From db686393ef40443e1e134f0b47011b80fe224774 Mon Sep 17 00:00:00 2001 From: Martin Fenner Date: Thu, 12 Mar 2020 11:07:21 +0100 Subject: [PATCH] fix permissions for consortium to update its own record. #449 --- app/models/ability.rb | 8 +- spec/models/ability_spec.rb | 419 ++++++++++++++++---------------- spec/requests/providers_spec.rb | 60 +++++ 3 files changed, 274 insertions(+), 213 deletions(-) diff --git a/app/models/ability.rb b/app/models/ability.rb index 828b90f12..b6dbb1433 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -20,13 +20,10 @@ def initialize(user) elsif user.role_id == "staff_user" can :read, :all elsif user.role_id == "consortium_admin" && user.provider_id.present? - can [:create, :destroy], Provider do |provider| + can [:manage, :read_billing_information], Provider do |provider| user.provider_id.casecmp(provider.consortium_id) end - can [:update, :read, :read_billing_information], Provider do |provider| - user.provider_id.casecmp(provider.id) || user.provider_id.casecmp(provider.consortium_id) - end - can [:read], Provider + can [:update, :read, :read_billing_information], Provider, symbol: user.provider_id.upcase can [:manage], ProviderPrefix do |provider_prefix| provider_prefix.provider && user.provider_id.casecmp(provider_prefix.provider.consortium_id) end @@ -52,7 +49,6 @@ def initialize(user) end elsif user.role_id == "provider_admin" && user.provider_id.present? can [:update, :read, :read_billing_information], Provider, symbol: user.provider_id.upcase - can [:read], Provider can [:manage], ProviderPrefix, provider_id: user.provider_id can [:manage], Client, provider_id: user.provider_id can [:manage], ClientPrefix #, :client_id => user.provider_id diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb index af567719a..946a751e2 100644 --- a/spec/models/ability_spec.rb +++ b/spec/models/ability_spec.rb @@ -27,254 +27,259 @@ context "when is a user" do let(:token){ User.generate_token(role_id: "user") } - it{ is_expected.to be_able_to(:read, user) } - it{ is_expected.to be_able_to(:read, provider) } - - it{ is_expected.not_to be_able_to(:create, provider) } - it{ is_expected.not_to be_able_to(:update, provider) } - it{ is_expected.not_to be_able_to(:destroy, provider) } - - it{ is_expected.not_to be_able_to(:read, client) } - it{ is_expected.not_to be_able_to(:create, client) } - it{ is_expected.not_to be_able_to(:update, client) } - it{ is_expected.not_to be_able_to(:destroy, client) } - - it{ is_expected.not_to be_able_to(:read, prefix) } - it{ is_expected.not_to be_able_to(:create, prefix) } - it{ is_expected.not_to be_able_to(:update, prefix) } - it{ is_expected.not_to be_able_to(:destroy, prefix) } - - it{ is_expected.to be_able_to(:read, doi) } - it{ is_expected.not_to be_able_to(:transfer, doi) } - it{ is_expected.not_to be_able_to(:create, doi) } - it{ is_expected.not_to be_able_to(:update, doi) } - it{ is_expected.not_to be_able_to(:destroy, doi) } + it { is_expected.to be_able_to(:read, user) } + it { is_expected.to be_able_to(:read, provider) } + + it { is_expected.not_to be_able_to(:create, provider) } + it { is_expected.not_to be_able_to(:update, provider) } + it { is_expected.not_to be_able_to(:destroy, provider) } + + it { is_expected.not_to be_able_to(:read, client) } + it { is_expected.not_to be_able_to(:create, client) } + it { is_expected.not_to be_able_to(:update, client) } + it { is_expected.not_to be_able_to(:destroy, client) } + + it { is_expected.not_to be_able_to(:read, prefix) } + it { is_expected.not_to be_able_to(:create, prefix) } + it { is_expected.not_to be_able_to(:update, prefix) } + it { is_expected.not_to be_able_to(:destroy, prefix) } + + it { is_expected.to be_able_to(:read, doi) } + it { is_expected.not_to be_able_to(:transfer, doi) } + it { is_expected.not_to be_able_to(:create, doi) } + it { is_expected.not_to be_able_to(:update, doi) } + it { is_expected.not_to be_able_to(:destroy, doi) } end context "when is a client admin" do let(:token){ User.generate_token(role_id: "client_admin", provider_id: provider.symbol.downcase, client_id: client.symbol.downcase) } - it{ is_expected.to be_able_to(:read, user) } - it{ is_expected.to be_able_to(:read, provider) } - - it{ is_expected.not_to be_able_to(:create, provider) } - it{ is_expected.not_to be_able_to(:update, provider) } - it{ is_expected.not_to be_able_to(:destroy, provider) } - - it{ is_expected.to be_able_to(:read, client) } - it{ is_expected.not_to be_able_to(:create, client) } - it{ is_expected.to be_able_to(:update, client) } - it{ is_expected.not_to be_able_to(:destroy, client) } - - it{ is_expected.not_to be_able_to(:read, prefix) } - it{ is_expected.not_to be_able_to(:create, prefix) } - it{ is_expected.not_to be_able_to(:update, prefix) } - it{ is_expected.not_to be_able_to(:destroy, prefix) } - - it{ is_expected.to be_able_to(:read, client_prefix) } - it{ is_expected.not_to be_able_to(:create, client_prefix) } - it{ is_expected.not_to be_able_to(:update, client_prefix) } - it{ is_expected.not_to be_able_to(:destroy, client_prefix) } - - it{ is_expected.to be_able_to(:read, doi) } - it{ is_expected.not_to be_able_to(:transfer, doi) } - it{ is_expected.to be_able_to(:create, doi) } - it{ is_expected.to be_able_to(:update, doi) } - it{ is_expected.to be_able_to(:destroy, doi) } + it { is_expected.to be_able_to(:read, user) } + it { is_expected.to be_able_to(:read, provider) } + + it { is_expected.not_to be_able_to(:create, provider) } + it { is_expected.not_to be_able_to(:update, provider) } + it { is_expected.not_to be_able_to(:destroy, provider) } + + it { is_expected.to be_able_to(:read, client) } + it { is_expected.not_to be_able_to(:create, client) } + it { is_expected.to be_able_to(:update, client) } + it { is_expected.not_to be_able_to(:destroy, client) } + + it { is_expected.not_to be_able_to(:read, prefix) } + it { is_expected.not_to be_able_to(:create, prefix) } + it { is_expected.not_to be_able_to(:update, prefix) } + it { is_expected.not_to be_able_to(:destroy, prefix) } + + it { is_expected.to be_able_to(:read, client_prefix) } + it { is_expected.not_to be_able_to(:create, client_prefix) } + it { is_expected.not_to be_able_to(:update, client_prefix) } + it { is_expected.not_to be_able_to(:destroy, client_prefix) } + + it { is_expected.to be_able_to(:read, doi) } + it { is_expected.not_to be_able_to(:transfer, doi) } + it { is_expected.to be_able_to(:create, doi) } + it { is_expected.to be_able_to(:update, doi) } + it { is_expected.to be_able_to(:destroy, doi) } end context "when is a client user" do let(:token){ User.generate_token(role_id: "client_user", provider_id: provider.symbol.downcase, client_id: client.symbol.downcase) } - it{ is_expected.to be_able_to(:read, user) } - it{ is_expected.to be_able_to(:read, provider) } - - it{ is_expected.not_to be_able_to(:create, provider) } - it{ is_expected.not_to be_able_to(:update, provider) } - it{ is_expected.not_to be_able_to(:destroy, provider) } - - it{ is_expected.to be_able_to(:read, client) } - it{ is_expected.not_to be_able_to(:create, client) } - it{ is_expected.not_to be_able_to(:update, client) } - it{ is_expected.not_to be_able_to(:destroy, client) } - - it{ is_expected.not_to be_able_to(:read, prefix) } - it{ is_expected.not_to be_able_to(:create, prefix) } - it{ is_expected.not_to be_able_to(:update, prefix) } - it{ is_expected.not_to be_able_to(:destroy, prefix) } - - it{ is_expected.to be_able_to(:read, client_prefix) } - it{ is_expected.not_to be_able_to(:create, client_prefix) } - it{ is_expected.not_to be_able_to(:update, client_prefix) } - it{ is_expected.not_to be_able_to(:destroy, client_prefix) } - - it{ is_expected.to be_able_to(:read, doi) } - it{ is_expected.not_to be_able_to(:transfer, doi) } - it{ is_expected.not_to be_able_to(:create, doi) } - it{ is_expected.not_to be_able_to(:update, doi) } - it{ is_expected.not_to be_able_to(:destroy, doi) } + it { is_expected.to be_able_to(:read, user) } + it { is_expected.to be_able_to(:read, provider) } + + it { is_expected.not_to be_able_to(:create, provider) } + it { is_expected.not_to be_able_to(:update, provider) } + it { is_expected.not_to be_able_to(:destroy, provider) } + + it { is_expected.to be_able_to(:read, client) } + it { is_expected.not_to be_able_to(:create, client) } + it { is_expected.not_to be_able_to(:update, client) } + it { is_expected.not_to be_able_to(:destroy, client) } + + it { is_expected.not_to be_able_to(:read, prefix) } + it { is_expected.not_to be_able_to(:create, prefix) } + it { is_expected.not_to be_able_to(:update, prefix) } + it { is_expected.not_to be_able_to(:destroy, prefix) } + + it { is_expected.to be_able_to(:read, client_prefix) } + it { is_expected.not_to be_able_to(:create, client_prefix) } + it { is_expected.not_to be_able_to(:update, client_prefix) } + it { is_expected.not_to be_able_to(:destroy, client_prefix) } + + it { is_expected.to be_able_to(:read, doi) } + it { is_expected.not_to be_able_to(:transfer, doi) } + it { is_expected.not_to be_able_to(:create, doi) } + it { is_expected.not_to be_able_to(:update, doi) } + it { is_expected.not_to be_able_to(:destroy, doi) } end context "when is a provider admin" do let(:token){ User.generate_token(role_id: "provider_admin", provider_id: provider.symbol.downcase) } - it{ is_expected.to be_able_to(:read, user) } - - it{ is_expected.to be_able_to(:read, provider) } - it{ is_expected.not_to be_able_to(:create, provider) } - it{ is_expected.to be_able_to(:update, provider) } - it{ is_expected.not_to be_able_to(:destroy, provider) } - - it{ is_expected.to be_able_to(:read, client) } - it{ is_expected.to be_able_to(:create, client) } - it{ is_expected.to be_able_to(:update, client) } - it{ is_expected.to be_able_to(:destroy, client) } - - it{ is_expected.not_to be_able_to(:read, prefix) } - it{ is_expected.not_to be_able_to(:create, prefix) } - it{ is_expected.not_to be_able_to(:update, prefix) } - it{ is_expected.not_to be_able_to(:destroy, prefix) } - - it{ is_expected.to be_able_to(:read, provider_prefix) } - it{ is_expected.to be_able_to(:create, provider_prefix) } - it{ is_expected.to be_able_to(:update, provider_prefix) } - it{ is_expected.to be_able_to(:destroy, provider_prefix) } - - it{ is_expected.to be_able_to(:read, doi) } - it{ is_expected.to be_able_to(:transfer, doi) } - it{ is_expected.not_to be_able_to(:create, doi) } - it{ is_expected.not_to be_able_to(:update, doi) } - it{ is_expected.not_to be_able_to(:destroy, doi) } + it { is_expected.to be_able_to(:read, user) } + + it { is_expected.to be_able_to(:read, provider) } + it { is_expected.not_to be_able_to(:create, provider) } + it { is_expected.to be_able_to(:update, provider) } + it { is_expected.not_to be_able_to(:destroy, provider) } + + it { is_expected.to be_able_to(:read, client) } + it { is_expected.to be_able_to(:create, client) } + it { is_expected.to be_able_to(:update, client) } + it { is_expected.to be_able_to(:destroy, client) } + + it { is_expected.not_to be_able_to(:read, prefix) } + it { is_expected.not_to be_able_to(:create, prefix) } + it { is_expected.not_to be_able_to(:update, prefix) } + it { is_expected.not_to be_able_to(:destroy, prefix) } + + it { is_expected.to be_able_to(:read, provider_prefix) } + it { is_expected.to be_able_to(:create, provider_prefix) } + it { is_expected.to be_able_to(:update, provider_prefix) } + it { is_expected.to be_able_to(:destroy, provider_prefix) } + + it { is_expected.to be_able_to(:read, doi) } + it { is_expected.to be_able_to(:transfer, doi) } + it { is_expected.not_to be_able_to(:create, doi) } + it { is_expected.not_to be_able_to(:update, doi) } + it { is_expected.not_to be_able_to(:destroy, doi) } end context "when is a consortium admin" do let(:token){ User.generate_token(role_id: "consortium_admin", provider_id: consortium.symbol.downcase) } - it{ is_expected.to be_able_to(:read, user) } - - it{ is_expected.to be_able_to(:read, provider) } - it{ is_expected.to be_able_to(:create, provider) } - it{ is_expected.to be_able_to(:update, provider) } - it{ is_expected.to be_able_to(:destroy, provider) } - - it{ is_expected.to be_able_to(:read, client) } - it{ is_expected.to be_able_to(:create, client) } - it{ is_expected.to be_able_to(:update, client) } - it{ is_expected.to be_able_to(:destroy, client) } - - it{ is_expected.not_to be_able_to(:read, prefix) } - it{ is_expected.not_to be_able_to(:create, prefix) } - it{ is_expected.not_to be_able_to(:update, prefix) } - it{ is_expected.not_to be_able_to(:destroy, prefix) } - - it{ is_expected.to be_able_to(:read, provider_prefix) } - it{ is_expected.to be_able_to(:create, provider_prefix) } - it{ is_expected.to be_able_to(:update, provider_prefix) } - it{ is_expected.to be_able_to(:destroy, provider_prefix) } - - it{ is_expected.to be_able_to(:read, doi) } - it{ is_expected.to be_able_to(:transfer, doi) } - it{ is_expected.not_to be_able_to(:create, doi) } - it{ is_expected.not_to be_able_to(:update, doi) } - it{ is_expected.not_to be_able_to(:destroy, doi) } + it { is_expected.to be_able_to(:read, user) } + + it { is_expected.to be_able_to(:read, consortium) } + it { is_expected.not_to be_able_to(:create, consortium) } + it { is_expected.to be_able_to(:update, consortium) } + it { is_expected.not_to be_able_to(:destroy, consortium) } + + it { is_expected.to be_able_to(:read, provider) } + it { is_expected.to be_able_to(:create, provider) } + it { is_expected.to be_able_to(:update, provider) } + it { is_expected.to be_able_to(:destroy, provider) } + + it { is_expected.to be_able_to(:read, client) } + it { is_expected.to be_able_to(:create, client) } + it { is_expected.to be_able_to(:update, client) } + it { is_expected.to be_able_to(:destroy, client) } + + it { is_expected.not_to be_able_to(:read, prefix) } + it { is_expected.not_to be_able_to(:create, prefix) } + it { is_expected.not_to be_able_to(:update, prefix) } + it { is_expected.not_to be_able_to(:destroy, prefix) } + + it { is_expected.to be_able_to(:read, provider_prefix) } + it { is_expected.to