organization_policy_spec.rb 1.4 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. describe OrganizationPolicy do
  4. subject(:organization_policy) { described_class.new(user, record) }
  5. let(:record) { create(:organization) }
  6. shared_examples 'restricts fields' do |method|
  7. it "restricts fields for #{method}", :aggregate_failures do
  8. expect(organization_policy.public_send(method)).to permit_fields(%i[id name active])
  9. expect(organization_policy.public_send(method)).to forbid_fields(%i[shared domain note])
  10. end
  11. end
  12. context 'when user is a customer in the same organization' do
  13. let(:user) { create(:customer, organization: record) }
  14. it { is_expected.to permit_actions(%i[show]) }
  15. it { is_expected.to forbid_actions(%i[update]) }
  16. include_examples 'restricts fields', :show?
  17. end
  18. context 'when user is a customer without organization' do
  19. let(:user) { create(:customer) }
  20. it { is_expected.to forbid_actions(%i[show update]) }
  21. end
  22. context 'when user is an agent and customer' do
  23. let(:user) { create(:agent_and_customer, organization: record) }
  24. it { is_expected.to permit_actions(%i[show update]) }
  25. end
  26. context 'when user is an agent' do
  27. let(:user) { create(:agent) }
  28. it { is_expected.to permit_actions(%i[show update]) }
  29. end
  30. context 'when user is an admin' do
  31. let(:user) { create(:admin) }
  32. it { is_expected.to permit_actions(%i[show update]) }
  33. end
  34. end