diff --git a/cypress/tests/integration/emailTemplates/emailTemplates.cy.js b/cypress/tests/integration/emailTemplates/emailTemplates.cy.js new file mode 100644 index 0000000000..ad15ea5126 --- /dev/null +++ b/cypress/tests/integration/emailTemplates/emailTemplates.cy.js @@ -0,0 +1,84 @@ +/** + * @file cypress/tests/integration/Orcid.cy.js + * + * Copyright (c) 2014-2024 Simon Fraser University + * Copyright (c) 2000-2024 John Willinsky + * Distributed under the GNU GPL v3. For full terms see the file docs/COPYING. + * + */ + +describe('Email Template Access Tests', function () { + it('Checks that user cannot access restricted template not assigned to their group', () => { + cy.login('admin', 'admin', 'publicknowledge'); + cy.visit('/index.php/publicknowledge/management/settings/manageEmails'); + + cy.openEmailTemplate('Discussion (Production)', 'Editor Assigned'); + // Remove all existing access + cy.setEmailTemplateUnrestrictedTo(false) + cy.get('input[name="assignedUserGroupIds"]') + .as('checkboxes') + .uncheck({ force: true }) + + cy.contains('button', 'Save').click(); + cy.logout(); + + // Login as user without access - Moderator + cy.login('dbuskins') + cy.visit( + 'index.php/publicknowledge/en/dashboard/editorial?currentViewId=assigned-to-me' + ); + cy.contains('button', 'View').first().click(); + cy.contains('a', 'Production').click(); + cy.contains('a', 'Add discussion').click(); + + cy.get('select#template').find('option').contains('Editor Assigned').should('not.exist'); + }) + + it('Checks that user can access unrestricted template not specifically assigned to their group', () => { + cy.login('admin', 'admin', 'publicknowledge'); + cy.visit('/index.php/publicknowledge/management/settings/manageEmails'); + + cy.openEmailTemplate('Discussion (Production)', 'Editor Assigned'); + cy.setEmailTemplateUnrestrictedTo(true); + + cy.get('input[name="assignedUserGroupIds"]') + .as('checkboxes') + .uncheck({ force: true }) + + cy.contains('button', 'Save').click(); + cy.logout(); + + // Login as user with access - Moderator + cy.login('dbuskins') + cy.visit( + 'index.php/publicknowledge/en/dashboard/editorial?currentViewId=assigned-to-me' + ); + cy.contains('button', 'View').first().click(); + cy.contains('a', 'Production').click(); + cy.contains('a', 'Add discussion').click(); + + cy.get('select#template').find('option').contains('Editor Assigned').should('to.exist'); + }) + + it('Checks that user can access template assigned to their group', () => { + cy.login('admin', 'admin', 'publicknowledge'); + cy.visit('/index.php/publicknowledge/management/settings/manageEmails'); + + cy.openEmailTemplate('Discussion (Production)', 'Editor Assigned'); + cy.setEmailTemplateUnrestrictedTo(false) + cy.contains('label', 'Moderator').find('input[type="checkbox"]').check({ force: true }); + cy.contains('button', 'Save').click(); + cy.logout(); + + // Login as user with access - Moderator + cy.login('dbuskins') + cy.visit( + 'index.php/publicknowledge/en/dashboard/editorial?currentViewId=assigned-to-me' + ); + cy.contains('button', 'View').first().click(); + cy.contains('a', 'Production').click(); + cy.contains('a', 'Add discussion').click(); + + cy.get('select#template').find('option').contains('Editor Assigned').should('to.exist'); + }) +}); \ No newline at end of file diff --git a/lib/pkp b/lib/pkp index 0b673c454b..6629e1b6f0 160000 --- a/lib/pkp +++ b/lib/pkp @@ -1 +1 @@ -Subproject commit 0b673c454bc0ad2a61520446c8ad2e07b76f23fa +Subproject commit 6629e1b6f0e0db32e86fc5401f2b1c1488c473c5