effective_permission_spec.rb 3.6 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe KnowledgeBase::EffectivePermission do
  4. include_context 'basic Knowledge Base'
  5. describe '#access_effective' do
  6. let(:role_editor) { create(:role, permission_names: 'knowledge_base.editor') }
  7. let(:role_reader) { create(:role, permission_names: 'knowledge_base.reader') }
  8. let(:role_non_kb) { create(:role, :admin) }
  9. let(:user) { create(:user, roles: [role_editor, role_reader, role_non_kb]) }
  10. let(:user_editor) { create(:user, roles: [role_editor]) }
  11. let(:user_admin) { create(:admin) }
  12. let(:user_reader) { create(:user, roles: [role_reader]) }
  13. let(:user_nonkb) { create(:user, roles: [role_non_kb]) }
  14. let(:child_category) { create(:knowledge_base_category, parent: category) }
  15. it 'editor with no permissions defined returns editor' do
  16. expect(described_class.new(user_editor, category).access_effective).to eq 'editor'
  17. end
  18. it 'user with multiple permissions defined returns editor' do
  19. expect(described_class.new(user, category).access_effective).to eq 'editor'
  20. end
  21. it 'reader with no permissions defined returns reader' do
  22. expect(described_class.new(user_reader, category).access_effective).to eq 'reader'
  23. end
  24. it 'non-kb with no permissions defined returns none' do
  25. expect(described_class.new(user_nonkb, category).access_effective).to eq 'none'
  26. end
  27. it 'editor with both reader and editor permissions returns editor' do
  28. create_permission(role_reader, 'reader')
  29. create_permission(role_editor, 'editor')
  30. expect(described_class.new(user_admin, category).access_effective).to eq 'editor'
  31. end
  32. it 'editor with reader permission on parent category returns reader' do
  33. create_permission(role_editor, 'reader')
  34. expect(described_class.new(user_editor, child_category).access_effective).to eq 'reader'
  35. end
  36. it 'editor with reader permission on KB returns reader' do
  37. create_permission(role_editor, 'reader', permissionable: knowledge_base)
  38. expect(described_class.new(user_editor, category).access_effective).to eq 'reader'
  39. end
  40. it 'editor with reader permission on parent category but editor permission on category returns editor' do
  41. create_permission(role_editor, 'reader', permissionable: category)
  42. create_permission(role_editor, 'editor', permissionable: child_category)
  43. expect(described_class.new(user_editor, child_category).access_effective).to eq 'editor'
  44. end
  45. it 'editor with editor permission on parent category but reader permission on category returns reader' do
  46. create_permission(role_editor, 'editor', permissionable: category)
  47. create_permission(role_editor, 'reader', permissionable: child_category)
  48. expect(described_class.new(user_editor, child_category).access_effective).to eq 'reader'
  49. end
  50. it 'reader with reader and non-effective permissions returns reader' do
  51. create_permission(role_reader, 'reader')
  52. create_permission(role_editor, 'editor')
  53. expect(described_class.new(user_reader, category).access_effective).to eq 'reader'
  54. end
  55. it 'reader with no matching permissions returns reader' do
  56. create_permission(role_editor, 'editor')
  57. expect(described_class.new(user_reader, category).access_effective).to eq 'reader'
  58. end
  59. it 'retuns none when user not given' do
  60. expect(described_class.new(nil, category).access_effective).to eq 'none'
  61. end
  62. end
  63. def create_permission(role, access, permissionable: category)
  64. create(:knowledge_base_permission, role: role, permissionable: permissionable, access: access)
  65. end
  66. end