be_able_to(:create, provider_prefix) } + it { is_expected.to be_able_to(:update, provider_prefix) } + it { is_expected.to be_able_to(:destroy, provider_prefix) } + + it { is_expected.to be_able_to(:read, doi) } + it { is_expected.to be_able_to(:transfer, doi) } + it { is_expected.not_to be_able_to(:create, doi) } + it { is_expected.not_to be_able_to(:update, doi) } + it { is_expected.not_to be_able_to(:destroy, doi) } end context "when is a provider user" do let(:token){ User.generate_token(role_id: "provider_user", provider_id: provider.symbol.downcase) } - it{ is_expected.to be_able_to(:read, user) } - - it{ is_expected.to be_able_to(:read, provider) } - it{ is_expected.not_to be_able_to(:create, provider) } - it{ is_expected.not_to be_able_to(:update, provider) } - it{ is_expected.not_to be_able_to(:destroy, provider) } - - it{ is_expected.to be_able_to(:read, client) } - it{ is_expected.not_to be_able_to(:create, client) } - it{ is_expected.not_to be_able_to(:update, client) } - it{ is_expected.not_to be_able_to(:destroy, client) } - - it{ is_expected.not_to be_able_to(:read, prefix) } - it{ is_expected.not_to be_able_to(:create, prefix) } - it{ is_expected.not_to be_able_to(:update, prefix) } - it{ is_expected.not_to be_able_to(:destroy, prefix) } - - it{ is_expected.to be_able_to(:read, provider_prefix) } - it{ is_expected.not_to be_able_to(:create, provider_prefix) } - it{ is_expected.not_to be_able_to(:update, provider_prefix) } - it{ is_expected.not_to be_able_to(:destroy, provider_prefix) } - - it{ is_expected.to be_able_to(:read, doi) } - it{ is_expected.not_to be_able_to(:transfer, doi) } - it{ is_expected.not_to be_able_to(:create, doi) } - it{ is_expected.not_to be_able_to(:update, doi) } - it{ is_expected.not_to be_able_to(:destroy, doi) } + it { is_expected.to be_able_to(:read, user) } + + it { is_expected.to be_able_to(:read, provider) } + it { is_expected.not_to be_able_to(:create, provider) } + it { is_expected.not_to be_able_to(:update, provider) } + it { is_expected.not_to be_able_to(:destroy, provider) } + + it { is_expected.to be_able_to(:read, client) } + it { is_expected.not_to be_able_to(:create, client) } + it { is_expected.not_to be_able_to(:update, client) } + it { is_expected.not_to be_able_to(:destroy, client) } + + it { is_expected.not_to be_able_to(:read, prefix) } + it { is_expected.not_to be_able_to(:create, prefix) } + it { is_expected.not_to be_able_to(:update, prefix) } + it { is_expected.not_to be_able_to(:destroy, prefix) } + + it { is_expected.to be_able_to(:read, provider_prefix) } + it { is_expected.not_to be_able_to(:create, provider_prefix) } + it { is_expected.not_to be_able_to(:update, provider_prefix) } + it { is_expected.not_to be_able_to(:destroy, provider_prefix) } + + it { is_expected.to be_able_to(:read, doi) } + it { is_expected.not_to be_able_to(:transfer, doi) } + it { is_expected.not_to be_able_to(:create, doi) } + it { is_expected.not_to be_able_to(:update, doi) } + it { is_expected.not_to be_able_to(:destroy, doi) } end context "when is a staff admin" do - it{ is_expected.to be_able_to(:read, user) } - - it{ is_expected.to be_able_to(:read, provider) } - it{ is_expected.to be_able_to(:create, provider) } - it{ is_expected.to be_able_to(:update, provider) } - it{ is_expected.to be_able_to(:destroy, provider) } - - it{ is_expected.to be_able_to(:read, client) } - it{ is_expected.to be_able_to(:create, client) } - it{ is_expected.to be_able_to(:update, client) } - it{ is_expected.to