permissions_spec.rb 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe 'KnowledgeBase permissions', authenticated_as: :current_user, type: :request do
  4. include_context 'basic Knowledge Base'
  5. let(:current_user) { create(:admin) }
  6. let(:role_admin) { Role.find_by(name: 'Admin') }
  7. let(:role_agent) { Role.find_by(name: 'Agent') }
  8. let(:initial_permissions) do
  9. {
  10. permissions: {
  11. role_admin.id => 'editor',
  12. role_agent.id => 'none'
  13. }
  14. }
  15. end
  16. let(:update_permissions) do
  17. {
  18. permissions: {
  19. role_admin.id => 'editor',
  20. role_agent.id => 'reader'
  21. }
  22. }
  23. end
  24. let(:expected_response) do
  25. {
  26. 'inherited' => be_empty,
  27. 'permissions' => be_empty,
  28. 'roles_reader' => contain_exactly({ 'id' => role_agent.id, 'name' => 'Agent' }),
  29. 'roles_editor' => contain_exactly({ 'id' => role_admin.id, 'name' => 'Admin' })
  30. }
  31. end
  32. let(:expected_response_permissions) do
  33. permissions = [
  34. { 'access' => 'editor', 'id' => KnowledgeBase::Permission.first.id, 'role_id' => role_admin.id },
  35. { 'access' => 'none', 'id' => KnowledgeBase::Permission.last.id, 'role_id' => role_agent.id }
  36. ]
  37. expected_response.merge({ 'permissions' => match_array(permissions) })
  38. end
  39. shared_examples 'verify permissions' do
  40. describe '#show' do
  41. it 'returns success' do
  42. get url
  43. expect(response).to have_http_status(:ok)
  44. end
  45. it 'returns correct response' do
  46. get url
  47. expect(json_response).to include(expected_response)
  48. end
  49. context 'with initial permissions' do
  50. before do
  51. KnowledgeBase::PermissionsUpdate.new(object, current_user).update_using_params!(initial_permissions)
  52. end
  53. it 'returns correct response' do
  54. get url
  55. expect(json_response).to include(expected_response_permissions)
  56. end
  57. end
  58. context 'when a role has both KB permissions' do
  59. before do
  60. role_agent.permission_grant('knowledge_base.editor')
  61. end
  62. it 'ensures that same role is not returned twice' do
  63. get url
  64. expect(json_response['roles_reader'].intersection(json_response['roles_editor']))
  65. .to be_empty
  66. end
  67. it 'ensures that ambiguous role is returned as editor' do
  68. get url
  69. editor_includes_agent = json_response['roles_editor'].find { |elem| elem['id'] == role_agent.id }
  70. expect(editor_includes_agent).to be_truthy
  71. end
  72. end
  73. end
  74. describe '#update' do
  75. before do
  76. put url, params: params
  77. end
  78. let(:params) do
  79. {
  80. permissions_dialog: update_permissions
  81. }
  82. end
  83. it 'returns success' do
  84. put url, params: params
  85. expect(response).to have_http_status(:ok)
  86. end
  87. it 'saves update' do
  88. put url, params: params
  89. expect(KnowledgeBase::Permission.last.access).to eq 'reader'
  90. end
  91. end
  92. end
  93. context 'with a category' do
  94. let(:object) { category }
  95. let(:url) { "/api/v1/knowledge_bases/#{knowledge_base.id}/categories/#{category.id}/permissions" }
  96. include_examples 'verify permissions'
  97. end
  98. context 'with a knowledge base' do
  99. let(:object) { knowledge_base }
  100. let(:url) { "/api/v1/knowledge_bases/#{knowledge_base.id}/permissions" }
  101. include_examples 'verify permissions'
  102. end
  103. end