Added a feature to generate uuid links for coaches to submit their school lineups.

2026-03-24 17:04:43 +00:00 · 2025-02-18 16:39:10 -05:00
parent 934b34d0b7
commit 91e1939e69
20 changed files with 725 additions and 272 deletions
--- a/test/controllers/schools_controller_test.rb
+++ b/test/controllers/schools_controller_test.rb
@@ -4,9 +4,11 @@ class SchoolsControllerTest < ActionController::TestCase
  include Devise::Test::ControllerHelpers

  setup do
-     @tournament = Tournament.find(1)
+    @tournament = Tournament.find(1)
    # @tournament.generateMatchups
-     @school = @tournament.schools.first
+    @school = @tournament.schools.first
+    @school.update(permission_key: SecureRandom.uuid) # Generate a valid school_permission_key
+    @school_permission_key = @school.permission_key
  end
 
  def create
@@ -17,20 +19,20 @@ class SchoolsControllerTest < ActionController::TestCase
    get :new, params: { tournament: @tournament.id }
  end

-  def get_show
-    get :show, params: { id: @school.id }
+  def get_show(extra_params = {})
+    get :show, params: { id: @school.id }.merge(extra_params)
  end

-  def post_update
-    patch :update, params: { id: @school.id, school: {name: @school.name, tournament_id: @school.tournament_id} }
+  def post_update(extra_params = {})
+    patch :update, params: { id: @school.id, school: { name: @school.name, tournament_id: @school.tournament_id } }.merge(extra_params)
  end

-  def destroy
-    delete :destroy, params: { id: @school.id }
+  def destroy(extra_params = {})
+    delete :destroy, params: { id: @school.id }.merge(extra_params)
  end

-  def get_edit
-    get :edit, params: { id: @school.id }
+  def get_edit(extra_params = {})
+    get :edit, params: { id: @school.id }.merge(extra_params)
  end
  
  def sign_in_owner
@@ -288,6 +290,150 @@ Some Guy
    get_show
    success 
  end
+
+  test "non logged in user can get stats page when tournament is public" do
+    @tournament.is_public = true
+    @tournament.save
+    get :stats, params: { id: @school.id }
+    success 
+  end
+
+  test "logged in school delegate can get stats page when tournament is not public" do
+    @tournament.is_public = false
+    @tournament.save
+    sign_in_school_delegate
+    get :stats, params: { id: @school.id }
+    success
+  end
+
+  test "logged in tournament owner can get stats page when tournament is not public" do
+    @tournament.is_public = false
+    @tournament.save
+    sign_in_owner
+    get :stats, params: { id: @school.id }
+    success
+  end
+
+  test "logged in tournament delegate can get stats page when tournament is not public" do
+    @tournament.is_public = false
+    @tournament.save
+    sign_in_tournament_delegate
+    get :stats, params: { id: @school.id }
+    success
+  end
+
+  test "logged in non owner cannot get stats page when tournament is not public" do
+    @tournament.is_public = false
+    @tournament.save
+    sign_in_non_owner
+    get :stats, params: { id: @school.id }
+    redirect
+  end
+
+  test "non logged in user cannot get stats page when tournament is not public" do
+    @tournament.is_public = false
+    @tournament.save
+    sign_in_non_owner
+    get :stats, params: { id: @school.id }
+    redirect
+  end
+
+  test "stats page without school_permission_key does not include it in 'Back to School' link" do
+    get :stats, params: { id: @school.id }
+    success
+
+    # The link is typically: /schools/:id?school_permission_key=valid_key
+    # 'Back to Central Crossing' or similar text
+    assert_select "a[href=?]", school_path(id: @school.id), text: /Back to/
+  end
+
+  test "wrestler links do not contain school_permission_key when not used" do
+    @tournament.update(is_public: false)
+    sign_in_owner
+    get_show
+  
+    assert_select "a[href=?]", new_wrestler_path(school: @school.id), text: "New Wrestler"
+  
+    @school.wrestlers.each do |wrestler|
+      # Check only for the DELETE link, specifying 'data-method="delete"' to exclude profile links
+      assert_select "a[href=?][data-method=delete]", wrestler_path(wrestler), count: 1
+  
+      # Check edit link
+      assert_select "a[href=?]", edit_wrestler_path(wrestler), count: 1
+    end
+  end  
  # END SHOW PAGE PERMISSIONS

