Skip to content

Commit

Permalink
Refacto User login
Browse files Browse the repository at this point in the history
  • Loading branch information
@vincentchalamon
vincentchalamon committed May 18, 2020
1 parent b1f6a90 commit d8f6123
Show file tree
Hide file tree
Showing 112 changed files with 734 additions and 1,240 deletions.
1 change: 1 addition & 0 deletions .env.test
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,4 @@ SYMFONY_DEPRECATIONS_HELPER=disabled
DATABASE_URL=postgresql://resop:postgrespwd@postgres/resop-test?serverVersion=11&charset=utf8
PANTHER_CHROME_ARGUMENTS="--headless --no-sandbox"
PANTHER_APP_ENV=panther
APP_SLOT_INTERVAL="+2 hours"
4 changes: 2 additions & 2 deletions assets/js/_planning-missions.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ function setSlotMisssion(mission, $slot) {
missionsText += ' ';

// User part
let url = Routing.generate('app_user_availability_mission_modal', { id: mission.id });
let url = Routing.generate('app_user_availability_mission_modal', { mission: mission.id });

if (window.location.pathname.indexOf('organizations') >= 0 && !!mission?.organization?.id) {
// Organization part
url = Routing.generate('app_organization_mission_modal', { organization: mission.organization.id, id: mission.id });
url = Routing.generate('app_organization_mission_modal', { organization: mission.organization.id, mission: mission.id });
}

missionsText += $(`<button type="button" class="btn btn-link" data-toggle="ajax-modal" data-href="${url}">`).text(mission.name)[0].outerHTML;
Expand Down
2 changes: 1 addition & 1 deletion assets/js/fos_js_routes.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"base_url":"","routes":{"app_user_availability_mission_modal":{"tokens":[["text","\/modal"],["variable","\/","\\d+","id",true],["text","\/user\/availability\/missions"]],"defaults":[],"requirements":{"id":"\\d+"},"hosttokens":[],"methods":["GET"],"schemes":[]},"app_organization_mission_modal":{"tokens":[["text","\/modal"],["variable","\/","\\d+","id",true],["text","\/missions"],["variable","\/","\\d+","organization",true],["text","\/organizations"]],"defaults":[],"requirements":{"id":"\\d+","organization":"\\d+"},"hosttokens":[],"methods":["GET"],"schemes":[]},"app_organization_mission_find_by_filters":{"tokens":[["text","\/missions\/find"],["variable","\/","\\d+","organization",true],["text","\/organizations"]],"defaults":[],"requirements":{"organization":"\\d+"},"hosttokens":[],"methods":["GET"],"schemes":[]}},"prefix":"","host":"localhost","port":"","scheme":"http","locale":[]}
{"base_url":"","routes":{"app_user_availability_mission_modal":{"tokens":[["text","\/modal"],["variable","\/","\\d+","mission",true],["text","\/user\/availability\/missions"]],"defaults":[],"requirements":{"mission":"\\d+"},"hosttokens":[],"methods":["GET"],"schemes":[]},"app_organization_mission_modal":{"tokens":[["text","\/modal"],["variable","\/","\\d+","mission",true],["text","\/missions"],["variable","\/","\\d+","organization",true],["text","\/organizations"]],"defaults":[],"requirements":{"mission":"\\d+","organization":"\\d+"},"hosttokens":[],"methods":["GET"],"schemes":[]},"app_organization_mission_find_by_filters":{"tokens":[["text","\/missions\/find"],["variable","\/","\\d+","organization",true],["text","\/organizations"]],"defaults":[],"requirements":{"organization":"\\d+"},"hosttokens":[],"methods":["GET"],"schemes":[]}},"prefix":"","host":"localhost","port":"","scheme":"http","locale":[]}
30 changes: 6 additions & 24 deletions config/packages/security.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,37 +5,18 @@ security:
entity:
class: App\Entity\User

organizations:
entity:
class: App\Entity\Organization

encoders:
Symfony\Component\Security\Core\User\UserInterface:
algorithm: auto

role_hierarchy:
ROLE_VOLUNTEER: ROLE_USER

firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false

organizations:
pattern: ^/organizations
anonymous: lazy
provider: organizations
guard:
authenticators:
- App\Security\OrganizationLoginFormAuthenticator

logout:
path: app_organization_logout
target: app_organization_index

remember_me:
name: remember_me_organization
secret: '%kernel.secret%'
lifetime: 604800 # 1 week in seconds
path: /

main:
anonymous: lazy
provider: users
Expand All @@ -54,6 +35,7 @@ security:
path: /

access_control:
- { path: ^/(user\/new|login|organizations\/login)$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/organizations, roles: ROLE_ORGANIZATION }
- { path: ^/user/new$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }
- { path: ^/organizations/, roles: ROLE_ORGANIZATION }
10 changes: 8 additions & 2 deletions config/services_test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,13 @@ services:
resource: '../tests/Behat/*'

