This PR checks whether or not the four user types (non-authenticated, read-only, standard, and admin) can view the following pages:
conservation records (index page)
conservation record (single instance)
controlled vocabularies
users
activity
staff codes
reports
This is done by logging the user in using contexts, and then using shared examples for what the user should be able to see (it_behaves_like 'view controlled vocabularies'), or helper methods (prevents_anonymous_access and prevents_unauthorized_access) for pages that the user should not be able to access.
We use those two different helper methods because the messages and redirects are different for logged-in but unauthorized users vs users who haven't logged in. Users who can view a page are referred to the shared examples. A user who isn't permitted to view those pages would fail the tests, so instead they are referred to the helper methods that check their refusal.
This PR does not check whether a user can edit or create any records. That will be addressed in a different PR.
Relates to #214
This PR checks whether or not the four user types (non-authenticated, read-only, standard, and admin) can view the following pages:
This is done by logging the user in using contexts, and then using shared examples for what the user should be able to see (
it_behaves_like 'view controlled vocabularies'), or helper methods (prevents_anonymous_accessandprevents_unauthorized_access) for pages that the user should not be able to access.We use those two different helper methods because the messages and redirects are different for logged-in but unauthorized users vs users who haven't logged in. Users who can view a page are referred to the shared examples. A user who isn't permitted to view those pages would fail the tests, so instead they are referred to the helper methods that check their refusal.
This PR does not check whether a user can edit or create any records. That will be addressed in a different PR.