field_scope_spec.rb 1.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe ApplicationPolicy::FieldScope do
  4. subject(:field_scope) { described_class.new(allow: allow_fields, deny: deny_fields) }
  5. let(:allow_fields) { nil }
  6. let(:deny_fields) { nil }
  7. context 'when only allowing fields' do
  8. let(:allow_fields) { [:field1] }
  9. it 'accepts allowlisted fields' do
  10. expect(field_scope.field_authorized?(:field1)).to be(true)
  11. end
  12. it 'denies unknown fields' do
  13. expect(field_scope.field_authorized?(:field2)).to be(false)
  14. end
  15. end
  16. context 'when only denying fields' do
  17. let(:deny_fields) { [:field1] }
  18. it 'rejects denylisted fields' do
  19. expect(field_scope.field_authorized?(:field1)).to be(false)
  20. end
  21. it 'allows unknown fields' do
  22. expect(field_scope.field_authorized?(:field2)).to be(true)
  23. end
  24. end
  25. context 'when both allowing and denying' do
  26. let(:allow_fields) { [:field1] }
  27. let(:deny_fields) { [:field2] }
  28. it 'accepts allowlisted fields' do
  29. expect(field_scope.field_authorized?(:field1)).to be(true)
  30. end
  31. it 'rejects denylisted fields' do
  32. expect(field_scope.field_authorized?(:field2)).to be(false)
  33. end
  34. it 'rejects unknown fields' do
  35. expect(field_scope.field_authorized?(:field3)).to be(false)
  36. end
  37. end
  38. end