dawarich/spec/requests/family/memberships_spec.rb

# frozen_string_literal: true

require 'rails_helper'

RSpec.describe 'Family::Memberships', type: :request do
  let(:user) { create(:user) }
  let(:family) { create(:family, creator: user) }
  let!(:owner_membership) { create(:family_membership, user: user, family: family, role: :owner) }
  let(:member_user) { create(:user) }
  let!(:member_membership) { create(:family_membership, user: member_user, family: family, role: :member) }

  before do
    stub_request(:any, 'https://api.github.com/repos/Freika/dawarich/tags')
      .to_return(status: 200, body: '[{"name": "1.0.0"}]', headers: {})
    sign_in user
  end

  describe 'DELETE /families/:family_id/members/:id' do
    context 'when removing a regular member' do
      it 'removes the member from the family' do
        expect do
          delete "/families/#{family.id}/members/#{member_membership.id}"
        end.to change(FamilyMembership, :count).by(-1)
      end

      it 'redirects with success message' do
        member_email = member_user.email
        delete "/families/#{family.id}/members/#{member_membership.id}"
        expect(response).to redirect_to(family_path(family))
        follow_redirect!
        expect(response.body).to include("#{member_email} has been removed from the family")
      end

      it 'removes the user from the family' do
        delete "/families/#{family.id}/members/#{member_membership.id}"
        expect(member_user.reload.family).to be_nil
      end
    end

    context 'when trying to remove the owner' do
      it 'does not remove the owner' do
        expect do
          delete "/families/#{family.id}/members/#{owner_membership.id}"
        end.not_to change(FamilyMembership, :count)
      end

      it 'redirects with error message explaining owners must delete family' do
        delete "/families/#{family.id}/members/#{owner_membership.id}"
        expect(response).to redirect_to(family_path(family))
        follow_redirect!
        expect(response.body).to include('Family owners cannot remove their own membership. To leave the family, delete it instead.')
      end

      it 'prevents owner removal even when they are the only member' do
        member_membership.destroy!

        expect do
          delete "/families/#{family.id}/members/#{owner_membership.id}"
        end.not_to change(FamilyMembership, :count)

        expect(response).to redirect_to(family_path(family))
        follow_redirect!
        expect(response.body).to include('Family owners cannot remove their own membership')
      end
    end

    context 'when membership does not belong to the family' do
      let(:other_family) { create(:family) }
      let(:other_membership) { create(:family_membership, family: other_family) }

      it 'returns not found' do
        delete "/families/#{family.id}/members/#{other_membership.id}"
        expect(response).to have_http_status(:not_found)
      end
    end

    context 'when user is not in the family' do
      let(:outsider) { create(:user) }

      before { sign_in outsider }

      it 'redirects to families index' do
        delete "/families/#{family.id}/members/#{member_membership.id}"
        expect(response).to redirect_to(families_path)
      end
    end

    context 'when not authenticated' do
      before { sign_out user }

      it 'redirects to login' do
        delete "/families/#{family.id}/members/#{member_membership.id}"
        expect(response).to redirect_to(new_user_session_path)
      end
    end
  end

  describe 'authorization for different member roles' do
    context 'when member tries to remove another member' do
      before { sign_in member_user }

      it 'returns forbidden' do
        delete "/families/#{family.id}/members/#{owner_membership.id}"
        expect(response).to have_http_status(:see_other)
        expect(flash[:alert]).to include('not authorized')
      end
    end

  end

  describe 'member removal workflow' do
    it 'removes member and updates family associations' do
      # Verify initial state
      expect(family.members).to include(user, member_user)
      expect(member_user.family).to eq(family)

      # Remove member
      delete "/families/#{family.id}/members/#{member_membership.id}"

      # Verify removal
      expect(response).to redirect_to(family_path(family))
      expect(family.reload.members).to include(user)
      expect(family.members).not_to include(member_user)
      expect(member_user.reload.family).to be_nil
    end

    it 'prevents removing owner regardless of member count' do
      # Verify initial state
      expect(family.members.count).to eq(2)
      expect(user.family_owner?).to be true

      # Try to remove owner
      delete "/families/#{family.id}/members/#{owner_membership.id}"

      # Verify prevention
      expect(response).to redirect_to(family_path(family))
      expect(family.reload.members).to include(user, member_user)
      expect(user.reload.family).to eq(family)
    end

    it 'prevents removing owner even when they are the only member' do
      # Remove other member first
      member_membership.destroy!

