From 9d4c641effe14e2af6b90bb8b07f213068970caa Mon Sep 17 00:00:00 2001 From: Sam Collard Date: Mon, 12 Sep 2022 13:16:57 +0100 Subject: [PATCH] Fix download mailer tests --- app/controllers/organisations_controller.rb | 2 +- app/jobs/email_csv_job.rb | 2 +- app/mailers/csv_download_mailer.rb | 6 +-- spec/mailers/csv_download_mailer_spec.rb | 2 +- .../requests/organisations_controller_spec.rb | 50 +++++++++++-------- 5 files changed, 35 insertions(+), 27 deletions(-) diff --git a/app/controllers/organisations_controller.rb b/app/controllers/organisations_controller.rb index e9048808e..3a979b78a 100644 --- a/app/controllers/organisations_controller.rb +++ b/app/controllers/organisations_controller.rb @@ -127,7 +127,7 @@ private end def authenticate_scope! - if %w[create new logs download_csv].include? action_name + if %w[create new logs download_csv email_csv].include? action_name head :unauthorized and return unless current_user.support? elsif current_user.organisation != @organisation && !current_user.support? render_not_found diff --git a/app/jobs/email_csv_job.rb b/app/jobs/email_csv_job.rb index 539c0b44d..6d59b3acd 100644 --- a/app/jobs/email_csv_job.rb +++ b/app/jobs/email_csv_job.rb @@ -16,6 +16,6 @@ class EmailCsvJob < ApplicationJob url = storage_service.get_presigned_url(filename, EXPIRATION_TIME) - CsvDownloadMailer.new.send_email(user, url, duration) + CsvDownloadMailer.new.send_email(user, url, EXPIRATION_TIME) end end diff --git a/app/mailers/csv_download_mailer.rb b/app/mailers/csv_download_mailer.rb index 65f5bc885..619d5e922 100644 --- a/app/mailers/csv_download_mailer.rb +++ b/app/mailers/csv_download_mailer.rb @@ -3,9 +3,9 @@ class CsvDownloadMailer < NotifyMailer def send_csv_download_mail(user, link, duration) send_email( - email_address: user.email, - template_id: CSV_DOWNLOAD_TEMPLATE_ID, - personalisation: { name: user.name, link:, duration: ActiveSupport::Duration.build(duration).inspect }, + user.email, + CSV_DOWNLOAD_TEMPLATE_ID, + { name: user.name, link:, duration: ActiveSupport::Duration.build(duration).inspect }, ) end end diff --git a/spec/mailers/csv_download_mailer_spec.rb b/spec/mailers/csv_download_mailer_spec.rb index 4bb3cd25a..6c145c508 100644 --- a/spec/mailers/csv_download_mailer_spec.rb +++ b/spec/mailers/csv_download_mailer_spec.rb @@ -24,7 +24,7 @@ RSpec.describe CsvDownloadMailer do }, ) - described_class.new.send_email(user, link, duration) + described_class.new.send_csv_download_mail(user, link, duration) end end end diff --git a/spec/requests/organisations_controller_spec.rb b/spec/requests/organisations_controller_spec.rb index 469278b1e..6e635da40 100644 --- a/spec/requests/organisations_controller_spec.rb +++ b/spec/requests/organisations_controller_spec.rb @@ -352,26 +352,30 @@ RSpec.describe OrganisationsController, type: :request do end context "when viewing logs for other organisation" do - before do + it "does not display the logs" do get "/organisations/#{unauthorised_organisation.id}/logs", headers:, params: {} + expect(response).to have_http_status(:unauthorized) end - it "returns not found 404 from org details route" do - expect(response).to have_http_status(:not_found) - end - - it "shows the 404 view" do - expect(page).to have_content("Page not found") + it "prevents CSV download" do + expect { + post "/organisations/#{unauthorised_organisation.id}/logs/email-csv", headers:, params: {} + }.not_to enqueue_job(EmailCsvJob) + expect(response).to have_http_status(:unauthorized) end end context "when viewing logs for your organisation" do - before do + it "does not display the logs" do get "/organisations/#{organisation.id}/logs", headers:, params: {} + expect(response).to have_http_status(:unauthorized) end - it "redirects to /logs page" do - expect(response).to redirect_to("/logs") + it "prevents CSV download" do + expect { + post "/organisations/#{organisation.id}/logs/email-csv", headers:, params: {} + }.not_to enqueue_job(EmailCsvJob) + expect(response).to have_http_status(:unauthorized) end end @@ -495,26 +499,30 @@ RSpec.describe OrganisationsController, type: :request do end context "when viewing logs for other organisation" do - before do + it "does not display the logs" do get "/organisations/#{unauthorised_organisation.id}/logs", headers:, params: {} + expect(response).to have_http_status(:unauthorized) end - it "returns not found 404 from org details route" do - expect(response).to have_http_status(:not_found) - end - - it "shows the 404 view" do - expect(page).to have_content("Page not found") + it "prevents CSV download" do + expect { + post "/organisations/#{unauthorised_organisation.id}/logs/email-csv", headers:, params: {} + }.not_to enqueue_job(EmailCsvJob) + expect(response).to have_http_status(:unauthorized) end end context "when viewing logs for your organisation" do - before do + it "does not display the logs" do get "/organisations/#{organisation.id}/logs", headers:, params: {} + expect(response).to have_http_status(:unauthorized) end - it "redirects to /logs page" do - expect(response).to redirect_to("/logs") + it "prevents CSV download" do + expect { + post "/organisations/#{organisation.id}/logs/email-csv", headers:, params: {} + }.not_to enqueue_job(EmailCsvJob) + expect(response).to have_http_status(:unauthorized) end end end @@ -1035,7 +1043,7 @@ RSpec.describe OrganisationsController, type: :request do end it "has a CSV download button with the correct path" do - expect(page).to have_link("Download (CSV)", href: "/organisations/#{organisation.id}/logs/csv-download?search=") + expect(page).to have_link("Download (CSV)", href: "/organisations/#{organisation.id}/logs/csv-download") end context "when you download the CSV" do