+  # School permission key tests
+
+  test "non logged in user can get show page when using valid school_permission_key" do
+    @tournament.update(is_public: false)
+    get_show(school_permission_key: @school_permission_key)
+    success
+  end
+
+  test "non logged in user cannot get show page when using invalid school_permission_key" do
+    @tournament.update(is_public: false)
+    get_show(school_permission_key: "invalid-key")
+    redirect
+  end
+
+  test "non logged in user can edit school with valid school_permission_key" do
+    @tournament.update(is_public: false)
+    get_edit(school_permission_key: @school_permission_key)
+    success
+  end
+
+  test "non logged in user cannot edit school with invalid school_permission_key" do
+    @tournament.update(is_public: false)
+    get_edit(school_permission_key: "invalid-key")
+    redirect
+  end
+
+  test "non logged in user can update school with valid school_permission_key" do
+    @tournament.update(is_public: false)
+    post_update(school_permission_key: @school_permission_key)
+    assert_redirected_to tournament_path(@school.tournament_id)
+  end
+
+  test "non logged in user cannot update school with invalid school_permission_key" do
+    @tournament.update(is_public: false)
+    post_update(school_permission_key: "invalid-key")
+    redirect
+  end
+
+  test "non logged in user cannot delete school with invalid school_permission_key" do
+    @tournament.update(is_public: false)
+    destroy(school_permission_key: "invalid-key")
+    redirect
+  end
+
+  test "non logged in user cannot delete school with valid school_permission_key" do
+    @tournament.update(is_public: false)
+    destroy(school_permission_key: @school_permission_key)
+    redirect
+  end
+
+  # Ensure school_permission_key is used in wrestler links
+  test "wrestler links contain school_permission_key when used" do
+    @tournament.update(is_public: false)
+    get_show(school_permission_key: @school_permission_key)
+
+    assert_select "a[href=?]", new_wrestler_path(school: @school.id, school_permission_key: @school_permission_key), text: "New Wrestler"
+    
+    @school.wrestlers.each do |wrestler|
+      assert_select "a[href=?]", edit_wrestler_path(wrestler, school_permission_key: @school_permission_key)
+      assert_select "a[href=?]", wrestler_path(wrestler, school_permission_key: @school_permission_key), method: :delete
+    end
+  end
+
+  test "stats page with school_permission_key includes it in 'Back to School' link" do
+    get :stats, params: { id: @school.id, school_permission_key: @school_permission_ke }
+    success
+
+    # The link is typically: /schools/:id?school_permission_key=valid_key
+    # 'Back to Central Crossing' or similar text
+    assert_select "a[href=?]", school_path(id: @school.id, school_permission_key: @school_permission_ke), text: /Back to/
+  end
+  # End school permission key tests
 end
--- a/test/controllers/tournaments_controller_test.rb
+++ b/test/controllers/tournaments_controller_test.rb
@@ -800,4 +800,57 @@ class TournamentsControllerTest < ActionController::TestCase
    get :generate_matches, params: { id: @tournament.id }
    success
  end
+
+  test "tournament owner can create school keys" do
+    sign_in_owner
+    post :generate_school_keys, params: { id: @tournament.id }
+    assert_redirected_to school_delegate_path(@tournament)
+    assert_equal "School permission keys generated successfully.", flash[:notice]
+  end
+  
+  test "tournament owner can delete school keys" do
+    sign_in_owner
+    post :delete_school_keys, params: { id: @tournament.id }
+    # Update this path/notices if your controller redirects differently
+    assert_redirected_to school_delegate_path(@tournament)
+    assert_equal "All school permission keys have been deleted.", flash[:notice]
+  end
+  
+  test "tournament delegate can create school keys" do
+    sign_in_delegate
+    post :generate_school_keys, params: { id: @tournament.id }
+    assert_redirected_to school_delegate_path(@tournament)
+    assert_equal "School permission keys generated successfully.", flash[:notice]
+  end
+  
+  test "tournament delegate can delete school keys" do
+    sign_in_delegate
+    post :delete_school_keys, params: { id: @tournament.id }
+    assert_redirected_to school_delegate_path(@tournament)
+    assert_equal "All school permission keys have been deleted.", flash[:notice]
+  end
+  
+  test "logged in non-owner cannot create school keys" do
+    sign_in_non_owner
+    post :generate_school_keys, params: { id: @tournament.id }
+    redirect
+  end
+  
+  test "logged in non-owner cannot delete school keys" do
+    sign_in_non_owner
+    post :delete_school_keys, params: { id: @tournament.id }
+    redirect
+  end
+  
+  test "non logged in user cannot create school keys" do
+    # no sign_in
+    post :generate_school_keys, params: { id: @tournament.id }
+    redirect
+  end
+  
+  test "non logged in user cannot delete school keys" do
+    # no sign_in
+    post :delete_school_keys, params: { id: @tournament.id }
+    redirect
+  end
 end
--- a/test/controllers/wrestlers_controller_test.rb
+++ b/test/controllers/wrestlers_controller_test.rb
@@ -5,8 +5,9 @@ class WrestlersControllerTest < ActionController::TestCase

  setup do
     @tournament = Tournament.find(1)
-    # @tournament.generateMatchups
+     @tournament.update(is_public: true)
     @school = @tournament.schools.first
+     @school.update(permission_key: SecureRandom.uuid)
     @wrestler = @school.wrestlers.first
  end
 
@@ -168,10 +169,139 @@ class WrestlersControllerTest < ActionController::TestCase
    redirect
  end

-  test "view wrestler" do
+  # View wrestler based on tournament.is_public
+
+  test "a non logged in user can view wrestler when tournament is_public is true" do
    get :show, params: { id: @wrestler.id }
    success
  end