App\Tests\Behat\FixturesContext:
$aliceFixturesLoader: '@hautelook_alice.loader'
arguments:
$aliceFixturesLoader: '@hautelook_alice.loader'

App\Tests\Behat\TraversingContext:
$projectDir: '%kernel.project_dir%'
arguments:
$projectDir: '%kernel.project_dir%'

App\Tests\Behat\UserPlanningContext:
arguments:
$slotInterval: '%app.slot_interval%'
61 changes: 18 additions & 43 deletions features/organization/assets.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@ Feature:
I must be able to list, edit and delete assets in my organization.

Scenario: As an admin of an organization, I can list the assets from my organization
Given I am authenticated as "admin203@resop.com"
And I am on "/organizations/203"
Given I am authenticated as "admin201@resop.com"
And I am on "/organizations/201"
When I follow "Afficher la liste de mes véhicules"
Then I should be on "/organizations/203/assets"
Then I should be on "/organizations/201/assets/"
And the response status code should be 200
And I should see "75992"
And I should see "75996"
Expand All @@ -32,12 +32,12 @@ Feature:

Scenario: As an admin of an organization, I cannot list the assets from an organization I don't have access to
Given I am authenticated as "[email protected]"
When I go to "/organizations/202/assets"
When I go to "/organizations/202/assets/"
Then the response status code should be 403

Scenario: As an admin of a child organization, I cannot list the assets from the parent organization
Given I am authenticated as "admin203@resop.com"
When I go to "/organizations/201/assets"
Given I am authenticated as "admin204@resop.com"
When I go to "/organizations/202/assets/"
Then the response status code should be 403

Scenario Outline: As an admin of an organization, I can add an asset on my organization or children organizations
Expand All @@ -50,45 +50,22 @@ Feature:
And I press "Continuer"
Then the response status code should be 200
And I should be on "<add_url>"
When I fill in the following:
| commissionable_asset[type] | VL |
| commissionable_asset[name] | new vehicule |
| commissionable_asset[hasMobileRadio] | 1 |
| commissionable_asset[hasFirstAidKit] | 1 |
| commissionable_asset[parkingLocation] | some parking location |
| commissionable_asset[contact] | some contact |
| commissionable_asset[seatingCapacity] | 5 |
| commissionable_asset[licensePlate] | some license plate |
| commissionable_asset[comments] | some comments |
When I fill in "commissionable_asset[name]" with "new vehicule"
And I press "Enregistrer"
Then I should be on "<list_url>"
And the response status code should be 200
And I should see "Véhicule créé"
And I should see "VL - new vehicule"
When I follow the last "Modifier"
Then I should be on "/organizations/203/assets/1/edit"
And the response status code should be 200
And the "commissionable_asset_type" field should contain "VL"
And the "commissionable_asset_name" field should contain "new vehicule"
And the "commissionable_asset_hasMobileRadio_0" checkbox is checked
And the "commissionable_asset_hasFirstAidKit_0" checkbox is checked
And the "commissionable_asset_parkingLocation" field should contain "some parking location"
And the "commissionable_asset_contact" field should contain "some contact"
And the "commissionable_asset_seatingCapacity" field should contain "5"
And the "commissionable_asset_licensePlate" field should contain "some license plate"
And the "commissionable_asset_comments" field should contain "some comments"
And I should see "new vehicule"
Examples:
| login | list_url | preAdd_url | add_url |
# todo: there is a bug when using parent organization: https://github.com/crf-devs/resop/issues/360
# todo: how to create a new asset on a children organization (but not on current one)?
# | [email protected] | /organizations/201/assets?organization=203 | /organizations/201/assets/preAdd | /organizations/201/assets/add |
| admin203@resop.com | /organizations/203/assets | /organizations/203/assets/preAdd | /organizations/203/assets/add |
| login | list_url | preAdd_url | add_url |
| admin201@resop.com | /organizations/201/assets/?organizationId=203 | /organizations/201/assets/preAdd?organizationId=203 | /organizations/201/assets/add?organizationId=203 |
| admin204@resop.com | /organizations/204/assets/ | /organizations/204/assets/preAdd | /organizations/204/assets/add |

