Merge pull request #2875 from samvera/2873-csrf-exception

Fix for #2873 - CSRF Exception after adding to Collections/Sharing
samvera · Apr 2, 2018 · e37466a · e37466a
2 parents d927d66 + 232057f
commit e37466a
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 2 deletions.
diff --git a/app/assets/javascripts/hyrax.js b/app/assets/javascripts/hyrax.js
@@ -99,6 +99,7 @@
 //= require hyrax/thumbnail_select
 //= require hyrax/batch_select
 //= require hyrax/tabbed_form
+//= require hyrax/turbolinks_events
 
 // this needs to be after batch_select so that the form ids get setup correctly
 //= require hyrax/batch_edit
diff --git a/app/assets/javascripts/hyrax/turbolinks_events.js b/app/assets/javascripts/hyrax/turbolinks_events.js
@@ -0,0 +1,5 @@
+// Fixes a problem with csrf tokens and turbolinks
+// See https://github.com/rails/jquery-ujs/issues/456
+$(document).on('turbolinks:load', function() {
+  $.rails.refreshCSRFTokens();
+});
diff --git a/app/views/hyrax/my/_collection_action_menu.html.erb b/app/views/hyrax/my/_collection_action_menu.html.erb
@@ -18,8 +18,7 @@
       <li role="menuitem" tabindex="-1">
         <%= link_to hyrax.edit_dashboard_collection_path(id),
                     class: 'itemicon itemedit',
-                    title: t("hyrax.dashboard.my.action.edit_collection"),
-                    data: { turbolinks: false }  do %>
+                    title: t("hyrax.dashboard.my.action.edit_collection")  do %>
           <%= t("hyrax.dashboard.my.action.edit_collection") %>
         <% end %>
       </li>

diff --git a/spec/features/dashboard/collection_spec.rb b/spec/features/dashboard/collection_spec.rb
@@ -1,4 +1,6 @@
 RSpec.describe 'collection', type: :feature, clean_repo: true do
+  include Selectors::Dashboard
+
   let(:user) { create(:user) }
   let(:admin_user) { create(:admin) }
   let(:collection_type) { create(:collection_type, creator_user: user) }
@@ -865,11 +867,16 @@ def get_url_fragment(type)
         end
 
         context "to true, limits available users", js: true do
+          let(:user2) { create(:user) }
           it "to system users filted by select2" do
             visit "/dashboard/collections/#{sharable_collection_id}/edit"
             expect(page).to have_link('Sharing', href: '#sharing')
             click_link('Sharing')
             expect(page).to have_selector(".form-inline.add-users .select2-container")
+            select_user(user2, 'Depositor')
+            click_button('Save')
+            click_link('Sharing')
+            expect(page).to have_selector('td', text: user2.user_key)
           end
         end
 

diff --git a/spec/support/selectors.rb b/spec/support/selectors.rb
@@ -5,6 +5,21 @@ def db_item_actions_toggle(item)
         find '.dropdown-toggle'
       end
     end
+
+    # For use with javascript user selector that allows for searching for an existing user
+    # and granting them permission to an object.
+    # @param [User] user to select
+    # @param [String] role granting the user permission (e.g. 'Manager' | 'Depositor' | 'Viewer')
+    def select_user(user, role = 'Depositor')
+      first('a.select2-choice').click
+      find('.select2-input').set(user.user_key)
+      sleep 1
+      first('div.select2-result-label').click
+      within('div.add-users') do
+        select(role)
+        find('input.edit-collection-add-sharing-button').click
+      end
+    end
   end
 
   module NewTransfers