SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485
							# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/

require 'rails_helper'
require 'models/contexts/factory_context'

RSpec.describe KnowledgeBase::Permission, type: :model do
  subject(:kb_category_permission) { create(:knowledge_base_permission) }

  include_context 'basic Knowledge Base'
  include_context 'factory'

  describe '#permissionable' do
    it { is_expected.to belong_to(:permissionable).touch(true) }

    it 'allows multiple permissions for the same category' do
      permission = build(:knowledge_base_permission, permissionable: kb_category_permission.permissionable)
      permission.role.save
      permission.save

      expect(permission).to be_persisted
    end

    it 'does not allow same role/permission conbination' do
      permission = build(:knowledge_base_permission,
                         permissionable: kb_category_permission.permissionable,
                         role:           kb_category_permission.role)
      permission.save

      expect(permission).not_to be_persisted
    end
  end

  describe '#role' do
    it { is_expected.to belong_to(:role) }

    it 'allows multiple permissions for the same category' do
      permission = build(:knowledge_base_permission, role: kb_category_permission.role)
      permission.save

      expect(permission).to be_persisted
    end
  end

  describe '#access' do
    it { is_expected.not_to allow_access_value(nil) }
    it { is_expected.not_to allow_access_value('foobar') }

    context 'when role is editor' do
      it { is_expected.to allow_access_value('editor') }
      it { is_expected.to allow_access_value('reader') }
      it { is_expected.to allow_access_value('none') }
    end

    context 'when role is reader' do
      subject(:kb_category_permission) { build(:knowledge_base_permission, role: create(:role, permission_names: 'knowledge_base.reader')) }

      it { is_expected.not_to allow_access_value('editor') }
      it { is_expected.to allow_access_value('reader') }
      it { is_expected.to allow_access_value('none') }
    end

    context 'when role has no KB access' do
      subject(:kb_category_permission) { build(:knowledge_base_permission, role: create(:role)) }

      it { is_expected.not_to allow_access_value('editor') }
      it { is_expected.not_to allow_access_value('reader') }
      it { is_expected.not_to allow_access_value('none') }
    end
  end

  matcher :allow_access_value do
    match do
      actual.access = expected
      actual.valid?
    end

    failure_message do
      "Expected to allow #{expected} as access, but was not allowed"
    end

    failure_message_when_negated do
      "Expected to not allow #{expected} as access, but was allowed"
    end
  end
end