Ensure or Add Unit Tests for Non-Yale and Not on Campus Users

[K8Sewell]

Summary

We need to make sure that we have test coverage that will mock IPs outside of the allowed list and verify that non-Yale / Cognito users do not have access to URLs that should be restricted. See tickets #2911 and #2912 for lists of protected URLs.

Acceptance Criteria

• [ ] Verify that we have test coverage that mocks a variety of users and IPs regarding their access to the protected URLs
• [ ] Add tests if insufficient test coverage is found

[K8Sewell]

PRs in progress:

• https://github.com/yalelibrary/yul-dc-management/pull/1430
• https://github.com/yalelibrary/yul-dc-blacklight/pull/1046

[K8Sewell]

PR ready for review - https://github.com/yalelibrary/yul-dc-blacklight/pull/1049

Types of users to ensure there is test coverage for in Blacklight:

• Off Campus
• Non Yale

Restricted URLs Test Coverage Status:

### Management: - [x] /management/api/download * yul-dc-blacklight/spec/requests/download_original_spec.rb * OC - present * NY - added - [x] /management/api/permission_requests * yul-dc-blacklight/spec/requests/open_with_permission/create_permission_requests_request_spec.rb * yul-dc-blacklight/spec/system/open_with_permission/permission_request_confirmation_page_spec.rb * OC - present * NY - added - [x] /management/api/permission_sets * yul-dc-blacklight/spec/requests/open_with_permission/create_permission_requests_request_spec.rb * yul-dc-blacklight/spec/requests/open_with_permission/owp_object_show_page_request_spec.rb * yul-dc-blacklight/spec/system/fulltext_search_spec.rb * yul-dc-blacklight/spec/system/open_with_permission/permission_request_confirmation_page_spec.rb * yul-dc-blacklight/spec/system/open_with_permission/user_requests_table_page_spec.rb * OC - present * NY - added - [ ] /management/api/user * Did not find this route in management routes.rb - also found no tests for it in management or blacklight * OC - N/A * NY - N/A - [x] /management/agreement_term * yul-dc-blacklight/spec/system/open_with_permission/owp_agreement_term_spec.rb * OC - added * NY - added ### Blacklight: - [x] /annotation/oid/11781350/canvas/15014414/fulltext?oid=11781350&child_oid=15014414 * yul-dc-blacklight/spec/requests/annotation_request_spec.rb * OC - present * NY - added - [x] /iiif/2/15239177/full/!200,200/0/default.jpg * yul-dc-blacklight/spec/requests/iiif_request_spec.rb * OC - present * NY - added - [x] /manifests/15238597 * yul-dc-blacklight/spec/requests/manifests_request_spec.rb * OC - present * NY - added - [x] /catalog/2005512/request_form * yul-dc-blacklight/spec/requests/open_with_permission/create_permission_requests_request_spec.rb * yul-dc-blacklight/spec/requests/open_with_permission/owp_object_show_page_request_spec.rb * yul-dc-blacklight/spec/system/show_page_spec.rb * yul-dc-blacklight/spec/system/open_with_permission/owp_agreement_term_spec.rb * OC - present * NY - present - [x] /catalog/2005512/terms_and_conditions * yul-dc-blacklight/spec/requests/open_with_permission/create_permission_requests_request_spec.rb * OC - added * NY - added - [x] /catalog/2005512/request_confirmation * yul-dc-blacklight/spec/system/open_with_permission/permission_request_confirmation_page_spec.rb * OC - present * NY - present - [x] /pdfs/15238597.pdf * yul-dc-blacklight/spec/requests/pdfs_request_spec.rb * OC - present * NY - added - [x] /download/tiff/15014414 * yul-dc-blacklight/spec/requests/download_request_spec.rb * OC - present * NY - added - [x] /download/tiff/15014414/staged * yul-dc-blacklight/spec/requests/download_request_spec.rb * OC - added * NY - added

[K8Sewell]

Deployed to Test and Demo with release v1.63.9

[K8Sewell]

Manual testing of OwP functionality mostly remains functional but I'm unable to view objects in blacklight that are part of a permission set that I am an approver for so taking back to in progress to fix the checking for admin access.

[K8Sewell]

PR ready for review - https://github.com/yalelibrary/yul-dc-blacklight/pull/1050

[K8Sewell]

Deployed to Test with release v1.64.0

[K8Sewell]

Issue with not adhering to approver/admin visibility is resolved. Will promote to UAT.

[sshetenhelm]

Confirming that I can see all Kissinger OwP objects, as an Admin, and that I still need to request permission for objects from sets I'm not added to.