# TODO Fix this test
# @javascript
# Scenario: As an admin of an organization, I can display an asset modal
# Given I am authenticated as "[email protected]"
# When I go to "/organizations/201/assets"
# When I go to "/organizations/201/assets/"
# And I press "Afficher"
# And I wait for ".ajax-modal-content" to be visible
# Then I should see "Modifier"
Expand All @@ -100,20 +77,18 @@ Feature:
When I go to "<edit_url>"
Then I should be on "<edit_url>"
And the response status code should be 200
And the "commissionable_asset_name" field should contain "75012"
When I fill in the following:
| commissionable_asset[name] | new name |
And the "commissionable_asset_name" field should contain "<name>"
When I fill in "commissionable_asset[name]" with "new name"
And I press "Enregistrer"
Then I should be on "<list_url>"
And the response status code should be 200
And I should see "Véhicule \"VPSP - new name\" mis à jour avec succès"
When I go to "<edit_url>"
And the "commissionable_asset_name" field should contain "new name"
Examples:
| login | edit_url | list_url |
# todo: there is a bug when using parent organization: https://github.com/crf-devs/resop/issues/360
# | [email protected] | /organizations/201/assets/75012/edit | /organizations/201/assets?organization=203 |
| admin203@resop.com | /organizations/203/assets/75012/edit | /organizations/203/assets |
| login | name | edit_url | list_url |
| admin201@resop.com | 75012 | /organizations/201/assets/75012/edit | /organizations/201/assets/?organizationId=203 |
| admin204@resop.com | 77102 | /organizations/204/assets/77102/edit | /organizations/204/assets/ |

Scenario: As an admin of a parent organization, I cannot update an asset from an organization I don't have access to
Given I am authenticated as "[email protected]"
Expand Down Expand Up @@ -150,7 +125,7 @@ Feature:

Scenario: As an admin of a parent organization, I cannot delete an asset from another organization
Given I am authenticated as "[email protected]"
When I go to "/organizations/202/assets"
When I go to "/organizations/202/assets/"
Then the response status code should be 403
When I go to "/organizations/202/assets/77992/delete"
Then the response status code should be 403
Expand Down
8 changes: 4 additions & 4 deletions features/organization/forecast.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,12 @@ Feature:
I must be able to search for available users and assets.

Scenario: As an authenticated children organization, I cannot use the forecast search form
Given I am authenticated as "UL 01-02"
When I go to "/organizations/201/forecast/"
Given I am authenticated as "[email protected]"
When I go to "/organizations/202/forecast/"
Then the response status code should be 403

Scenario: As an authenticated parent organization, I can access the forecast search form
Given I am authenticated as "DT75"
Given I am authenticated as "[email protected]"
When I go to "/organizations/201"
Then I should see "Projections"
When I follow "Projections"
Expand All @@ -20,7 +20,7 @@ Feature:

@javascript
Scenario: As an authenticated parent organization, I can use the forecast search form
Given I am authenticated as "DT75"
Given I am authenticated as "[email protected]"
And I am on "/organizations/201/forecast/"
When I click on "#availableRange"
Then I wait for ".daterangepicker" to be visible
Expand Down
19 changes: 9 additions & 10 deletions features/organization/home.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,21 +21,20 @@ Feature:
When I go to "<url>"
Then the response status code should be 403
Examples:
| url |
| /organizations/203 |
| /organizations/203/new |
| /organizations/203/search |
| /organizations/203/edit |
| /organizations/203/assets |
| /organizations/203/users |
| /organizations/planning |
| url |
| /organizations/203 |
| /organizations/203/children/new |
| /organizations/203/search |
| /organizations/203/assets/ |
| /organizations/203/users/ |
| /organizations/203/planning |

Scenario Outline: As an admin of an organization, I cannot go to the homepage of another organization
Given I am authenticated as "[email protected]"
When I go to "<url>"
Then the response status code should be 403
Examples:
| url |
| /organizations/2 |
| url |
| /organizations/202 |
| /organizations/203 |
| /organizations/204 |
14 changes: 7 additions & 7 deletions features/organization/mission_type.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ Feature:
I must be able to list, edit and delete mission types.

