_attribute(resource.try(:name) || resource.title)
       end
@@ -124,8 +124,8 @@ def filters
         []
       end
 
-      def share_token
-        @share_token ||= collection.find(params[:id])
+      def current_token
+        @current_token ||= collection.find(params[:id])
       end
     end
   end

diff --git a/decidim-admin/app/views/decidim/admin/share_tokens/edit.html.erb b/decidim-admin/app/views/decidim/admin/share_tokens/edit.html.erb
@@ -6,16 +6,16 @@
   </h1>
 </div>
 <div class="item__edit-form">
-  <%= decidim_form_for(@form, url: share_tokens_path(:update, id: share_token), html: { class: "form-defaults form edit_share_token" }) do |f| %>
+  <%= decidim_form_for(@form, url: share_tokens_path(:update, id: current_token), html: { class: "form-defaults form edit_share_token" }) do |f| %>
     <div class="card">
       <div class="card-section">
         <div class="form__wrapper">
           <div class="card pt-4">
             <div class="row column">
               <label for="share_token-token"><%= t("token", scope: "decidim.admin.models.share_token.fields") %></label>
               <div class="flex gap-4">
-                <%= text_field_tag :token, share_token.token, id: "share_token-token", aria: { label: t("token", scope: "decidim.admin.models.share_token.fields") }, disabled: true %>
-                <button type="button" class="button button__sm button__secondary text-nowrap" data-clipboard-copy="#share_token-token" data-clipboard-content="<%= share_token.url %>" data-clipboard-copy-label="<%= t("copied", scope: "decidim.admin.share_tokens.index") %>" data-clipboard-copy-message="<%= t("copy_message", scope: "decidim.admin.share_tokens.index") %>"><%= t("actions.copy_link", scope: "decidim.admin.share_tokens") %></button>
+                <%= text_field_tag :token, current_token.token, id: "share_token-token", aria: { label: t("token", scope: "decidim.admin.models.share_token.fields") }, disabled: true %>
+                <button type="button" class="button button__sm button__secondary text-nowrap" data-clipboard-copy="#share_token-token" data-clipboard-content="<%= current_token.url %>" data-clipboard-copy-label="<%= t("copied", scope: "decidim.admin.share_tokens.index") %>" data-clipboard-copy-message="<%= t("copy_message", scope: "decidim.admin.share_tokens.index") %>"><%= t("actions.copy_link", scope: "decidim.admin.share_tokens") %></button>
               </div>
             </div>
             <%= render partial: "form", object: f %>

diff --git a/decidim-assemblies/app/permissions/decidim/assemblies/permissions.rb b/decidim-assemblies/app/permissions/decidim/assemblies/permissions.rb
@@ -126,6 +126,7 @@ def public_read_assembly_action?
         return disallow! unless can_view_private_space?
         return allow! if user&.admin?
         return allow! if assembly.published?
+        return allow! if user_can_preview_space?
 
         toggle_allow(can_manage_assembly?)
       end
@@ -266,6 +267,7 @@ def assembly_admin_action?
           :assembly_user_role,
           :assembly_member,
           :export_space,
+          :share_tokens,
           :import
         ].include?(permission_action.subject)
         allow! if is_allowed
@@ -285,11 +287,18 @@ def org_admin_action?
           :assembly_user_role,
           :assembly_member,
           :export_space,
+          :share_tokens,
           :import
         ].include?(permission_action.subject)
         allow! if is_allowed
       end
 
+      def user_can_preview_space?
+        return allow! if context[:share_token].present? && Decidim::ShareToken.use!(token_for: assembly, token: context[:share_token], user:)
+      rescue ActiveRecord::RecordNotFound, StandardError
+        nil
+      end
+
       # Checks if the permission_action is to read the admin assemblies list or
       # not.
       def read_assembly_list_permission_action?

diff --git a/decidim-assemblies/spec/system/admin/admin_manages_assembly_share_tokens_spec.rb b/decidim-assemblies/spec/system/admin/admin_manages_assembly_share_tokens_spec.rb
@@ -6,9 +6,15 @@
   let!(:user) { create(:user, :admin, :confirmed, organization:) }
   let(:organization) { create(:organization) }
   let!(:assembly) { create(:assembly, organization:, private_space: true) }
+  let(:participatory_space) { assembly }
+  let(:participatory_space_path) { decidim_admin_assemblies.edit_assembly_path(assembly) }
 
