Enforcement of Administrative Permissions

Before you move on, you have to set up a series of roles and users (if they are not already set up)

Create new role None to Admin with:

None permissions to Utility Resources > Term Lists
None permissions to Utility Resources > Data Updates
None permissions to Security Resources > Roles
None permissions to Security Resources > Users
Read permissions to Objects

Create new role Write to Admin with:

Write permissions to Utility Resources > Term Lists
Write permissions to Utility Resources > Data Updates
Write permissions to Security Resources > Roles
Write permissions to Security Resources > Users

And set up the below users with the proper roles

(Ok to use fake email addresses for new user creation, e.g. nonetoadmin@collectionspace.org)

User None to Admin with Role None to Admin

User Read to Admin with Role TENANT_READER

User Write to Admin with Role Write to Admin

User Delete to Admin with Role TENANT_ADMINISTRATOR

Test 1: No access to any administration

Actions:

Log in as User None to Admin
Click the Administration menu item in the top navigation

Expected

The Administration menu item should not be present

Actions:

Click the Tools menu item in the top navigation

Expected

The Tools menu item should not be present

Test 2: Read only access to Users

Actions:

Login as the user Read to Admin
Click the Administration menu in the top navigation
Click the Users tab

Expected:

List of users appears on the left
No + Create New button is displayed above the list of users

Actions:

Click one of the existing users

Expected:

Details of the user should appear to the right
All the details should be read only, including the list of assigned roles
No save, revert, or delete buttons should be present

Test 3: Read only access to Roles and Permissions

Actions:

Continue from Test 2
Click the Roles and Permissions tab

Expected:

List of roles appears on the left
No + Create New button is displayed above the list of roles

Actions:

Click one of the existing roles

Expected:

Details of the roles should appear to the right
All the details should be read only, including the list of permissions
No save, revert, or delete buttons should be present

Test 4: Read only access to Term Lists

Actions:

Click the Tools menu item in the top navigation
Click the Term Lists tab
Click on a term list name in the left menu

Expected:

Details of the term list should appear to the right
All the details should be read only
No save, revert, or cancel buttons should be present

Text 6: Read only access to Data Updates

Actions:

Continue from Test 3
Click the Data Updates Tab
Click on a data update name in the left menu

Expected:

Details of the data update should appear to the right
All the details should be read only
No save, revert, run or cancel buttons should be present

Test 7: Write access to Users

Actions:

Log in as User Write to Admin
Click the Administration menu item in the top navigation
Click on the Users menu item

Expected:

+ Create New button is displayed above the list of users

Actions:

Click one of the existing users

Expected:

Details of the user should appear to the right and should be editable
No delete button should be present

Actions:

Click the + Create New button above the user listing
In the empty form appearing on the right, fill out all fields and make sure you assign at least one role
Save

Expected:

The new user should be saved and a success message should display this in the bottom of the screen

Actions:

Click the new user in the left menu and check that all the fields contain the expected values
Change one or more fields
Click the save button

Expected:

The user should be saved and a message should display this in the bottom of the screen.

Test 8: Write access to Roles & Permissions

Actions:

Continue from Test 7
Click the Roles and Permissions tab

Expected:

+ Create New button is displayed above the list of roles

Actions:

Click one of the existing roles

Expected:

Details of the role should appear to the right and should be editable
No delete button should be present

Actions:

Click the + Create New button above the role listing
In the empty form appearing on the right, fill out all fields and make sure you change at least one permission.
Save

Expected:

The new role should be saved and a success message should display this in the bottom of the screen.

Test 9: Write access to Term List Management

Actions:

Click on the Tools menu in the top navigation
Click the Term Lists tab
Click one of the existing term lists

Expected:

Details of the term list should appear to the right and should be editable
The save and revert buttons should be present

Actions:

Change the Name, Source and Description of an existing term
Add a term by clicking the + below the list of terms (values)
1. Fill out the details of the new term
Delete a term by clicking the - to the right of the term status field
Inactivate a term by selecting inactivate from the status dropdown
Save

Expected:

The modified term list should be saved and the changes you have made should still be present

Test 11: Write access to Data Updates

Actions:

Continue from Test 10
Click on the Data Updates Tab
Click a Data Update on the left menu

Expected:

Details of the data update should appear to the right
All the details should be editable
Run, save, and revert buttons should be present

Actions:

Select a data update and select the run button
Choose a parameter in the pop-up
Select the run button

Expected:

The data update will run.

Test 12: Delete Access to Roles

Actions:

Log in as Delete to Admin
Click the Administration menu item in the top navigation
Click the Roles & Permissions tab
Click the + Create New button
Fill out the details of the new role
Click Save

Expected:

A confirmation of successful save should appear in the status bar

Actions:

If the new role was dismissed, reopen it by clicking on its name in the role listing to the left
Click the delete button
Confirm deletion of role

Expected:

The role should be deleted

Test 14: Delete Permission to Users

Actions:

Continue from Test 12
Click the Users tab
Create a new user by clicking the + Create New button
Fill out with the following info:
1. Email Address: test@collectionspace.org
2. Full Name: test@collectionspace.org
3. Password: test@collectionspace.org
4. Confirm password: test@collectionspace.org
Assign any role to the user
Save

Expected:

User is saved

Actions:

Open a different browser (it's important that it is not the same as you've been doing the above testing in. You have to be logged in with two different users at the same time, which requires two different browsers. If you are using Google Chrome, you can open a new Incognito window by pressing Ctrl+Shift+N and user this as Browser Two. This has the same effect as using two different browsers)
We will call this browser Browser Two for future reference
In Browser Two, log in with username test@collectionspace.org and password test@collectionspace.org
In Browser One, go to Administration > Users
Click the test@collectionspace.org user

Expected:

User details should appear to the right
No Delete button should be present

Note: At this time, there is no material difference between Write and Delete to Term Lists, Reports, and Data Updates. None of these items may be deleted via the User Interface.