has_roles_examples.rb 7.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. RSpec.shared_examples 'HasRoles' do |group_access_factory:|
  3. context 'role' do
  4. subject { create(group_access_factory) }
  5. let(:role) { create(:role, :agent) }
  6. let(:group_instance) { create(:group) }
  7. let(:group_role) { create(:group) }
  8. let(:group_inactive) { create(:group, active: false) }
  9. describe '#role_access?' do
  10. it 'responds to role_access?' do
  11. expect(subject).to respond_to(:role_access?)
  12. end
  13. context 'active Role' do
  14. before do
  15. role.group_names_access_map = {
  16. group_role.name => 'read',
  17. }
  18. subject.roles.push(role)
  19. subject.save
  20. end
  21. context 'Group ID parameter' do
  22. include_examples '#role_access? call' do
  23. let(:group_parameter) { group_role.id }
  24. end
  25. end
  26. context 'Group parameter' do
  27. include_examples '#role_access? call' do
  28. let(:group_parameter) { group_role }
  29. end
  30. end
  31. it 'prevents inactive Group' do
  32. role.group_names_access_map = {
  33. group_inactive.name => 'read',
  34. }
  35. expect(subject.group_access?(group_inactive.id, 'read')).to be false
  36. end
  37. end
  38. it 'prevents inactive Role' do
  39. role_inactive = create(:role, active: false)
  40. role_inactive.group_names_access_map = {
  41. group_role.name => 'read',
  42. }
  43. subject.roles.push(role_inactive)
  44. subject.save
  45. expect(subject.group_access?(group_role.id, 'read')).to be false
  46. end
  47. end
  48. describe '.role_access_ids' do
  49. before do
  50. role.group_names_access_map = {
  51. group_role.name => 'read',
  52. }
  53. subject.roles.push(role)
  54. subject.save
  55. end
  56. it 'responds to role_access_ids' do
  57. expect(described_class).to respond_to(:role_access_ids)
  58. end
  59. it 'lists only active instance IDs' do
  60. subject.update!(active: false)
  61. role.group_names_access_map = {
  62. group_role.name => 'read',
  63. }
  64. subject.roles.push(role)
  65. subject.save
  66. subject.save
  67. result = described_class.role_access_ids(group_role.id, 'read')
  68. expect(result).not_to include(subject.id)
  69. end
  70. context 'Group ID parameter' do
  71. include_examples '.role_access_ids call' do
  72. let(:group_parameter) { group_role.id }
  73. end
  74. end
  75. context 'Group parameter' do
  76. include_examples '.role_access_ids call' do
  77. let(:group_parameter) { group_role }
  78. end
  79. end
  80. end
  81. describe 'group' do
  82. before do
  83. role.group_names_access_map = {
  84. group_role.name => 'read',
  85. }
  86. subject.roles.push(role)
  87. subject.save
  88. subject.group_names_access_map = {
  89. group_instance.name => 'read',
  90. }
  91. end
  92. describe '#group_access?' do
  93. it 'falls back to #role_access?' do
  94. expect(subject).to receive(:role_access?)
  95. subject.group_access?(group_role, 'read')
  96. end
  97. it "doesn't fall back to #role_access? if not needed" do
  98. expect(subject).not_to receive(:role_access?)
  99. subject.group_access?(group_instance, 'read')
  100. end
  101. end
  102. describe '#group_ids_access' do
  103. before do
  104. role.group_names_access_map = {
  105. group_role.name => 'read',
  106. }
  107. subject.roles.push(role)
  108. subject.save
  109. subject.group_names_access_map = {
  110. group_instance.name => 'read',
  111. }
  112. end
  113. it 'lists only active Group IDs' do
  114. role.group_names_access_map = {
  115. group_role.name => 'read',
  116. group_inactive.name => 'read',
  117. }
  118. result = subject.group_ids_access('read')
  119. expect(result).not_to include(group_inactive.id)
  120. end
  121. describe 'single access' do
  122. it 'lists access Group IDs' do
  123. result = subject.group_ids_access('read')
  124. expect(result).to include(group_role.id)
  125. end
  126. it "doesn't list for no access" do
  127. result = subject.group_ids_access('change')
  128. expect(result).not_to include(group_role.id)
  129. end
  130. it "doesn't contain duplicate IDs" do
  131. subject.group_names_access_map = {
  132. group_role.name => 'read',
  133. }
  134. result = subject.group_ids_access('read')
  135. expect(result.uniq).to eq(result)
  136. end
  137. end
  138. describe 'access list' do
  139. it 'lists access Group IDs' do
  140. result = subject.group_ids_access(%w[read change])
  141. expect(result).to include(group_role.id)
  142. end
  143. it "doesn't list for no access" do
  144. result = subject.group_ids_access(%w[change create])
  145. expect(result).not_to include(group_role.id)
  146. end
  147. it "doesn't contain duplicate IDs" do
  148. subject.group_names_access_map = {
  149. group_role.name => 'read',
  150. }
  151. result = subject.group_ids_access(%w[read create])
  152. expect(result.uniq).to eq(result)
  153. end
  154. end
  155. end
  156. describe '.group_access_ids' do
  157. it 'includes the result of .role_access_ids' do
  158. result = described_class.group_access_ids(group_role, 'read')
  159. expect(result).to include(subject.id)
  160. end
  161. it "doesn't contain duplicate IDs" do
  162. subject.group_names_access_map = {
  163. group_role.name => 'read',
  164. }
  165. result = described_class.group_access_ids(group_role, 'read')
  166. expect(result.uniq).to eq(result)
  167. end
  168. end
  169. end
  170. end
  171. end
  172. RSpec.shared_examples '#role_access? call' do
  173. context 'single access' do
  174. it 'checks positive' do
  175. expect(subject.role_access?(group_parameter, 'read')).to be true
  176. end
  177. it 'checks negative' do
  178. expect(subject.role_access?(group_parameter, 'change')).to be false
  179. end
  180. end
  181. context 'access list' do
  182. it 'checks positive' do
  183. expect(subject.role_access?(group_parameter, %w[read change])).to be true
  184. end
  185. it 'checks negative' do
  186. expect(subject.role_access?(group_parameter, %w[change create])).to be false
  187. end
  188. end
  189. end
  190. RSpec.shared_examples '.role_access_ids call' do
  191. context 'single access' do
  192. it 'lists access IDs' do
  193. expect(described_class.role_access_ids(group_parameter, 'read')).to include(subject.id)
  194. end
  195. it 'excludes non access IDs' do
  196. expect(described_class.role_access_ids(group_parameter, 'change')).not_to include(subject.id)
  197. end
  198. end
  199. context 'access list' do
  200. it 'lists access IDs' do
  201. expect(described_class.role_access_ids(group_parameter, %w[read change])).to include(subject.id)
  202. end
  203. it 'excludes non access IDs' do
  204. expect(described_class.role_access_ids(group_parameter, %w[change create])).not_to include(subject.id)
  205. end
  206. end
  207. end