| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 |
- # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- describe OrganizationPolicy do
- subject(:organization_policy) { described_class.new(user, record) }
- let(:record) { create(:organization) }
- shared_examples 'restricts fields' do |method|
- it "restricts fields for #{method}", :aggregate_failures do
- expect(organization_policy.public_send(method)).to permit_fields(%i[id name active])
- expect(organization_policy.public_send(method)).to forbid_fields(%i[shared domain note])
- end
- end
- context 'when user is a customer in the same organization' do
- let(:user) { create(:customer, organization: record) }
- it { is_expected.to permit_actions(%i[show]) }
- it { is_expected.to forbid_actions(%i[update]) }
- include_examples 'restricts fields', :show?
- end
- context 'when user is a customer without organization' do
- let(:user) { create(:customer) }
- it { is_expected.to forbid_actions(%i[show update]) }
- end
- context 'when user is an agent and customer' do
- let(:user) { create(:agent_and_customer, organization: record) }
- it { is_expected.to permit_actions(%i[show update]) }
- end
- context 'when user is an agent' do
- let(:user) { create(:agent) }
- it { is_expected.to permit_actions(%i[show update]) }
- end
- context 'when user is an admin' do
- let(:user) { create(:admin) }
- it { is_expected.to permit_actions(%i[show update]) }
- end
- end
|
