two_factors_controller_policy_spec.rb 1.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. describe Controllers::User::TwoFactorsControllerPolicy do
  4. subject { described_class.new(user, record) }
  5. let(:record_class) { User::TwoFactorsController }
  6. let(:record) do
  7. rec = record_class.new
  8. rec.params = params
  9. rec
  10. end
  11. let(:twofactoree) { create(:agent) }
  12. describe 'endpoints for current user' do
  13. let(:user) { twofactoree }
  14. let(:params) { {} }
  15. let(:permitted_actions) do
  16. %i[two_factor_verify_configuration two_factor_authentication_method_initiate_configuration two_factor_default_authentication_method two_factor_authentication_method_configuration two_factor_authentication_remove_credentials]
  17. end
  18. it { is_expected.to permit_actions(permitted_actions) }
  19. end
  20. describe 'endpoints allowing to manage other users' do
  21. let(:params) { { id: twofactoree.id } }
  22. let(:actions) do
  23. %i[two_factor_enabled_authentication_methods two_factor_remove_authentication_method two_factor_remove_all_authentication_methods]
  24. end
  25. context 'with an admin' do
  26. let(:user) { create(:admin) }
  27. it { is_expected.to permit_actions(actions) }
  28. end
  29. context 'with a different user' do
  30. let(:user) { create(:agent) }
  31. it { is_expected.to forbid_actions(actions) }
  32. end
  33. context 'with the user' do
  34. let(:user) { twofactoree }
  35. it { is_expected.to permit_actions(actions) }
  36. context 'when user does not have user_preferences.two_factor_authentication permission' do
  37. before do
  38. user.roles.each { |role| role.permission_revoke('user_preferences') }
  39. end
  40. it { is_expected.to forbid_actions(actions) }
  41. end
  42. end
  43. end
  44. end