12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- RSpec.describe KnowledgeBase::EffectivePermission do
- include_context 'basic Knowledge Base'
- describe '#access_effective' do
- let(:role_editor) { create(:role, permission_names: 'knowledge_base.editor') }
- let(:role_reader) { create(:role, permission_names: 'knowledge_base.reader') }
- let(:role_non_kb) { create(:role, :admin) }
- let(:user) { create(:user, roles: [role_editor, role_reader, role_non_kb]) }
- let(:user_editor) { create(:user, roles: [role_editor]) }
- let(:user_admin) { create(:admin) }
- let(:user_reader) { create(:user, roles: [role_reader]) }
- let(:user_nonkb) { create(:user, roles: [role_non_kb]) }
- let(:child_category) { create(:knowledge_base_category, parent: category) }
- it 'editor with no permissions defined returns editor' do
- expect(described_class.new(user_editor, category).access_effective).to eq 'editor'
- end
- it 'user with multiple permissions defined returns editor' do
- expect(described_class.new(user, category).access_effective).to eq 'editor'
- end
- it 'reader with no permissions defined returns reader' do
- expect(described_class.new(user_reader, category).access_effective).to eq 'reader'
- end
- it 'non-kb with no permissions defined returns none' do
- expect(described_class.new(user_nonkb, category).access_effective).to eq 'none'
- end
- it 'editor with both reader and editor permissions returns editor' do
- create_permission(role_reader, 'reader')
- create_permission(role_editor, 'editor')
- expect(described_class.new(user_admin, category).access_effective).to eq 'editor'
- end
- it 'editor with reader permission on parent category returns reader' do
- create_permission(role_editor, 'reader')
- expect(described_class.new(user_editor, child_category).access_effective).to eq 'reader'
- end
- it 'editor with reader permission on KB returns reader' do
- create_permission(role_editor, 'reader', permissionable: knowledge_base)
- expect(described_class.new(user_editor, category).access_effective).to eq 'reader'
- end
- it 'editor with reader permission on parent category but editor permission on category returns editor' do
- create_permission(role_editor, 'reader', permissionable: category)
- create_permission(role_editor, 'editor', permissionable: child_category)
- expect(described_class.new(user_editor, child_category).access_effective).to eq 'editor'
- end
- it 'editor with editor permission on parent category but reader permission on category returns reader' do
- create_permission(role_editor, 'editor', permissionable: category)
- create_permission(role_editor, 'reader', permissionable: child_category)
- expect(described_class.new(user_editor, child_category).access_effective).to eq 'reader'
- end
- it 'reader with reader and non-effective permissions returns reader' do
- create_permission(role_reader, 'reader')
- create_permission(role_editor, 'editor')
- expect(described_class.new(user_reader, category).access_effective).to eq 'reader'
- end
- it 'reader with no matching permissions returns reader' do
- create_permission(role_editor, 'editor')
- expect(described_class.new(user_reader, category).access_effective).to eq 'reader'
- end
- it 'retuns none when user not given' do
- expect(described_class.new(nil, category).access_effective).to eq 'none'
- end
- end
- def create_permission(role, access, permissionable: category)
- create(:knowledge_base_permission, role: role, permissionable: permissionable, access: access)
- end
- end
|