      # Verify only owner remains
      expect(family.reload.members.count).to eq(1)
      expect(family.members).to include(user)

      # Try to remove owner - should be prevented
      expect do
        delete "/families/#{family.id}/members/#{owner_membership.id}"
      end.not_to change(FamilyMembership, :count)

      expect(response).to redirect_to(family_path(family))
      expect(user.reload.family).to eq(family)
      expect(family.reload).to be_present
    end

    it 'requires owners to use family deletion to leave the family' do
      # This test documents that owners must delete the family to leave
      # rather than removing their membership

      # Remove other member first
      member_membership.destroy!

      # Try to remove owner membership - should fail
      delete "/families/#{family.id}/members/#{owner_membership.id}"
      expect(response).to redirect_to(family_path(family))
      expect(flash[:alert]).to include('Family owners cannot remove their own membership')

      # Owner must delete the family instead
      delete "/families/#{family.id}"
      expect(response).to redirect_to(families_path)
      expect(user.reload.family).to be_nil
    end
  end
end
Complete phase 3 2025-09-27 07:23:33 -04:00			`# frozen_string_literal: true`

			`require 'rails_helper'`

Move family controllers to their own namespace 2025-10-04 14:48:44 -04:00			`RSpec.describe 'Family::Memberships', type: :request do`
Complete phase 3 2025-09-27 07:23:33 -04:00			`let(:user) { create(:user) }`
			`let(:family) { create(:family, creator: user) }`
			`let!(:owner_membership) { create(:family_membership, user: user, family: family, role: :owner) }`
			`let(:member_user) { create(:user) }`
			`let!(:member_membership) { create(:family_membership, user: member_user, family: family, role: :member) }`

Complete phase 4 2025-09-27 08:04:10 -04:00			`before do`
			`stub_request(:any, 'https://api.github.com/repos/Freika/dawarich/tags')`
			`.to_return(status: 200, body: '[{"name": "1.0.0"}]', headers: {})`
			`sign_in user`
			`end`
Complete phase 3 2025-09-27 07:23:33 -04:00
			`describe 'DELETE /families/:family_id/members/:id' do`
			`context 'when removing a regular member' do`
			`it 'removes the member from the family' do`
			`expect do`
			`delete "/families/#{family.id}/members/#{member_membership.id}"`
			`end.to change(FamilyMembership, :count).by(-1)`
			`end`

			`it 'redirects with success message' do`
			`member_email = member_user.email`
			`delete "/families/#{family.id}/members/#{member_membership.id}"`
			`expect(response).to redirect_to(family_path(family))`
			`follow_redirect!`
			`expect(response.body).to include("#{member_email} has been removed from the family")`
			`end`

			`it 'removes the user from the family' do`
			`delete "/families/#{family.id}/members/#{member_membership.id}"`
			`expect(member_user.reload.family).to be_nil`
			`end`
			`end`

Fix leaving and deleting family confirmation dialogs 2025-09-28 08:49:32 -04:00			`context 'when trying to remove the owner' do`
Complete phase 3 2025-09-27 07:23:33 -04:00			`it 'does not remove the owner' do`
			`expect do`
			`delete "/families/#{family.id}/members/#{owner_membership.id}"`
			`end.not_to change(FamilyMembership, :count)`
			`end`

Fix leaving and deleting family confirmation dialogs 2025-09-28 08:49:32 -04:00			`it 'redirects with error message explaining owners must delete family' do`
Complete phase 3 2025-09-27 07:23:33 -04:00			`delete "/families/#{family.id}/members/#{owner_membership.id}"`
			`expect(response).to redirect_to(family_path(family))`
			`follow_redirect!`
Fix leaving and deleting family confirmation dialogs 2025-09-28 08:49:32 -04:00			`expect(response.body).to include('Family owners cannot remove their own membership. To leave the family, delete it instead.')`
Complete phase 3 2025-09-27 07:23:33 -04:00			`end`

Fix leaving and deleting family confirmation dialogs 2025-09-28 08:49:32 -04:00			`it 'prevents owner removal even when they are the only member' do`
			`member_membership.destroy!`
Complete phase 3 2025-09-27 07:23:33 -04:00
			`expect do`
			`delete "/families/#{family.id}/members/#{owner_membership.id}"`
Fix leaving and deleting family confirmation dialogs 2025-09-28 08:49:32 -04:00			`end.not_to change(FamilyMembership, :count)`
Complete phase 3 2025-09-27 07:23:33 -04:00
			`expect(response).to redirect_to(family_path(family))`
Fix leaving and deleting family confirmation dialogs 2025-09-28 08:49:32 -04:00			`follow_redirect!`
			`expect(response.body).to include('Family owners cannot remove their own membership')`
Complete phase 3 2025-09-27 07:23:33 -04:00			`end`
			`end`

