package_spec.rb 2.3 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe 'Packages', type: :request do
  4. let(:admin) do
  5. create(:admin)
  6. end
  7. let(:agent) do
  8. create(:agent)
  9. end
  10. let(:customer) do
  11. create(:customer)
  12. end
  13. describe 'request handling' do
  14. it 'does packages index with nobody' do
  15. get '/api/v1/packages', as: :json
  16. expect(response).to have_http_status(:forbidden)
  17. expect(json_response).to be_a(Hash)
  18. expect(json_response['packages']).to be_falsey
  19. expect(json_response['error']).to eq('Authentication required')
  20. end
  21. it 'does packages index with admin' do
  22. authenticated_as(admin)
  23. get '/api/v1/packages', as: :json
  24. expect(response).to have_http_status(:ok)
  25. expect(json_response).to be_a(Hash)
  26. expect(json_response['packages']).to be_truthy
  27. end
  28. it 'does packages index with admin and wrong pw' do
  29. authenticated_as(admin, password: 'wrongadminpw')
  30. get '/api/v1/packages', as: :json
  31. expect(response).to have_http_status(:unauthorized)
  32. expect(json_response).to be_a(Hash)
  33. expect(json_response['error']).to eq('Invalid BasicAuth credentials')
  34. end
  35. it 'does packages index with inactive admin' do
  36. admin = create(:admin, active: false, password: 'we need a password here')
  37. authenticated_as(admin, password: 'wrong password')
  38. get '/api/v1/packages', as: :json
  39. expect(response).to have_http_status(:unauthorized)
  40. expect(json_response).to be_a(Hash)
  41. expect(json_response['error']).to eq('Invalid BasicAuth credentials')
  42. end
  43. it 'does packages index with agent' do
  44. authenticated_as(agent)
  45. get '/api/v1/packages', as: :json
  46. expect(response).to have_http_status(:forbidden)
  47. expect(json_response).to be_a(Hash)
  48. expect(json_response['packages']).to be_falsey
  49. expect(json_response['error']).to eq('Not authorized (user)!')
  50. end
  51. it 'does packages index with customer' do
  52. authenticated_as(customer)
  53. get '/api/v1/packages', as: :json
  54. expect(response).to have_http_status(:forbidden)
  55. expect(json_response).to be_a(Hash)
  56. expect(json_response['packages']).to be_falsey
  57. expect(json_response['error']).to eq('Not authorized (user)!')
  58. end
  59. end
  60. end