permission_spec.rb 2.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. require 'models/contexts/factory_context'
  4. RSpec.describe KnowledgeBase::Permission, type: :model do
  5. subject(:kb_category_permission) { create(:knowledge_base_permission) }
  6. include_context 'basic Knowledge Base'
  7. include_context 'factory'
  8. describe '#permissionable' do
  9. it { is_expected.to belong_to(:permissionable).touch(true) }
  10. it 'allows multiple permissions for the same category' do
  11. permission = build(:knowledge_base_permission, permissionable: kb_category_permission.permissionable)
  12. permission.role.save
  13. permission.save
  14. expect(permission).to be_persisted
  15. end
  16. it 'does not allow same role/permission conbination' do
  17. permission = build(:knowledge_base_permission,
  18. permissionable: kb_category_permission.permissionable,
  19. role: kb_category_permission.role)
  20. permission.save
  21. expect(permission).not_to be_persisted
  22. end
  23. end
  24. describe '#role' do
  25. it { is_expected.to belong_to(:role) }
  26. it 'allows multiple permissions for the same category' do
  27. permission = build(:knowledge_base_permission, role: kb_category_permission.role)
  28. permission.save
  29. expect(permission).to be_persisted
  30. end
  31. end
  32. describe '#access' do
  33. it { is_expected.not_to allow_access_value(nil) }
  34. it { is_expected.not_to allow_access_value('foobar') }
  35. context 'when role is editor' do
  36. it { is_expected.to allow_access_value('editor') }
  37. it { is_expected.to allow_access_value('reader') }
  38. it { is_expected.to allow_access_value('none') }
  39. end
  40. context 'when role is reader' do
  41. subject(:kb_category_permission) { build(:knowledge_base_permission, role: create(:role, permission_names: 'knowledge_base.reader')) }
  42. it { is_expected.not_to allow_access_value('editor') }
  43. it { is_expected.to allow_access_value('reader') }
  44. it { is_expected.to allow_access_value('none') }
  45. end
  46. context 'when role has no KB access' do
  47. subject(:kb_category_permission) { build(:knowledge_base_permission, role: create(:role)) }
  48. it { is_expected.not_to allow_access_value('editor') }
  49. it { is_expected.not_to allow_access_value('reader') }
  50. it { is_expected.not_to allow_access_value('none') }
  51. end
  52. end
  53. matcher :allow_access_value do
  54. match do
  55. actual.access = expected
  56. actual.valid?
  57. end
  58. failure_message do
  59. "Expected to allow #{expected} as access, but was not allowed"
  60. end
  61. failure_message_when_negated do
  62. "Expected to not allow #{expected} as access, but was allowed"
  63. end
  64. end
  65. end