From c8fe2e5a7e934d261f5cdf1bff88bc42a30d6d1c Mon Sep 17 00:00:00 2001 From: Ludo Tolhurst-Cleaver Date: Wed, 9 Mar 2022 10:50:44 +0000 Subject: [PATCH] WIP: fixup! Protect staff name & phone fields in FMS front-end. --- .cypress/cypress/integration/staff.js | 31 +++++++++++++------------ web/cobrands/fixmystreet/fixmystreet.js | 2 -- web/cobrands/fixmystreet/staff.js | 12 ++++------ 3 files changed, 21 insertions(+), 24 deletions(-) diff --git a/.cypress/cypress/integration/staff.js b/.cypress/cypress/integration/staff.js index 06ea4fd33a4..bb426ad53f5 100644 --- a/.cypress/cypress/integration/staff.js +++ b/.cypress/cypress/integration/staff.js @@ -45,23 +45,25 @@ describe('Staff user tests', function() { }); it('does not let staff update their name, phone or email address whilst reporting or updating', function() { - // Lest CS staff forget to select 'report as another user' and type the reporter's details into their own account. + // Lest CS staff forget to select 'report as another user' and type the reporter's details over their own. cy.server(); - Cypress.on('uncaught:exception', function(err, runnable) { - // handle IOW assets error - return false; + // log in and create report + cy.route('/report/new/ajax*').as('report-ajax'); + cy.request({ + method: 'POST', + url: '/auth?r=/', + form: true, + body: { username: 'cs_full@example.org', password_sign_in: 'password' } }); + cy.visit('/'); + cy.contains('Go'); + cy.get('[name=pc]').type(Cypress.env('postcode')); + cy.get('[name=pc]').parents('form').submit(); + cy.url().should('include', '/around'); + cy.get('#map_box').click(240, 249); + cy.wait('@report-ajax'); - // log in - cy.visit('/auth'); - cy.get('[name=username]').type('cs@example.org'); - cy.contains('Sign in with a password').click(); - cy.get('[name=password_sign_in]').type('password'); - cy.get('[name=sign_in_by_password]').last().click(); - - // Visit Borsetshire - cy.visit('/report/new?latitude=51.496194&longitude=-2.603439,'); // pick category: with check to avoid race condition // but doesn't always work, so have added {force:true} as well cy.get('input[value="Flytipping"]').should('be.visible').click({force:true}); @@ -69,11 +71,10 @@ describe('Staff user tests', function() { // photos & description pages cy.nextPageReporting(); - cy.get('#form_title').type('Fly-tipped sofa'); - cy.get('#form_detail').type('Looks like a Chesterfield.'); cy.nextPageReporting(); // about you page + cy.get('#form_as').select('myself'); cy.get('[name=username]').should('be.disabled'); // (already protected) cy.get('[name=phone]').should('be.disabled'); cy.get('[name=name]').should('have.attr', 'readonly'); diff --git a/web/cobrands/fixmystreet/fixmystreet.js b/web/cobrands/fixmystreet/fixmystreet.js index e7753764b7a..d593dd80bd6 100644 --- a/web/cobrands/fixmystreet/fixmystreet.js +++ b/web/cobrands/fixmystreet/fixmystreet.js @@ -1108,8 +1108,6 @@ $.extend(fixmystreet.set_up, { hide('.js-new-report-user-hidden'); show('.js-new-report-user-shown').then(function(){ focusFirstVisibleInput(); - // run now to protect staff fields when adding an update: - fixmystreet.staff_set_up.contribute_as(); }); }); diff --git a/web/cobrands/fixmystreet/staff.js b/web/cobrands/fixmystreet/staff.js index f3301eceea1..3001296512e 100644 --- a/web/cobrands/fixmystreet/staff.js +++ b/web/cobrands/fixmystreet/staff.js @@ -106,7 +106,7 @@ fixmystreet.staff_set_up = { if (val === 'myself') { $emailInput.val($emailInput.prop('defaultValue')).prop('disabled', true); $emailOptionalLabel.addClass('hidden'); - $nameInput.val($nameInput.prop('defaultValue')).prop('readonly', true); + $nameInput.val($nameInput.prop('defaultValue')).prop('disabled', false).prop('readonly', true); $phoneInput.val($phoneInput.prop('defaultValue')).prop('disabled', true); $showNameCheckbox.prop('checked', false).prop('disabled', false); $addAlertCheckbox.prop('checked', true).prop('disabled', false); @@ -123,24 +123,21 @@ fixmystreet.staff_set_up = { $emailOptionalLabel.removeClass('hidden'); $emailInput.removeClass('required'); } - $nameInput.val('').prop('disabled', false); - $nameInput.val('').prop('readonly', false); + $nameInput.val('').prop('disabled', false).prop('readonly', false); $phoneInput.val('').prop('disabled', false); $showNameCheckbox.prop('checked', false).prop('disabled', true); $addAlertCheckbox.prop('checked', true).prop('disabled', false); } else if (val === 'anonymous_user') { $emailInput.val('-').prop('disabled', true); $emailOptionalLabel.addClass('hidden'); - $nameInput.val('-').prop('disabled', true); - $nameInput.val('').prop('readonly', false); + $nameInput.val('-').prop('disabled', true).prop('readonly', false); $phoneInput.val('-').prop('disabled', true); $showNameCheckbox.prop('checked', false).prop('disabled', true); $addAlertCheckbox.prop('checked', false).prop('disabled', true); } else if (val === 'body') { $emailInput.val('-').prop('disabled', true); $emailOptionalLabel.addClass('hidden'); - $nameInput.val(txt).prop('disabled', true); - $nameInput.val('').prop('readonly', false); + $nameInput.val(txt).prop('disabled', false).prop('readonly', true); $phoneInput.val('-').prop('disabled', true); $showNameCheckbox.prop('checked', true).prop('disabled', true); $addAlertCheckbox.prop('checked', false).prop('disabled', true); @@ -461,6 +458,7 @@ $(function() { }); $(fixmystreet).on('display:report', function() { + fixmystreet.staff_set_up.contribute_as(); fixmystreet.staff_set_up.moderation(); fixmystreet.staff_set_up.response_templates(); if ($("#report_inspect_form").length) {