[1339] hide announcement #1350
[1339] hide announcement #1350
Conversation
|
Here are some notes on testing cookies in controller specs. You'd basically want to use the Devise helpers for spoofing user login in the tests - to see how we've done it in the past you can look at |
|
@AlanLiu96 - Ready for your code review |
|
@orenyk - While doing he's code review for this issue Alan raised a valid question, should a banned user be able to hide the announcements as well? |
|
It looks good mostly! The only issues that came up were when checkout users and banned users were not able to hide the announcement. I also found that if you hid the announcements and quickly changed the page, the announcements were still there, but I think that's a separate issue (or not one we have to worry much about anyway). Once the checkout users and banned users are addressed, it should be set to merge in! |
|
Thanks @AlanLiu96! Regarding the refresh issue - did the "hidden" announcements stay visible permanently or only for a single refresh? Either way it's probably ok, but we should still understand what's going on. |
|
A second note - once we squash these commits we should cherry pick that squashed commit onto |
|
I'm not sure if it's fixed now, but the hidden announcements stayed there permanently when I last checked. I think that it was probably just from changing the page too quickly before it fully completed the request made to hide the announcement. |
|
@alex-kogan please comment when @AlanLiu96's comments re: checkout persons and banned users have been addressed, thanks! |
|
@alex-kogan I just tested locally and confirmed that Checkout Persons and Banned users can't dismiss announcements. Let's get it fixed and make sure that the tests are actually working. |
|
@AlanLiu96 & @orenyk - Added the needed abilities please recheck. |
|
Looks good, although I'm confused as to why your tests didn't pick it up. I'll do a code review now and see if we can figure it out. |
| @@ -31,6 +31,7 @@ def initialize(user) # rubocop:disable all | |||
| can :override, :reservation_errors if AppConfig.get(:override_on_create) | |||
| can :override, :checkout_errors if AppConfig.get(:override_at_checkout) | |||
| can :view_detailed, EquipmentModel | |||
| can :hide, Announcement | |||
There was a problem hiding this comment.
This line is unnecessary given line 47 below.
There was a problem hiding this comment.
I noticed the redundancy but for some reason without that line checkout-person can't hide the announcement
There was a problem hiding this comment.
Huh, that's odd. I'll mess around and see if I can figure out why.
There was a problem hiding this comment.
For the record, this is a separate issue and we'll deal with it in #1391
|
@orenyk - my hypothesis about the tests:
|
| @@ -129,5 +149,8 @@ | |||
| end | |||
| it_behaves_like 'access denied' | |||
| end | |||
| context 'GET hide' do | |||
There was a problem hiding this comment.
Note that this test only checks for patrons (see line 123 above), not all user roles. That's why it didn't catch the others. We should probably write tests for all roles... as this is a common problem I'm going to open a new issue to write an RSpec helper to deal with it.
There was a problem hiding this comment.
Now I remember that when we discussed it last time that was the decision made :)
I'll wait for the issue to open
There was a problem hiding this comment.
Gotcha. For this issue let's include separate tests for all roles and we'll refactor in #1390. I'm still looking into the ability.rb thing, it might actually be fundamentally broken 😛.
|
Ok, |
| verifier = ActiveSupport::MessageVerifier.new( | ||
| Reservations::Application.config.secret_key_base) | ||
| name = 'hidden_announcement_ids' | ||
| @request.cookies[name] = verifier.generate([@announcement[:id].to_s]) |
There was a problem hiding this comment.
Why are we using @request instead of just request? Changing it doesn't appear to break the spec.
There was a problem hiding this comment.
Ok, the major issue is here. You're basically setting the relevant cookie in the request and therefore it's still set in the response, regardless of the controller behavior. If we look at this SO answer, we see how we would test for a signed cookie, effectively deleting line 29 (this line) and adding the following after line 30:
jar.signed[name] = [@announcement[:id].to_s]
This gives us an equivalent cookie to test against, and then we check to make sure the response has the right cookie value. I made sure it worked by commenting out the relevant line in ability.rb and the test failed as expected.
Let's get this text fixed and duplicate it to check all user roles. Let me know if you have any questions!
|
Ok, more problematically, the spec doesn't actually appear to test anything (in the sense that when I remove the "fix" in |
|
Ok, figured it out - I'll comment inline. |
| Reservations::Application.config.secret_key_base) | ||
| name = 'hidden_announcement_ids' | ||
| @request.cookies[name] = verifier.generate([@announcement[:id].to_s]) | ||
| jar = @request.cookie_jar |
There was a problem hiding this comment.
Also, let's remove the @ here (so it would be jar = request.cookie_jar) for consistency.
|
@orenyk - Fixed the actual spec to test the hiding of the announcements, also added specs for each type of user. Ready for re-review. |
| @@ -130,4 +145,43 @@ | |||
| it_behaves_like 'access denied' | |||
| end | |||
| end | |||
| context 'check hide' do | |||
| before { @announcement = FactoryGirl.create(:announcement) } | |||
There was a problem hiding this comment.
This isn't necessary given line 20 above, @announcement already exists.
|
Ok, this is now working as expected, well done 😄. Just a few inline comments, mostly regarding the naming of test blocks and the organization of the spec file, and I think this will be good to squash. Feel free to squash after making the changes and we'll give this a final quick review before cherry-picking for v5.5.1 and merging both PR's. Thanks! |
|
Fixed all the comments, I don't really know how to squash... |
|
Great, looks good. Here's our guide to squashing commits from the contributing guide - you can replace step 1 by just looking at the pull request (i.e. it says "9 Commits" at the top), but everything else should work fine. Give it a shot; as long as you don't push things to GitHub you can always delete your local branch and try again if you mess something up. Let me know if you run into any specific issues! |
|
I squashed the commits, now what? |
|
Now you'd force-push to this branch: If you're worried that you might have messed something up you can always create a new branch at the new commit and push that instead, just to verify that the diff is identical (although it should be) without overwriting any history. Does that make sense? |
alex-kogan
force-pushed
the
1339_hide_announcement
branch
from
d4f5021 to
081e261
Compare
|
Done! |
|
Looks good. The last thing is you need to update the commit message to clean up all the duplication from the various commit messages (everything after |
|
@alex-kogan I don't know if you missed this but I'd like to get this onto |
|
Haven't missed it will do it asap. Thanks! ב-5 בינו׳ 2016, בשעה 9:01, Oren Kanner [email protected] כתב/ה:
|
|
Thank you!
|
Resolves #1339 - Change the ability file - Add a cookie testing spec - Add shared examples for specs
alex-kogan
force-pushed
the
1339_hide_announcement
branch
from
081e261 to
3742415
Compare
|
Done - ready for realse |
|
Perfect, merging. I'll cherry-pick onto |
Resolves #1339 on
master