time_accountings_controller_policy_spec.rb 2.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. describe Controllers::TimeAccountingsControllerPolicy do
  4. subject { described_class.new(user, record) }
  5. let(:group) { ticket.group }
  6. let(:ticket) { create(:ticket) }
  7. let(:time_accounting_enabled) { true }
  8. let(:record_class) { TimeAccountingsController }
  9. let(:record) do
  10. rec = record_class.new
  11. rec.params = { ticket_id: ticket.id }
  12. rec
  13. end
  14. before do
  15. Setting.set 'time_accounting', time_accounting_enabled
  16. end
  17. context 'with agent who has update access to ticket' do
  18. let(:user) { create(:agent, groups: [group]) }
  19. it { is_expected.to forbid_actions(:update, :destroy) }
  20. it { is_expected.to permit_actions(:index, :show, :create) }
  21. context 'when time accounting is disabled' do
  22. let(:time_accounting_enabled) { false }
  23. it { is_expected.to forbid_actions(:create) }
  24. it { is_expected.to permit_actions(:index, :show) }
  25. end
  26. context 'when time accounting is not allowed' do
  27. before do
  28. allow_any_instance_of(Ticket::TimeAccountingPolicy)
  29. .to receive(:create?).and_return(false)
  30. end
  31. it { is_expected.to forbid_actions(:create) }
  32. it { is_expected.to permit_actions(:index, :show) }
  33. end
  34. context 'when time accounting selector is present and not matching' do
  35. before do
  36. allow_any_instance_of(Ticket::TimeAccountingPolicy)
  37. .to receive(:create?).and_return(true)
  38. end
  39. it { is_expected.to permit_actions(:create, :index, :show) }
  40. end
  41. end
  42. context 'with agent who has no access to ticket' do
  43. let(:user) { create(:agent) }
  44. it { is_expected.to forbid_actions(:index, :show, :create, :update, :destroy) }
  45. end
  46. context 'with agent who has read access to ticket' do
  47. let(:user) { create(:agent) }
  48. before do
  49. user.user_groups.create! group: group, access: 'read'
  50. end
  51. it { is_expected.to forbid_actions(:index, :show, :create, :update, :destroy) }
  52. end
  53. context 'with admin who has no access to ticket' do
  54. let(:user) { create(:admin) }
  55. it { is_expected.to permit_actions(:index, :show, :create, :update, :destroy) }
  56. end
  57. context 'with customer who has access to ticket' do
  58. let(:user) { create(:customer) }
  59. before do
  60. ticket.update! customer: user
  61. end
  62. it { is_expected.to forbid_actions(:index, :show, :create, :update, :destroy) }
  63. end
  64. end