-
-
Notifications
You must be signed in to change notification settings - Fork 236
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Protect staff name & phone fields in FMS front-end.
fixes mysociety/societyworks#2133
- Loading branch information
1 parent
976ebeb
commit 280e493
Showing
6 changed files
with
311 additions
and
8 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -43,4 +43,52 @@ describe('Staff user tests', function() { | |
cy.get('[name=detail]').should('have.value', 'A Graffiti (offensive) problem has been found by Borsetshire County Council'); | ||
cy.cleanUpXHR(); | ||
}); | ||
|
||
it('does not let staff update their name, phone or email address whilst reporting or updating', function() { | ||
// (Lest CS staff forget to select 'report as another user' and type the reporter's details into their own account.) | ||
cy.server(); | ||
cy.route('**mapserver/peterborough*highways*', 'fixture:peterborough.xml').as('ptboro-roads-layer'); | ||
|
||
// log in | ||
cy.visit('http://peterborough.localhost:3001/auth'); | ||
cy.get('[name=username]').type('[email protected]'); | ||
cy.contains('Sign in with a password').click(); | ||
cy.get('[name=password_sign_in]').type('password'); | ||
cy.get('[name=sign_in_by_password]').last().click(); | ||
|
||
// Peterborough, in front of town hall | ||
cy.visit('http://peterborough.localhost:3001/report/new?latitude=52.571475&longitude=-0.241525'); | ||
cy.wait('@ptboro-roads-layer'); | ||
// pick category: with check to avoid race condition | ||
// but doesn't always work, so have added {force:true} as well | ||
cy.get('input[value="General fly tipping"]').should('be.visible').click({force:true}); | ||
cy.nextPageReporting(); | ||
|
||
// hazardous waste question | ||
cy.get('#form_hazardous').select('No'); | ||
cy.nextPageReporting(); | ||
|
||
// photos page | ||
cy.get('div[aria-label="Tips for perfect photos"] + button').click(); | ||
cy.get('#form_title').type('fly tipped sofa'); | ||
cy.get('#form_detail').type('looks like a chesterfield'); | ||
cy.nextPageReporting(); | ||
|
||
// about you page | ||
cy.get('[name=username]').should('be.disabled'); // (already protected) | ||
cy.get('[name=phone]').should('be.disabled'); | ||
cy.get('[name=name]').should('have.attr', 'readonly'); | ||
cy.get('#map_sidebar').parents('form').submit(); | ||
|
||
// now check update page | ||
cy.get('h1 > a').click(); | ||
cy.get('textarea#form_update').type('this is an update'); | ||
cy.get('button.js-reporting-page--next').click(); | ||
|
||
// update about you | ||
cy.get('[name=username]').should('be.disabled'); // (already protected) | ||
cy.get('[name=name]').should('have.attr', 'readonly'); | ||
cy.get('input[name=submit_register]').click(); | ||
}); | ||
|
||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -24,6 +24,8 @@ use FixMyStreet::PhotoStorage; | |
use FixMyStreet::DB::Factories; | ||
use Getopt::Long::Descriptive; | ||
|
||
our $bodies; | ||
|
||
my ($opt, $usage) = describe_options( | ||
'%c %o', | ||
[ 'area-id=i', "MapIt area ID to create body for", { required => 1 } ], | ||
|
@@ -99,7 +101,6 @@ for my $cat ('Dropped Kerbs', 'Skips') { | |
} | ||
|
||
if ($opt->test_fixtures) { | ||
my $bodies; | ||
|
||
my $params = { | ||
name => 'National Highways', | ||
|
@@ -444,6 +445,8 @@ foreach ( | |
] }, | ||
{ name => 'Wizard of Oz', email_verified => 1, email => '[email protected]', is_superuser => 't' }, | ||
{ name => "Norma User", email_verified => 1, email => '[email protected]' }, | ||
# Body-specific Users | ||
{ name => 'Peter Burra', email_verified => 1, email => '[email protected]', body => $bodies->{2566}, permissions => $perms_cs }, | ||
) { | ||
$users{$_->{email}} = FixMyStreet::DB::Factory::User->find_or_create($_); | ||
my $perms = $_->{permissions} ? " (" . join(', ', @{$_->{permissions} || []}) . ")" : ""; | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters