123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- RSpec.describe ApplicationPolicy::FieldScope do
- subject(:field_scope) { described_class.new(allow: allow_fields, deny: deny_fields) }
- let(:allow_fields) { nil }
- let(:deny_fields) { nil }
- context 'when only allowing fields' do
- let(:allow_fields) { [:field1] }
- it 'accepts allowlisted fields' do
- expect(field_scope.field_authorized?(:field1)).to be(true)
- end
- it 'denies unknown fields' do
- expect(field_scope.field_authorized?(:field2)).to be(false)
- end
- end
- context 'when only denying fields' do
- let(:deny_fields) { [:field1] }
- it 'rejects denylisted fields' do
- expect(field_scope.field_authorized?(:field1)).to be(false)
- end
- it 'allows unknown fields' do
- expect(field_scope.field_authorized?(:field2)).to be(true)
- end
- end
- context 'when both allowing and denying' do
- let(:allow_fields) { [:field1] }
- let(:deny_fields) { [:field2] }
- it 'accepts allowlisted fields' do
- expect(field_scope.field_authorized?(:field1)).to be(true)
- end
- it 'rejects denylisted fields' do
- expect(field_scope.field_authorized?(:field2)).to be(false)
- end
- it 'rejects unknown fields' do
- expect(field_scope.field_authorized?(:field3)).to be(false)
- end
- end
- end
|