From 4ed084e7e3d729fed8bbd3adcd430fc0fc4665b9 Mon Sep 17 00:00:00 2001
From: Justin Gondron <jgondron@nd.edu>
Date: Thu, 29 Mar 2018 16:42:08 -0700
Subject: [PATCH 1/3] Fix for #2873 - CSRF Exception after adding to
 Collections/Sharing

- Found the root issue is related to turbolinks + jquery-ujs + a button that uses ajax to post. This may also fix #1191. Adding a call to refresh the CSRF tokens in the rendered DOM after turbolinks loads fixes it.
---
 app/assets/javascripts/hyrax.js                   | 1 +
 app/assets/javascripts/hyrax/turbolinks_events.js | 5 +++++
 2 files changed, 6 insertions(+)
 create mode 100644 app/assets/javascripts/hyrax/turbolinks_events.js

diff --git a/app/assets/javascripts/hyrax.js b/app/assets/javascripts/hyrax.js
index 1b8b63a8f0..9213041141 100644
--- a/app/assets/javascripts/hyrax.js
+++ b/app/assets/javascripts/hyrax.js
@@ -99,6 +99,7 @@
 //= require hyrax/thumbnail_select
 //= require hyrax/batch_select
 //= require hyrax/tabbed_form
+//= require hyrax/turbolinks_events
 
 // this needs to be after batch_select so that the form ids get setup correctly
 //= require hyrax/batch_edit
diff --git a/app/assets/javascripts/hyrax/turbolinks_events.js b/app/assets/javascripts/hyrax/turbolinks_events.js
new file mode 100644
index 0000000000..38f24463f8
--- /dev/null
+++ b/app/assets/javascripts/hyrax/turbolinks_events.js
@@ -0,0 +1,5 @@
+// Fixes a problem with csrf tokens and turbolinks
+// See https://github.com/rails/jquery-ujs/issues/456
+$(document).on('turbolinks:load', function() {
+  $.rails.refreshCSRFTokens();
+});

From 054d4104ef90d414ad5ba1bcd660a3e8f32a81c2 Mon Sep 17 00:00:00 2001
From: "E. Lynette Rayle" <elr37@cornell.edu>
Date: Fri, 30 Mar 2018 18:15:59 -0700
Subject: [PATCH 2/3] no longer need to turn off turbolinks for collection
 index action menu edit_collection

---
 app/views/hyrax/my/_collection_action_menu.html.erb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/views/hyrax/my/_collection_action_menu.html.erb b/app/views/hyrax/my/_collection_action_menu.html.erb
index 0fafa27891..6bdc1f16cd 100644
--- a/app/views/hyrax/my/_collection_action_menu.html.erb
+++ b/app/views/hyrax/my/_collection_action_menu.html.erb
@@ -18,8 +18,7 @@
       <li role="menuitem" tabindex="-1">
         <%= link_to hyrax.edit_dashboard_collection_path(id),
                     class: 'itemicon itemedit',
-                    title: t("hyrax.dashboard.my.action.edit_collection"),
-                    data: { turbolinks: false }  do %>
+                    title: t("hyrax.dashboard.my.action.edit_collection")  do %>
           <%= t("hyrax.dashboard.my.action.edit_collection") %>
         <% end %>
       </li>

From 232057ff3dca0073596d8389f874cc765da3d3d6 Mon Sep 17 00:00:00 2001
From: "E. Lynette Rayle" <elr37@cornell.edu>
Date: Sat, 31 Mar 2018 05:24:47 -0700
Subject: [PATCH 3/3] test for invalid tokens error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This test follows the steps to reproduce the error in issue #2873.  But I can’t reproduce the error when I remove the original PR fix that adds turbolinks_events.js.  So I cannot confirm that this test can serve as a regression test.
---
 spec/features/dashboard/collection_spec.rb |  7 +++++++
 spec/support/selectors.rb                  | 15 +++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/spec/features/dashboard/collection_spec.rb b/spec/features/dashboard/collection_spec.rb
index ebe35484f0..4831831404 100644
--- a/spec/features/dashboard/collection_spec.rb
+++ b/spec/features/dashboard/collection_spec.rb
@@ -1,4 +1,6 @@
 RSpec.describe 'collection', type: :feature, clean_repo: true do
+  include Selectors::Dashboard
+
   let(:user) { create(:user) }
   let(:admin_user) { create(:admin) }
   let(:collection_type) { create(:collection_type, creator_user: user) }
@@ -865,11 +867,16 @@ def get_url_fragment(type)
         end
 
         context "to true, limits available users", js: true do
+          let(:user2) { create(:user) }
           it "to system users filted by select2" do
             visit "/dashboard/collections/#{sharable_collection_id}/edit"
             expect(page).to have_link('Sharing', href: '#sharing')
             click_link('Sharing')
             expect(page).to have_selector(".form-inline.add-users .select2-container")
+            select_user(user2, 'Depositor')
+            click_button('Save')
+            click_link('Sharing')
+            expect(page).to have_selector('td', text: user2.user_key)
           end
         end
 
diff --git a/spec/support/selectors.rb b/spec/support/selectors.rb
index ecf006d245..ba2aa657f9 100644
--- a/spec/support/selectors.rb
+++ b/spec/support/selectors.rb
@@ -5,6 +5,21 @@ def db_item_actions_toggle(item)
         find '.dropdown-toggle'
       end
     end
+
+    # For use with javascript user selector that allows for searching for an existing user
+    # and granting them permission to an object.
+    # @param [User] user to select
+    # @param [String] role granting the user permission (e.g. 'Manager' | 'Depositor' | 'Viewer')
+    def select_user(user, role = 'Depositor')
+      first('a.select2-choice').click
+      find('.select2-input').set(user.user_key)
+      sleep 1
+      first('div.select2-result-label').click
+      within('div.add-users') do
+        select(role)
+        find('input.edit-collection-add-sharing-button').click
+      end
+    end
   end
 
   module NewTransfers