+  test "a non logged in user cannot view wrestler when tournament is_public is false" do
+    @tournament.update(is_public: false)
+    get :show, params: { id: @wrestler.id }
+    redirect
+  end

+  test "a logged in user non tournament owner cannot view wrestler when tournament is_public is false" do
+    @tournament.update(is_public: false)
+    sign_in_non_owner
+    get :show, params: { id: @wrestler.id }
+    redirect
+  end
+
+  test "a logged in user tournament owner can view wrestler when tournament is_public is false" do
+    @tournament.update(is_public: false)
+    sign_in_owner
+    get :show, params: { id: @wrestler.id }
+    success
+  end
+
+  test "a logged in user school delgate can view wrestler when tournament is_public is false" do
+    @tournament.update(is_public: false)
+    sign_in_school_delegate
+    get :show, params: { id: @wrestler.id }
+    success
+  end
+
+  test "a logged in user tournament delgate can view wrestler when tournament is_public is false" do
+    @tournament.update(is_public: false)
+    sign_in_tournament_delegate
+    get :show, params: { id: @wrestler.id }
+    success
+  end
+
+  # school permission key tests
+
+  test "a non logged in user with VALID school permission key can view wrestler when tournament is_public is false" do
+    valid_key = @school.permission_key
+    @tournament.update(is_public: false)
+    get :show, params: { id: @wrestler.id, school_permission_key: valid_key }
+    success
+  end
+
+  test "a non logged in user with INVALID school permission key cannot view wrestler when tournament is_public is false" do
+    @tournament.update(is_public: false)
+    get :show, params: { id: @wrestler.id, school_permission_key: "INVALID-KEY" }
+    redirect
+  end
+
+  test "non logged in user with VALID key can get edit wrestler page" do
+    valid_key = @school.permission_key
+    get :edit, params: { id: @wrestler.id, school_permission_key: valid_key }
+    success
+  end
+
+  test "non logged in user with INVALID key cannot get edit wrestler page" do
+    get :edit, params: { id: @wrestler.id, school_permission_key: "INVALID-KEY" }
+    redirect
+  end
+
+  test "non logged in user with VALID key can post update wrestler" do
+    valid_key = @school.permission_key
+    # The form includes school_permission_key as part of wrestler_params
+    patch :update, params: { id: @wrestler.id, wrestler: { name: "New Name", school_id: @school.id, school_permission_key: valid_key } }
+    assert_redirected_to school_path(@school.id, school_permission_key: valid_key)
+  end
+
+  test "non logged in user with INVALID key cannot post update wrestler" do
+    patch :update, params: { id: @wrestler.id, wrestler: { name: "New Name", school_id: @school.id }, school_permission_key: "INVALID-KEY" }
+    redirect
+  end
+
+  test "non logged in user with VALID key can create a new wrestler" do
+    valid_key = @school.permission_key
+
+    get :new, params: { school: @school.id, school_permission_key: valid_key }
+    success
+    # The form includes school_permission_key as part of wrestler_params
+    post :create, params: { wrestler: { name: "Test from Key", weight_id: 1, school_id: @school.id, school_permission_key: valid_key }}
+    assert_redirected_to school_path(@school.id, school_permission_key: valid_key)
+  end
+
+  test "non logged in user with INVALID key cannot create a new wrestler" do
+    get :new, params: { school: @school.id, school_permission_key: "INVALID-KEY" }
+    redirect
+    post :create, params: { wrestler: { name: "Test from Key", weight_id: 1, school_id: @school.id }, school_permission_key: "INVALID-KEY" }
+    redirect
+  end
+
+  test "non logged in user with VALID key can destroy a wrestler" do
+    valid_key = @school.permission_key
+    delete :destroy, params: { id: @wrestler.id, school_permission_key: valid_key }
+    assert_redirected_to school_path(@school.id, school_permission_key: valid_key)
+  end
+
+  test "non logged in user with INVALID key cannot destroy a wrestler" do
+    delete :destroy, params: { id: @wrestler.id, school_permission_key: "INVALID-KEY" }
+    redirect
+  end
+
+  test "non logged in user with VALID key can view a wrestler" do
+    valid_key = @school.permission_key
+    get :show, params: { id: @wrestler.id, school_permission_key: valid_key }
+    success
+  end
+
+  test "non logged in user with INVALID key cannot view a wrestler" do
+    @tournament.update(is_public: false)
+    get :show, params: { id: @wrestler.id, school_permission_key: "INVALID-KEY" }
+    redirect
+  end
+
+  test "show page with valid school_permission_key includes it in 'Back to School' link" do
+    valid_key = @school.permission_key
+    get :show, params: { id: @wrestler.id, school_permission_key: valid_key }
+    success
+
+    # The link is typically: /schools/:id?school_permission_key=valid_key
+    # 'Back to Central Crossing' or similar text
+    assert_select "a[href=?]", school_path(@school, school_permission_key: valid_key), text: /Back to/
+  end
+
+  test "show page with NO key does not include it in 'Back to School' link" do
+    get :show, params: { id: @wrestler.id }
+    success
+
+    assert_select "a[href=?]", school_path(@school), text: /Back to/
+  end
 end