store_policy_spec.rb 1.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. describe StorePolicy do
  4. subject { described_class.new(user, record) }
  5. include_context 'basic Knowledge Base'
  6. let(:record_class) { Store }
  7. let(:object) { create(:knowledge_base_answer, visibility, :with_attachment, category: category) }
  8. let(:record) do
  9. record_class.create!(object: object.class.to_s, o_id: object.id, filename: 'test', data: 'test')
  10. end
  11. context 'without a user' do
  12. let(:user) { nil }
  13. context 'with published object' do
  14. let(:visibility) { :published }
  15. it { is_expected.to permit_actions :show }
  16. it { is_expected.to forbid_actions :destroy }
  17. end
  18. context 'with private object' do
  19. let(:visibility) { :internal }
  20. it { is_expected.to forbid_actions :show, :destroy }
  21. end
  22. end
  23. context 'with a user' do
  24. context 'with full access' do
  25. let(:user) { create(:admin) }
  26. let(:visibility) { :published }
  27. it { is_expected.to permit_actions :show, :destroy }
  28. end
  29. context 'with limited access' do
  30. let(:user) { create(:agent) }
  31. let(:visibility) { :internal }
  32. it { is_expected.to permit_actions :show }
  33. it { is_expected.to forbid_actions :destroy }
  34. end
  35. context 'without access' do
  36. let(:user) { create(:agent) }
  37. let(:visibility) { :draft }
  38. it { is_expected.to forbid_actions :show, :destroy }
  39. end
  40. context 'with object that does not have a policy' do
  41. let(:record) { create(:store, object: 'NonExistingObject') }
  42. let(:user) { create(:admin) }
  43. it { is_expected.to forbid_actions :show, :destroy }
  44. end
  45. end
  46. end