Ensures that the directory path is disabled for editing projects (unl…

…ess the user is a system administrator) (#1090) * Ensures that the directory path is disabled for editing projects (unless the user is a system administrator) * Removing the redundant form field for cases where the Project is persisted within Mediaflux and implementing the missing tests --------- Co-authored-by: carolyncole <[email protected]>
pulibrary · Dec 16, 2024 · ae89907 · ae89907
1 parent 0fdc443
commit ae89907
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 12 deletions.
diff --git a/app/views/projects/_edit_form.html.erb b/app/views/projects/_edit_form.html.erb
@@ -131,18 +131,29 @@
                </div>
             </div>  <!-- row -->
          <% end %>
-      <% end %>
 
-      <div class="row">
-        <div class="col-md-3">
-          <label for="project_directory">Directory Path</label>
-          <div class="required-field">Required</div>
-        </div>
-        <div class="col-md-9">
-          <span class="path-info"><%= @project.project_directory_parent_path %>/ </span>
-          <input type="text" aria-label="project directory" id="project_directory" name="project_directory" required oninvalid="this.setCustomValidity('')" oninput="this.setCustomValidity('')" value="<%= @project.project_directory_short %>" pattern="[\w\p{L}\-]{1,64}" />
-        </div>
-      </div><!-- row -->
+      <% else %>
+
+        <div class="row">
+          <div class="col-md-3">
+            <label for="project_directory">Directory Path</label>
+            <div class="required-field">Required</div>
+          </div>
+          <div class="col-md-9">
+            <span class="path-info"><%= @project.project_directory_parent_path %>/ </span>
+            <% if @project.persisted? %>
+              <% if (current_user.superuser? || current_user.eligible_sysadmin?) %>
+                <input type="text" aria-label="project directory" id="project_directory" name="project_directory" required oninvalid="this.setCustomValidity('')" oninput="this.setCustomValidity('')" value="<%= @project.project_directory_short %>" pattern="[\w\p{L}\-]{1,64}" />
+              <% else %>
+                <input type="text" aria-label="project directory" id="project_directory" name="project_directory" readonly value="<%= @project.project_directory_short %>" />
+              <% end %>
+            <% else %>
+              <input type="text" aria-label="project directory" id="project_directory" name="project_directory" required oninvalid="this.setCustomValidity('')" oninput="this.setCustomValidity('')" value="<%= @project.project_directory_short %>" pattern="[\w\p{L}\-]{1,64}" />
+            <% end %>
+          </div>
+        </div><!-- row -->
+
+      <% end %>
 
       <div class="row">
         <div class="col-md-3">

diff --git a/spec/system/project_spec.rb b/spec/system/project_spec.rb
@@ -5,6 +5,7 @@
 RSpec.describe "Project Page", connect_to_mediaflux: true, type: :system  do
   let(:sponsor_user) { FactoryBot.create(:project_sponsor, uid: "pul123", mediaflux_session: SystemUser.mediaflux_session) }
   let(:sysadmin_user) { FactoryBot.create(:sysadmin, uid: "puladmin", mediaflux_session: SystemUser.mediaflux_session) }
+  let(:superuser) { FactoryBot.create(:superuser, uid: "root", mediaflux_session: SystemUser.mediaflux_session) }
   let!(:data_manager) { FactoryBot.create(:data_manager, uid: "pul987", mediaflux_session: SystemUser.mediaflux_session) }
   let(:read_only) { FactoryBot.create :user }
   let(:read_write) { FactoryBot.create :user }
@@ -126,6 +127,10 @@
         expect(project_in_mediaflux.metadata[:project_directory]).to eq "project-123"
       end
 
+      it "prevents sponsor users from editing the directory field" do
+        expect(page.find_all("#project_directory[readonly]").count).to eq(1)
+      end
+
       it "loads existing Data Sponsor" do
         expect(page.find("#non-editable-data-sponsor").text).to eq sponsor_user.uid
       end
@@ -162,6 +167,44 @@
         expect(page).to have_content(project_in_mediaflux.title)
       end
     end
+
+    context "when authenticated as a superuser" do
+      context "when the project is not persisted within Mediaflux" do
+        before do
+          project_not_in_mediaflux
+          project_not_in_mediaflux.metadata_model.status = Project::APPROVED_STATUS
+          project_not_in_mediaflux.save!
+          project_not_in_mediaflux.reload
+
+          sign_in superuser
+
+          visit "/projects/#{project_not_in_mediaflux.id}/edit"
+        end
+
+        it "permits superusers to edit the directory field" do
+          expect(page.find_all("#project_directory[readonly]").count).to eq(0)
+        end
+      end
+    end
+
+    context "when authenticated as a sysadmin user" do
+      context "when the project is not persisted within Mediaflux" do
+        before do
+          project_not_in_mediaflux
+          project_not_in_mediaflux.metadata_model.status = Project::APPROVED_STATUS
+          project_not_in_mediaflux.save!
+          project_not_in_mediaflux.reload
+
+          sign_in sysadmin_user
+
+          visit "/projects/#{project_not_in_mediaflux.id}/edit"
+        end
+
+        it "permits sysadmin users to edit the directory field" do
+          expect(page.find_all("#project_directory[readonly]").count).to eq(0)
+        end
+      end
+    end
   end
 
   context "Create page" do
@@ -324,7 +367,8 @@
         fill_in_and_out "ro-user-uid-to-add", with: read_only.uid
         fill_in_and_out "rw-user-uid-to-add", with: read_write.uid
         select "Research Data and Scholarship Services", from: "departments"
-        fill_in "project_directory", with: FFaker::Name.name.tr(" ", "_")
+        project_directory = FFaker::Name.name.tr(" ", "_")
+        fill_in "project_directory", with: project_directory
         fill_in "title", with: "My test project"
         expect(page).to have_content("/td-test-001/")
         expect(page.find_all("input:invalid").count).to eq(0)