Added a feature to generate uuid links for coaches to submit their school lineups.

2026-04-03 05:27:25 +00:00 · 2025-02-18 16:39:10 -05:00
parent 934b34d0b7
commit 91e1939e69
20 changed files with 725 additions and 272 deletions
--- a/test/controllers/schools_controller_test.rb
+++ b/test/controllers/schools_controller_test.rb
@@ -4,9 +4,11 @@ class SchoolsControllerTest < ActionController::TestCase
  include Devise::Test::ControllerHelpers

  setup do
-     @tournament = Tournament.find(1)
+    @tournament = Tournament.find(1)
    # @tournament.generateMatchups
-     @school = @tournament.schools.first
+    @school = @tournament.schools.first
+    @school.update(permission_key: SecureRandom.uuid) # Generate a valid school_permission_key
+    @school_permission_key = @school.permission_key
  end
 
  def create
@@ -17,20 +19,20 @@ class SchoolsControllerTest < ActionController::TestCase
    get :new, params: { tournament: @tournament.id }
  end

-  def get_show
-    get :show, params: { id: @school.id }
+  def get_show(extra_params = {})
+    get :show, params: { id: @school.id }.merge(extra_params)
  end

-  def post_update
-    patch :update, params: { id: @school.id, school: {name: @school.name, tournament_id: @school.tournament_id} }
+  def post_update(extra_params = {})
+    patch :update, params: { id: @school.id, school: { name: @school.name, tournament_id: @school.tournament_id } }.merge(extra_params)
  end

-  def destroy
-    delete :destroy, params: { id: @school.id }
+  def destroy(extra_params = {})
+    delete :destroy, params: { id: @school.id }.merge(extra_params)
  end

-  def get_edit
-    get :edit, params: { id: @school.id }
+  def get_edit(extra_params = {})
+    get :edit, params: { id: @school.id }.merge(extra_params)
  end
  
  def sign_in_owner
@@ -288,6 +290,150 @@ Some Guy
    get_show
    success 
  end
+
+  test "non logged in user can get stats page when tournament is public" do
+    @tournament.is_public = true
+    @tournament.save
+    get :stats, params: { id: @school.id }
+    success 
+  end
+
+  test "logged in school delegate can get stats page when tournament is not public" do
+    @tournament.is_public = false
+    @tournament.save
+    sign_in_school_delegate
+    get :stats, params: { id: @school.id }
+    success
+  end
+
+  test "logged in tournament owner can get stats page when tournament is not public" do
+    @tournament.is_public = false
+    @tournament.save
+    sign_in_owner
+    get :stats, params: { id: @school.id }
+    success
+  end
+
+  test "logged in tournament delegate can get stats page when tournament is not public" do
+    @tournament.is_public = false
+    @tournament.save
+    sign_in_tournament_delegate
+    get :stats, params: { id: @school.id }
+    success
+  end
+
+  test "logged in non owner cannot get stats page when tournament is not public" do
+    @tournament.is_public = false
+    @tournament.save
+    sign_in_non_owner
+    get :stats, params: { id: @school.id }
+    redirect
+  end
+
+  test "non logged in user cannot get stats page when tournament is not public" do
+    @tournament.is_public = false
+    @tournament.save
+    sign_in_non_owner
+    get :stats, params: { id: @school.id }
+    redirect
+  end
+
+  test "stats page without school_permission_key does not include it in 'Back to School' link" do
+    get :stats, params: { id: @school.id }
+    success
+
+    # The link is typically: /schools/:id?school_permission_key=valid_key
+    # 'Back to Central Crossing' or similar text
+    assert_select "a[href=?]", school_path(id: @school.id), text: /Back to/
+  end
+
+  test "wrestler links do not contain school_permission_key when not used" do
+    @tournament.update(is_public: false)
+    sign_in_owner
+    get_show
+  
+    assert_select "a[href=?]", new_wrestler_path(school: @school.id), text: "New Wrestler"
+  
+    @school.wrestlers.each do |wrestler|
+      # Check only for the DELETE link, specifying 'data-method="delete"' to exclude profile links
+      assert_select "a[href=?][data-method=delete]", wrestler_path(wrestler), count: 1
+  
+      # Check edit link
+      assert_select "a[href=?]", edit_wrestler_path(wrestler), count: 1
+    end
+  end  
  # END SHOW PAGE PERMISSIONS

+  # School permission key tests
+
+  test "non logged in user can get show page when using valid school_permission_key" do
+    @tournament.update(is_public: false)
+    get_show(school_permission_key: @school_permission_key)
+    success
+  end
+
+  test "non logged in user cannot get show page when using invalid school_permission_key" do
+    @tournament.update(is_public: false)
+    get_show(school_permission_key: "invalid-key")
+    redirect
+  end
+
+  test "non logged in user can edit school with valid school_permission_key" do
+    @tournament.update(is_public: false)
+    get_edit(school_permission_key: @school_permission_key)
+    success
+  end
+
+  test "non logged in user cannot edit school with invalid school_permission_key" do
+    @tournament.update(is_public: false)
+    get_edit(school_permission_key: "invalid-key")
+    redirect
+  end
+
+  test "non logged in user can update school with valid school_permission_key" do
+    @tournament.update(is_public: false)
+    post_update(school_permission_key: @school_permission_key)
+    assert_redirected_to tournament_path(@school.tournament_id)
+  end
+
+  test "non logged in user cannot update school with invalid school_permission_key" do
+    @tournament.update(is_public: false)
+    post_update(school_permission_key: "invalid-key")
+    redirect
+  end
+
+  test "non logged in user cannot delete school with invalid school_permission_key" do
+    @tournament.update(is_public: false)
+    destroy(school_permission_key: "invalid-key")
+    redirect
+  end
+
+  test "non logged in user cannot delete school with valid school_permission_key" do
+    @tournament.update(is_public: false)
+    destroy(school_permission_key: @school_permission_key)
+    redirect
+  end
+
+  # Ensure school_permission_key is used in wrestler links
+  test "wrestler links contain school_permission_key when used" do
+    @tournament.update(is_public: false)
+    get_show(school_permission_key: @school_permission_key)
+
+    assert_select "a[href=?]", new_wrestler_path(school: @school.id, school_permission_key: @school_permission_key), text: "New Wrestler"
+    
+    @school.wrestlers.each do |wrestler|
+      assert_select "a[href=?]", edit_wrestler_path(wrestler, school_permission_key: @school_permission_key)
+      assert_select "a[href=?]", wrestler_path(wrestler, school_permission_key: @school_permission_key), method: :delete
+    end
+  end
+
+  test "stats page with school_permission_key includes it in 'Back to School' link" do
+    get :stats, params: { id: @school.id, school_permission_key: @school_permission_ke }
+    success
+
+    # The link is typically: /schools/:id?school_permission_key=valid_key
+    # 'Back to Central Crossing' or similar text
+    assert_select "a[href=?]", school_path(id: @school.id, school_permission_key: @school_permission_ke), text: /Back to/
+  end
+  # End school permission key tests
 end