-  it_behaves_like "manage participatory space share tokens" do
-    let(:participatory_space) { assembly }
-    let(:participatory_space_path) { decidim_admin_assemblies.edit_assembly_path(assembly) }
+  it_behaves_like "manage participatory space share tokens"
+
+  context "when the user is an assembly admin" do
+    let(:user) { create(:user, :confirmed, :admin_terms_accepted, organization:) }
+    let!(:role) { create(:assembly_user_role, user:, assembly:, role: :admin) }
+
+    it_behaves_like "manage participatory space share tokens"
   end
 end
diff --git a/decidim-assemblies/spec/system/preview_assembly_with_share_token_spec.rb b/decidim-assemblies/spec/system/preview_assembly_with_share_token_spec.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require "spec_helper"
+
+describe "Preview assembly with share token" do
+  let(:organization) { create(:organization) }
+  let!(:participatory_space) { create(:assembly, organization:, published_at: nil) }
+  let(:resource_path) { decidim_assemblies.assembly_path(participatory_space) }
+
+  it_behaves_like "preview participatory space with a share_token"
+end
diff --git a/decidim-blogs/spec/system/preview_blogs_with_share_token_spec.rb b/decidim-blogs/spec/system/preview_blogs_with_share_token_spec.rb
@@ -2,9 +2,9 @@
 
 require "spec_helper"
 
-describe "Preview blogs with share token" do
+describe "preview blogs with a share token" do
   let(:manifest_name) { "blogs" }
 
   include_context "with a component"
-  it_behaves_like "preview component with share_token"
+  it_behaves_like "preview component with a share_token"
 end
diff --git a/decidim-budgets/spec/system/preview_budgets_with_share_token_spec.rb b/decidim-budgets/spec/system/preview_budgets_with_share_token_spec.rb
@@ -2,9 +2,9 @@
 
 require "spec_helper"
 
-describe "Preview budgets with share token" do
+describe "preview budgets with a share token" do
   let(:manifest_name) { "budgets" }
 
   include_context "with a component"
-  it_behaves_like "preview component with share_token"
+  it_behaves_like "preview component with a share_token"
 end
diff --git a/decidim-conferences/app/permissions/decidim/conferences/permissions.rb b/decidim-conferences/app/permissions/decidim/conferences/permissions.rb
@@ -127,6 +127,7 @@ def public_read_conference_action?
 
         return allow! if user&.admin?
         return allow! if conference.published?
+        return allow! if user_can_preview_space?
 
         toggle_allow(can_manage_conference?)
       end
@@ -276,7 +277,8 @@ def conference_admin_action?
           :partner,
           :media_link,
           :registration_type,
-          :conference_invite
+          :conference_invite,
+          :share_tokens
         ].include?(permission_action.subject)
         allow! if is_allowed
       end
@@ -299,11 +301,18 @@ def org_admin_action?
           :partner,
           :registration_type,
           :read_conference_registrations,
-          :export_conference_registrations
+          :export_conference_registrations,
+          :share_tokens
         ].include?(permission_action.subject)
         allow! if is_allowed
       end
 
+      def user_can_preview_space?
+        return allow! if context[:share_token].present? && Decidim::ShareToken.use!(token_for: conference, token: context[:share_token], user:)
+      rescue ActiveRecord::RecordNotFound, StandardError
+        nil
+      end
+
       # Checks if the permission_action is to read the admin conferences list or
       # not.
       def read_conference_list_permission_action?

diff --git a/decidim-conferences/spec/system/admin/admin_manages_conference_share_tokens_spec.rb b/decidim-conferences/spec/system/admin/admin_manages_conference_share_tokens_spec.rb
@@ -4,9 +4,15 @@
 
 describe "Admin manages conference share tokens" do
   include_context "when admin administrating a conference"
+  let(:participatory_space) { conference }
+  let(:participatory_space_path) { decidim_admin_conferences.edit_conference_path(conference) }
 
