From 5b6e986170f284a882b233b1f61882aa95edeb35 Mon Sep 17 00:00:00 2001
From: cryptogopher <cryptogopher@noreply.me>
Date: Sun, 21 May 2023 17:33:13 +0200
Subject: [PATCH] Test user status update

---
 test/application_system_test_case.rb |  5 ++++
 test/system/users_test.rb            | 44 ++++++++++++++++++++++++----
 2 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/test/application_system_test_case.rb b/test/application_system_test_case.rb
index ce26967..a9494d4 100644
--- a/test/application_system_test_case.rb
+++ b/test/application_system_test_case.rb
@@ -21,6 +21,11 @@ class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
     click_on t(:sign_in)
   end
 
+  def inject_button_to(after, *button_options)
+    button = button_to *button_options
+    evaluate_script("arguments[0].insertAdjacentHTML('beforeend', '#{button.html_safe}');", after)
+  end
+
   #def assert_stale(element)
   #  assert_raise(Selenium::WebDriver::Error::StaleElementReferenceError) { element.tag_name }
   #end
diff --git a/test/system/users_test.rb b/test/system/users_test.rb
index 40f3cac..d615481 100644
--- a/test/system/users_test.rb
+++ b/test/system/users_test.rb
@@ -124,12 +124,11 @@ class UsersTest < ApplicationSystemTestCase
 
     click_on t("layouts.application.users")
     text = t("users.index.disguise")
+    # Pick row without 'disguise' button
     undisguisable = all(:xpath, "//tbody//tr[not(descendant::*[contains(text(),\"#{text}\")])]")
     within undisguisable.sample do |tr|
-      email = first(:link).text
-      button = button_to text, disguise_user_path(User.find_by_email!(email))
-      evaluate_script("arguments[0].insertAdjacentHTML('beforeend', '#{button.html_safe}');",
-                      tr.find('td:last-child'))
+      inject_button_to tr.find('td:last-child'), text,
+        disguise_user_path(User.find_by_email!(first(:link).text))
       click_on text
     end
     assert_title "Bad request received (400)"
@@ -155,8 +154,43 @@ class UsersTest < ApplicationSystemTestCase
   end
 
   test "update profile" do
+    # TODO
   end
 
-  test "update status forbidded for non admin" do
+  test "update status" do
+    sign_in user: users.select(&:admin?).select(&:confirmed?).sample
+    visit users_path
+
+    within all(:xpath, "//tbody//tr[descendant::select]").sample do |tr|
+      user = User.find_by_email!(first(:link).text)
+      status = find(:select)
+      new_status = (status.all(:option).map(&:value) - [status.value]).sample
+      assert_changes ->{ user.reload.status }, from: status.value, to: new_status do
+        status.select new_status
+      end
+    end
+    assert_current_path users_path
+  end
+
+  test "update status disallowed" do
+    sign_in user: users.select(&:admin?).select(&:confirmed?).sample
+    visit users_path
+
+    within all(:xpath, "//tbody//tr[not(descendant::select)]").sample do |tr|
+      user = User.find_by_email!(first(:link).text)
+      inject_button_to first('td'), "update status", user_path(user), method: :patch,
+        params: {user: {status: User.statuses.keys.sample}}
+      click_on "update status"
+    end
+    assert_title "Bad request received (400)"
+  end
+
+  test "update status forbidden for non admin" do
+    sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
+    visit root_path
+    inject_button_to find('body'), "update status", user_path(User.all.sample), method: :patch,
+      params: {user: {status: User.statuses.keys.sample}}
+    click_on "update status"
+    assert_title "Access is forbidden to this page (403)"
   end
 end