be_able_to(:destroy, client) } - - it{ is_expected.to be_able_to(:read, doi) } - it{ is_expected.to be_able_to(:transfer, doi) } - it{ is_expected.to be_able_to(:create, doi) } - it{ is_expected.to be_able_to(:update, doi) } - it{ is_expected.to be_able_to(:destroy, doi) } + it { is_expected.to be_able_to(:read, user) } + + it { is_expected.to be_able_to(:read, provider) } + it { is_expected.to be_able_to(:create, provider) } + it { is_expected.to be_able_to(:update, provider) } + it { is_expected.to be_able_to(:destroy, provider) } + + it { is_expected.to be_able_to(:read, client) } + it { is_expected.to be_able_to(:create, client) } + it { is_expected.to be_able_to(:update, client) } + it { is_expected.to be_able_to(:destroy, client) } + + it { is_expected.to be_able_to(:read, doi) } + it { is_expected.to be_able_to(:transfer, doi) } + it { is_expected.to be_able_to(:create, doi) } + it { is_expected.to be_able_to(:update, doi) } + it { is_expected.to be_able_to(:destroy, doi) } end context "when is a staff user" do let(:token){ User.generate_token(role_id: "staff_user") } - it{ is_expected.to be_able_to(:read, user) } + it { is_expected.to be_able_to(:read, user) } - it{ is_expected.to be_able_to(:read, provider) } - it{ is_expected.not_to be_able_to(:create, provider) } - it{ is_expected.not_to be_able_to(:update, provider) } - it{ is_expected.not_to be_able_to(:destroy, provider) } + it { is_expected.to be_able_to(:read, provider) } + it { is_expected.not_to be_able_to(:create, provider) } + it { is_expected.not_to be_able_to(:update, provider) } + it { is_expected.not_to be_able_to(:destroy, provider) } - it{ is_expected.to be_able_to(:read, client) } - it{ is_expected.not_to be_able_to(:create, client) } - it{ is_expected.not_to be_able_to(:update, client) } - it{ is_expected.not_to be_able_to(:destroy, client) } + it { is_expected.to be_able_to(:read, client) } + it { is_expected.not_to be_able_to(:create, client) } + it { is_expected.not_to be_able_to(:update, client) } + it { is_expected.not_to be_able_to(:destroy, client) } - it{ is_expected.to be_able_to(:read, doi) } - it{ is_expected.not_to be_able_to(:transfer, doi) } - it{ is_expected.not_to be_able_to(:create, doi) } - it{ is_expected.not_to be_able_to(:update, doi) } - it{ is_expected.not_to be_able_to(:destroy, doi) } + it { is_expected.to be_able_to(:read, doi) } + it { is_expected.not_to be_able_to(:transfer, doi) } + it { is_expected.not_to be_able_to(:create, doi) } + it { is_expected.not_to be_able_to(:update, doi) } + it { is_expected.not_to be_able_to(:destroy, doi) } end context "when is anonymous" do let(:token) { nil } - it{ is_expected.not_to be_able_to(:create, provider) } - it{ is_expected.not_to be_able_to(:update, provider) } - it{ is_expected.not_to be_able_to(:destroy, provider) } - - it{ is_expected.not_to be_able_to(:read, client) } - it{ is_expected.not_to be_able_to(:create, client) } - it{ is_expected.not_to be_able_to(:update, client) } - it{ is_expected.not_to be_able_to(:destroy, client) } - - it{ is_expected.to be_able_to(:read, doi) } - it{ is_expected.not_to be_able_to(:transfer, doi) } - it{ is_expected.not_to be_able_to(:create, doi) } - it{ is_expected.not_to be_able_to(:update, doi) } - it{ is_expected.not_to be_able_to(:destroy, doi) } - - it{ is_expected.not_to be_able_to(:read, prefix) } - it{ is_expected.not_to be_able_to(:create, prefix) } - it{ is_expected.not_to be_able_to(:update, prefix) } - it{ is_expected.not_to be_able_to(:destroy, prefix) } + it { is_expected.not_to be_able_to(:create, provider) } + it { is_expected.not_to be_able_to(:update, provider) } + it { is_expected.not_to be_able_to(:destroy, provider) } + + it { is_expected.not_to be_able_to(:read, client) } + it { is_expected.not_to be_able_to(:create, client) } + it { is_expected.not_to be_able_to(:update, client) } + it { is_expected.not_to be_able_to(:destroy, client) } + + it { is_expected.to be_able_to(:read, doi) } + it { is_expected.not_to be_able_to(:transfer, doi) } + it { is_expected.not_to be_able_to(:create, doi) } + it { is_expected.not_to be_able_to(:update, doi) } + it { is_expected.not_to be_able_to(:destroy, doi) } + + it { is_expected.not_to be_able_to(:read, prefix) } + it { is_expected.not_to be_able_to(:create, prefix) } + it { is_expected.not_to be_able_to(:update, prefix) } + it { is_expected.not_to be_able_to(:destroy, prefix) } end end end diff --git a/spec/requests/providers_spec.rb b/spec/requests/providers_spec.rb index 08b3df293..90e9355d8 100644 --- a/spec/requests/providers_spec.rb +++ b/spec/requests/providers_spec.rb @@ -617,6 +617,66 @@ expect(json.dig('data', 'relationships', 'consortium', 'data', 'id')).to eq(consortium.symbol.downcase) end end + + context 'when updating as consortium' do + let(:consortium_credentials) { User.encode_auth_param(username: consortium.symbol, password: "12345") } + let(:consortium_headers) { {'HTTP_ACCEPT'=>'application/vnd.api+json', 'HTTP_AUTHORIZATION' => 'Basic ' + consortium_credentials } } + let(:params) do + { "data" => { "type" => "providers", + "attributes" => { + "name" => "British Library", + "globusUuid" => "9908a164-1e4f-4c17-ae1b-cc318839d6c8", + "displayName" => "British Library", + "memberType" => "consortium_organization", + "website" => "https://www.bl.uk", + "region" => "Americas", + "systemEmail" => "Pepe@mdm.cod", + "country" => "GB" + }, + "relationships": { + "consortium": { + "data":{ + "type": "providers", + "id": consortium.symbol.downcase + } + } + }} } + end + + it 'updates the record' do + put "/providers/#{provider.symbol}", params, consortium_headers + + expect(last_response.status).to eq(200) + expect(json.dig('data', 'attributes', 'displayName')).to eq("British Library") + expect(json.dig('data', 'attributes', 'globusUuid')).to eq("9908a164-1e4f-4c17-ae1b-cc318839d6c8") + expect(json.dig('data', 'relationships', 'consortium', 'data', 'id')).to eq(consortium.symbol.downcase) + end + end + + context 'when updating as consortium_organization' do + let(:consortium_organization_credentials) { User.encode_auth_param(username: provider.symbol, password: "12345") } + let(:consortium_organization_headers) { {'HTTP_ACCEPT'=>'application/vnd.api+json', 'HTTP_AUTHORIZATION' => 'Basic ' + consortium_organization_credentials } } + let(:params) do + { "data" => { "type" => "providers", + "attributes" => { + "name" => "British Library", + "globusUuid" => "9908a164-1e4f-4c17-ae1b-cc318839d6c8", + "displayName" => "British Library", + "website" => "https://www.bl.uk", + "region" => "Americas", + "systemEmail" => "Pepe@mdm.cod", + "country" => "GB" + }} } + end + + it 'updates the record' do + put "/providers/#{provider.symbol}", params, consortium_organization_headers + + expect(last_response.status).to eq(200) + expect(json.dig('data', 'attributes', 'displayName')).to eq("British Library") + expect(json.dig('data', 'attributes', 'globusUuid')).to eq("9908a164-1e4f-4c17-ae1b-cc318839d6c8") + end + end context 'removes globus_uuid' do let(:params) do