			`context 'when membership does not belong to the family' do`
			`let(:other_family) { create(:family) }`
			`let(:other_membership) { create(:family_membership, family: other_family) }`

			`it 'returns not found' do`
			`delete "/families/#{family.id}/members/#{other_membership.id}"`
			`expect(response).to have_http_status(:not_found)`
			`end`
			`end`

			`context 'when user is not in the family' do`
			`let(:outsider) { create(:user) }`

			`before { sign_in outsider }`

			`it 'redirects to families index' do`
			`delete "/families/#{family.id}/members/#{member_membership.id}"`
			`expect(response).to redirect_to(families_path)`
			`end`
			`end`

			`context 'when not authenticated' do`
			`before { sign_out user }`

			`it 'redirects to login' do`
			`delete "/families/#{family.id}/members/#{member_membership.id}"`
			`expect(response).to redirect_to(new_user_session_path)`
			`end`
			`end`
			`end`

			`describe 'authorization for different member roles' do`
			`context 'when member tries to remove another member' do`
			`before { sign_in member_user }`

			`it 'returns forbidden' do`
			`delete "/families/#{family.id}/members/#{owner_membership.id}"`
Fix tests 2025-09-27 14:14:57 -04:00			`expect(response).to have_http_status(:see_other)`
			`expect(flash[:alert]).to include('not authorized')`
Complete phase 3 2025-09-27 07:23:33 -04:00			`end`
			`end`

			`end`

			`describe 'member removal workflow' do`
			`it 'removes member and updates family associations' do`
			`# Verify initial state`
			`expect(family.members).to include(user, member_user)`
			`expect(member_user.family).to eq(family)`

			`# Remove member`
			`delete "/families/#{family.id}/members/#{member_membership.id}"`

			`# Verify removal`
			`expect(response).to redirect_to(family_path(family))`
			`expect(family.reload.members).to include(user)`
			`expect(family.members).not_to include(member_user)`
			`expect(member_user.reload.family).to be_nil`
			`end`

Fix leaving and deleting family confirmation dialogs 2025-09-28 08:49:32 -04:00			`it 'prevents removing owner regardless of member count' do`
Complete phase 3 2025-09-27 07:23:33 -04:00			`# Verify initial state`
			`expect(family.members.count).to eq(2)`
			`expect(user.family_owner?).to be true`

			`# Try to remove owner`
			`delete "/families/#{family.id}/members/#{owner_membership.id}"`

			`# Verify prevention`
			`expect(response).to redirect_to(family_path(family))`
			`expect(family.reload.members).to include(user, member_user)`
			`expect(user.reload.family).to eq(family)`
			`end`

Fix leaving and deleting family confirmation dialogs 2025-09-28 08:49:32 -04:00			`it 'prevents removing owner even when they are the only member' do`
Complete phase 3 2025-09-27 07:23:33 -04:00			`# Remove other member first`
			`member_membership.destroy!`

			`# Verify only owner remains`
			`expect(family.reload.members.count).to eq(1)`
			`expect(family.members).to include(user)`

Fix leaving and deleting family confirmation dialogs 2025-09-28 08:49:32 -04:00			`# Try to remove owner - should be prevented`
Complete phase 3 2025-09-27 07:23:33 -04:00			`expect do`
			`delete "/families/#{family.id}/members/#{owner_membership.id}"`
Fix leaving and deleting family confirmation dialogs 2025-09-28 08:49:32 -04:00			`end.not_to change(FamilyMembership, :count)`
Complete phase 3 2025-09-27 07:23:33 -04:00
			`expect(response).to redirect_to(family_path(family))`
Fix leaving and deleting family confirmation dialogs 2025-09-28 08:49:32 -04:00			`expect(user.reload.family).to eq(family)`
			`expect(family.reload).to be_present`
			`end`

			`it 'requires owners to use family deletion to leave the family' do`
			`# This test documents that owners must delete the family to leave`
			`# rather than removing their membership`

			`# Remove other member first`
			`member_membership.destroy!`

			`# Try to remove owner membership - should fail`
			`delete "/families/#{family.id}/members/#{owner_membership.id}"`
			`expect(response).to redirect_to(family_path(family))`
			`expect(flash[:alert]).to include('Family owners cannot remove their own membership')`

			`# Owner must delete the family instead`
			`delete "/families/#{family.id}"`
			`expect(response).to redirect_to(families_path)`
Complete phase 3 2025-09-27 07:23:33 -04:00			`expect(user.reload.family).to be_nil`
			`end`
			`end`
			`end`