Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: 0d519f4847
Branches Tags
zammad
/
spec
/
policies
/
overview_policy_spec.rb

overview_policy_spec.rb 2.2 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. require 'rails_helper'
    4. 

  4. 

  5. describe OverviewPolicy do
    6. 

  6.   subject { described_class.new(user, record) }
    7. 

  7. 

  8.   let(:record_role) { create(:role) }
    9. 

  9.   let(:record)      { create(:overview, roles: [record_role]) } # Make sure no default roles are assigned
    10. 

  10.   let(:user_role)   { create(:role) }
    11. 

  11.   let(:user)        { create(:user, roles: [user_role]) } # Make sure no default roles are assigned
    12. 

  12. 

  13.   context 'with unassigned admin user' do
    14. 

  14.     let(:user) { create(:admin) }
    15. 

  15. 

  16.     it { is_expected.to permit_actions(%i[show create update destroy]) }
    17. 

  17.     it { is_expected.to forbid_actions(%i[use]) }
    18. 

  18.   end
    19. 

  19. 

  20.   context 'with assigned admin user' do
    21. 

  21.     let(:record) { create(:overview, roles: [Role.find_by(name: 'Admin')]) }
    22. 

  22.     let(:user)   { create(:admin) }
    23. 

  23. 

  24.     it { is_expected.to permit_actions(%i[use show create update destroy]) }
    25. 

  25.   end
    26. 

  26. 

  27.   context 'with users assigned to the overview' do
    28. 

  28.     let(:other_user) { create(:user) }
    29. 

  29.     let(:record)     { create(:overview, users: [other_user]) }
    30. 

  30. 

  31.     context 'with user assigned via role, but not directly' do
    32. 

  32.       let(:record) { create(:overview, users: [other_user], roles: [user_role]) }
    33. 

  33. 

  34.       it { is_expected.to forbid_actions(%i[use show create update destroy]) }
    35. 

  35.     end
    36. 

  36. 

  37.     context 'with user assigned directly, but not also via role' do
    38. 

  38.       let(:other_user) { user }
    39. 

  39. 

  40.       it { is_expected.to forbid_actions(%i[use show create update destroy]) }
    41. 

  41.     end
    42. 

  42. 

  43.     context 'with user assigned directly, and also via role' do
    44. 

  44.       let(:record) { create(:overview, roles: [user_role], users: [user]) }
    45. 

  45. 

  46.       it { is_expected.to permit_actions(%i[use show]) }
    47. 

  47.       it { is_expected.to forbid_actions(%i[create update destroy]) }
    48. 

  48.     end
    49. 

  49.   end
    50. 

  50. 

  51.   context 'without users assigned to the overview' do
    52. 

  52.     context 'with user assigned via role' do
    53. 

  53.       let(:record) { create(:overview, roles: [user_role]) }
    54. 

  54. 

  55.       it { is_expected.to permit_actions(%i[use show]) }
    56. 

  56.       it { is_expected.to forbid_actions(%i[create update destroy]) }
    57. 

  57.     end
    58. 

  58. 

  59.     context 'with user not assigned via role' do
    60. 

  60.       it { is_expected.to forbid_actions(%i[use show create update destroy]) }
    61. 

  61.     end
    62. 

  62. 

  63.   end
    64. 

  64. 

  65. end
    66.