-  it_behaves_like "manage participatory space share tokens" do
-    let(:participatory_space) { conference }
-    let(:participatory_space_path) { decidim_admin_conferences.edit_conference_path(conference) }
+  it_behaves_like "manage participatory space share tokens"
+
+  context "when the user is a conference admin" do
+    let(:user) { create(:user, :confirmed, :admin_terms_accepted, organization:) }
+    let!(:role) { create(:conference_user_role, user:, conference:, role: :admin) }
+
+    it_behaves_like "manage participatory space share tokens"
   end
 end
diff --git a/decidim-conferences/spec/system/preview_conference_with_share_token_spec.rb b/decidim-conferences/spec/system/preview_conference_with_share_token_spec.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require "spec_helper"
+
+describe "Preview conference with share token" do
+  let(:organization) { create(:organization) }
+  let!(:participatory_space) { create(:conference, organization:, published_at: nil) }
+  let(:resource_path) { decidim_conferences.conference_path(participatory_space) }
+
+  it_behaves_like "preview participatory space with a share_token"
+end
diff --git a/decidim-core/app/controllers/concerns/decidim/needs_permission.rb b/decidim-core/app/controllers/concerns/decidim/needs_permission.rb
@@ -40,7 +40,8 @@ def permissions_context
           current_settings: try(:current_settings),
           component_settings: try(:component_settings),
           current_organization: try(:current_organization),
-          current_component: try(:current_component)
+          current_component: try(:current_component),
+          share_token: try(:store_share_token)
         }
       end
 

diff --git a/decidim-core/app/controllers/decidim/application_controller.rb b/decidim-core/app/controllers/decidim/application_controller.rb
@@ -56,6 +56,12 @@ class ApplicationController < ::DecidimController
 
     skip_before_action :disable_http_caching, unless: :user_signed_in?
 
+    def store_share_token
+      session[:share_token] = params[:share_token] if params.has_key?(:share_token)
+
+      session[:share_token].presence
+    end
+
     private
 
     # This overrides Devise's method for extracting the path from the URL. We

diff --git a/decidim-core/app/controllers/decidim/components/base_controller.rb b/decidim-core/app/controllers/decidim/components/base_controller.rb
@@ -30,7 +30,7 @@ class BaseController < Decidim::ApplicationController
                     :current_manifest
 
       before_action do
-        enforce_permission_to :read, :component, component: current_component, share_token:
+        enforce_permission_to :read, :component, component: current_component
       end
 
       before_action :redirect_unless_feature_private
@@ -49,10 +49,6 @@ def current_manifest
         @current_manifest ||= current_component.manifest
       end
 
-      def share_token
-        params[:share_token]
-      end
-
       def permission_scope
         :public
       end

diff --git a/decidim-core/app/permissions/decidim/permissions.rb b/decidim-core/app/permissions/decidim/permissions.rb
@@ -56,7 +56,6 @@ def component_public_action?
 
       return allow! if component.published?
       return allow! if user_can_preview_component?
-      return allow! if user_can_admin_component?
       return allow! if user_can_admin_component_via_space?
 
       disallow!

diff --git a/decidim-core/lib/decidim/core/test.rb b/decidim-core/lib/decidim/core/test.rb
@@ -59,9 +59,8 @@
 require "decidim/core/test/shared_examples/permissions"
 require "decidim/core/test/shared_examples/admin_resource_gallery_examples"
 require "decidim/core/test/shared_examples/map_examples"
-require "decidim/core/test/shared_examples/preview_component_with_share_token_examples"
-require "decidim/core/test/shared_examples/manage_component_share_tokens_examples"
-require "decidim/core/test/shared_examples/manage_participatory_space_share_tokens_examples"
+require "decidim/core/test/shared_examples/preview_with_share_token_examples"
+require "decidim/core/test/shared_examples/manage_share_tokens_examples"
 require "decidim/core/test/shared_examples/metric_manage_shared_context"
 require "decidim/core/test/shared_examples/resource_search_examples"
 require "decidim/core/test/shared_examples/static_pages_examples"