AO3-7388 Redirect to user skin page with error if trying to preview a skin you can't use

[zrei]

Pull Request Checklist

• Have you read "How to write the perfect pull request"?
• Have you read the contributing guidelines?
• Have you added tests for any changed functionality?
• Have you added the Jira issue number
  as the first thing in your pull request title (e.g. AO3-1234 Fix thing)
• Do you have fewer than 5 pull requests already open? If not, please wait
  until they are reviewed and merged before creating new pull requests.

Issue

https://otwarchive.atlassian.net/browse/AO3-7388

Purpose

Redirects to the user skins page when trying to preview a skin that can't be used but can be viewed while logged in as a user. This includes parent-only site skins and work skins. For skins that a logged-in user cannot view (not owned and not public), they are redirected to their dashboard with an error.

Changed preview to a user-only action. Redirects to the login page with an error when trying to preview any skin while logged out. Redirects to the root page with an error when trying to preview any skin while logged in as an admin.

Testing Instructions

For site skins, refer to Jira.

For work skins:

1. Log in
2. Make a work skin
   a. Hi, username! > My Dashboard > Skins > Create Work Skin
   b. Fill in required information
   c. Press “Submit” to save
3. In your browser address bar, add /preview to the end of the skin URL and press Return

For not owned, not public skins:

1. Log in
2. Make a site skin
   a. Hi, username! > My Dashboard > Skins > Create Site Skin
   b. Fill in required information
   c. Press “Submit” to save
3. Copy the site skin URL
4. Log into another account and paste the site skin URL into the browser address bar. Add /preview to the end of the URL and press Return

Credit

zrei (she/they)

[zrei]

I added a check_visibility call before preview to catch users trying to preview skins they can't view. If I should instead extend the check I've added to the preview action in the skins controller, do let me know!

[Bilka2]

Thank you for working on this! Two minor things about the code and then some requests for testing additions

[Bilka2]

I believe this should redirect to the user skin page per the Jira issue (so the user's skins index page), not the page of that specific skin

[zrei]

Updated! For logged-out users, it redirects to the public site skins page. Will update the PR description.

[Bilka2]

To cover the (very welcome!) change regarding visibility for the preview action, could you add a variant for an official site skin that is fully accessible and one for a previewable skin by a user with it_behaves_like "an action only the skin author can access"? That way we know that the happy path still works

[zrei]

The redirect action for the shared example "an action only the skin author can access" is different from the redirect for preview, so I recreated it for the previewable skin by a user.

[Bilka2]

Missed that detail, thanks for the better test changes!

[Bilka2]

Missed that detail, thanks for the better test changes!

[Bilka2]

if you wanted to simplify this, you could skip checking the notice with it_redirects_to_simple. It's checked in a cucumber test, so we'd be fine skipping it here

[Bilka2]

Sorry to change the requirements under you, but you bringing up that we can't redirect to a user's page if they're not logged in made me ask whether we even want to allow guests and admins to preview any skins at all. Turns out we don't! I've updated the Jira issue accordingly, so please update the code to make this action users_only

[sarken]

Thank you!