Scenario: As an organization, I can list my mission types
Given I am authenticated as "DT75"
Given I am authenticated as "[email protected]"
And I am on "/organizations/201"
When I follow "Modifier les types de missions"
Then I should be on "/organizations/201/mission_type/"
Expand All @@ -17,7 +17,7 @@ Feature:

@javascript
Scenario: As an organization, I can create a mission type
Given I am authenticated as "DT75"
Given I am authenticated as "[email protected]"
And I am on "/organizations/201/mission_type/"
When I follow "Ajouter un nouveau type de mission"
Then I should be on "/organizations/201/mission_type/new"
Expand All @@ -43,7 +43,7 @@ Feature:

@javascript
Scenario: As an organization, I cannot create a mission type with duplicate requirements
Given I am authenticated as "DT75"
Given I am authenticated as "[email protected]"
And I am on "/organizations/201/mission_type/"
When I follow "Ajouter un nouveau type de mission"
Then I should be on "/organizations/201/mission_type/new"
Expand All @@ -69,7 +69,7 @@ Feature:

@javascript
Scenario: As an organization, I can edit a mission type
Given I am authenticated as "DT75"
Given I am authenticated as "[email protected]"
And I am on "/organizations/201/mission_type/"
When I follow "Modifier"
Then I should be on "/organizations/201/mission_type/751/edit"
Expand All @@ -84,13 +84,13 @@ Feature:
And I should see "CI Réseau BSPP"

Scenario: As an organization, I cannot edit a mission type of another organization
Given I am authenticated as "DT75"
Given I am authenticated as "[email protected]"
And I am on "/organizations/201/mission_type/771/edit"
Then the response status code should be 403

@javascript
Scenario: As an organization, I can delete a mission type
Given I am authenticated as "DT75"
Given I am authenticated as "[email protected]"
And I am on "/organizations/201/mission_type/"
When I follow "Supprimer"
And I wait for "#delete-item-modal" to be visible
Expand All @@ -101,7 +101,7 @@ Feature:
And I should not see "Mission type DT75 1"

Scenario: As an organization, I cannot delete a mission type of another organization
Given I am authenticated as "DT75"
Given I am authenticated as "[email protected]"
And I am on "/organizations/201/mission_type/771/delete"
Then the response status code should be 403

14 changes: 7 additions & 7 deletions features/organization/planning.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@ Feature:
I must have access to the planning and I can filter what is displayed.

Scenario: As an organization, I have access to the planning and I can see my resources
Given I am authenticated as "UL 01-02"
And I am on "/organizations/203"
Given I am authenticated as "[email protected]"
And I am on "/organizations/204"
When I follow "Afficher les disponibilités de mes bénévoles pour la semaine prochaine"
Then the response status code should be 200
And I should be on "/organizations/203/planning/"
And I should be on "/organizations/204/planning/"
And I should see "VPSP - 75012"
And I should see "VPSP - 75014"
And I should see "VL - 75016"
Expand All @@ -22,8 +22,8 @@ Feature:
And I should not see "John DOE"

Scenario: As an organization, I have access to the planning and I can see my resources' availability
Given I am authenticated as "UL 01-02"
And I am on "/organizations/203"
Given I am authenticated as "[email protected]"
And I am on "/organizations/204"
When I follow "Afficher les disponibilités de mes bénévoles pour la semaine prochaine"
Then the response status code should be 200
And availability of user "Jane DOE" should be "unknown" on "next monday" at 02:00
Expand All @@ -36,7 +36,7 @@ Feature:
And availability of asset "VPSP - 75012" should be "booked" on "tuesday next week" at 14:00

Scenario: As a parent organization, I have access to the planning of my children organizations
Given I am authenticated as "DT75"
Given I am authenticated as "[email protected]"
And I am on "/organizations/201"
When I follow "Afficher les disponibilités de mes bénévoles pour la semaine prochaine"
Then the response status code should be 200
Expand All @@ -51,7 +51,7 @@ Feature:
And I should see "Jane DOE"

Scenario: As an organization, I can filter the resources displayed on planing
Given I am authenticated as "DT75"
Given I am authenticated as "[email protected]"
And I am on "/organizations/201/planning/"
Then I should not see "John DOE"
And I should see "VPSP - 75992"
Expand Down
Loading

0 comments on commit d8f6123

Please sign in to comment.