Add tests for access control and setup users for testing

ManuelMoeri · ManuelMoeri · commit 6edce74c9402 · 2025-07-29T14:13:14.000+02:00
diff --git a/db/seeds/support/person_seeder.rb b/db/seeds/support/person_seeder.rb
@@ -19,6 +19,9 @@ def seed_people(names)
         seed_project_technology(project.id)
       end
     end
+
+    # Allow the default logged-in user to edit themselves
+    Person.find_by_name("Carl Albrecht Conf Admin")&.update(auth_user_id: 1)
   end
 
   def seed_association(assoc_name, person_id)
diff --git a/spec/features/people_spec.rb b/spec/features/people_spec.rb
@@ -379,4 +379,29 @@ def add_language(language)
       expect(page).to have_no_content(t("people.index.profile"))
     end
   end
+
+  describe 'Access control' do
+    before(:each) do
+      sign_in auth_users(:user)
+    end
+
+    it 'logged in person can edit their own profile' do
+      ursula = people(:user)
+      visit person_path(ursula)
+
+      click_link('Bearbeiten', href: edit_person_path(ursula))
+      fill_in 'person_title', with: 'Expert at access control'
+      save_button = find_button("Person aktualisieren")
+      save_button.click
+
+      expect(page).to have_content('Expert at access control')
+    end
+
+    it 'logged in person should no be able to edit other profiles' do
+      longmax = people(:longmax)
+      visit person_path(longmax)
+
+      expect{ click_link('Bearbeiten', href: edit_person_path(longmax)) }.to raise_error("You are not authorized to access this page.")
+    end
+  end
 end
diff --git a/spec/fixtures/auth_users.yml b/spec/fixtures/auth_users.yml
@@ -4,7 +4,6 @@ user:
   email: user@skills.ch
   is_admin: false
 
-
 admin: 
   uid: 1234-5678-9012-3457
   name: Andreas Admin
diff --git a/spec/fixtures/people.yml b/spec/fixtures/people.yml
@@ -182,4 +182,22 @@ maximillian:
     Figma
   display_competence_notes_in_cv: false
   email: maximillian@example.com
-  department: mid
+  department: mid
+
+user:
+  birthdate: 1995-05-32 16:04:56
+  location: Belp
+  marital_status: <%= Person.marital_statuses[:single] %>
+  name: Ursula User
+  nationality: CH
+  roles: [ software-engineer ]
+  title: Just a user
+  competence_notes: |
+    Python
+    Go
+    Unity
+  company: firma
+  email: user@example.com
+  department: dev-one
+  shortname: UU
+  auth_user_id: 227792459
