permission_test.rb 5.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170
  1. # encoding: utf-8
  2. require 'test_helper'
  3. class PermissionTest < ActiveSupport::TestCase
  4. test 'permission' do
  5. permissions = Permission.with_parents('some_key.sub_key')
  6. assert_equal('some_key', permissions[0])
  7. assert_equal('some_key.sub_key', permissions[1])
  8. assert_equal(2, permissions.count)
  9. end
  10. test 'user permission' do
  11. permission1 = Permission.create_or_update(
  12. name: 'admin.permission1',
  13. note: 'Admin Interface',
  14. preferences: {},
  15. active: true,
  16. )
  17. permission2 = Permission.create_or_update(
  18. name: 'admin.permission2',
  19. note: 'Admin Interface',
  20. preferences: {},
  21. active: true,
  22. )
  23. role_permission1 = Role.create_or_update(
  24. name: 'AdminPermission1',
  25. note: 'To configure your permission1.',
  26. preferences: {
  27. not: ['Customer'],
  28. },
  29. default_at_signup: false,
  30. updated_by_id: 1,
  31. created_by_id: 1,
  32. )
  33. role_permission1.permission_revoke('admin')
  34. role_permission1.permission_grand('admin.permission1')
  35. user_with_permission1 = User.create_or_update(
  36. login: 'setting-permission1',
  37. firstname: 'Setting',
  38. lastname: 'Admin Permission1',
  39. email: 'setting-admin-permission1@example.com',
  40. password: 'some_pw',
  41. active: true,
  42. roles: [role_permission1],
  43. updated_by_id: 1,
  44. created_by_id: 1,
  45. )
  46. assert_equal(true, user_with_permission1.permissions?('admin.permission1'))
  47. assert_equal(true, user_with_permission1.permissions?('admin.*'))
  48. assert_equal(false, user_with_permission1.permissions?('admi.*'))
  49. assert_equal(false, user_with_permission1.permissions?('admin.permission2'))
  50. assert_equal(false, user_with_permission1.permissions?('admin'))
  51. permission1.active = false
  52. permission1.save!
  53. assert_equal(false, user_with_permission1.permissions?('admin.permission1'))
  54. assert_equal(false, user_with_permission1.permissions?('admin.*'))
  55. assert_equal(false, user_with_permission1.permissions?('admi.*'))
  56. assert_equal(false, user_with_permission1.permissions?('admin.permission2'))
  57. assert_equal(false, user_with_permission1.permissions?('admin'))
  58. role_permission1.permission_grand('admin')
  59. assert_equal(false, user_with_permission1.permissions?('admin.permission1'))
  60. assert_equal(true, user_with_permission1.permissions?('admin.*'))
  61. assert_equal(false, user_with_permission1.permissions?('admi.*'))
  62. assert_equal(true, user_with_permission1.permissions?('admin.permission2'))
  63. assert_equal(true, user_with_permission1.permissions?('admin'))
  64. role_permission1.permission_revoke('admin')
  65. end
  66. test 'user permission with invalid role' do
  67. permission3 = Permission.create_or_update(
  68. name: 'admin.permission3',
  69. note: 'Admin Interface',
  70. preferences: {},
  71. active: true,
  72. )
  73. role_permission3 = Role.create_or_update(
  74. name: 'AdminPermission2',
  75. note: 'To configure your permission3.',
  76. preferences: {
  77. not: ['Customer'],
  78. },
  79. default_at_signup: false,
  80. active: true,
  81. updated_by_id: 1,
  82. created_by_id: 1,
  83. )
  84. role_permission3.permission_grand('admin.permission3')
  85. user_with_permission3 = User.create_or_update(
  86. login: 'setting-permission3',
  87. firstname: 'Setting',
  88. lastname: 'Admin Permission2',
  89. email: 'setting-admin-permission3@example.com',
  90. password: 'some_pw',
  91. active: true,
  92. roles: [role_permission3],
  93. updated_by_id: 1,
  94. created_by_id: 1,
  95. )
  96. assert_equal(true, user_with_permission3.permissions?('admin.permission3'))
  97. assert_equal(true, user_with_permission3.permissions?('admin.*'))
  98. assert_equal(false, user_with_permission3.permissions?('admi.*'))
  99. assert_equal(false, user_with_permission3.permissions?('admin.permission4'))
  100. assert_equal(false, user_with_permission3.permissions?('admin'))
  101. role_permission3.active = false
  102. role_permission3.save
  103. user_with_permission3.reload
  104. assert_equal(false, user_with_permission3.permissions?('admin.permission3'))
  105. assert_equal(false, user_with_permission3.permissions?('admin.*'))
  106. assert_equal(false, user_with_permission3.permissions?('admi.*'))
  107. assert_equal(false, user_with_permission3.permissions?('admin.permission4'))
  108. assert_equal(false, user_with_permission3.permissions?('admin'))
  109. end
  110. test 'user permission with childs' do
  111. permission1 = Permission.create_or_update(
  112. name: 'admin.permission_child1',
  113. note: 'Admin Interface',
  114. preferences: {},
  115. active: true,
  116. )
  117. permission2 = Permission.create_or_update(
  118. name: 'admin.permission_child2',
  119. note: 'Admin Interface',
  120. preferences: {},
  121. active: false,
  122. )
  123. role_permission1 = Role.create_or_update(
  124. name: 'AdminPermissionChild1',
  125. note: 'To configure your permission child1.',
  126. preferences: {
  127. not: ['Customer'],
  128. },
  129. default_at_signup: false,
  130. updated_by_id: 1,
  131. created_by_id: 1,
  132. )
  133. role_permission1.permission_grand('admin')
  134. user_with_permission1 = User.create_or_update(
  135. login: 'setting-permission-child1',
  136. firstname: 'Setting',
  137. lastname: 'Admin Permission Child1',
  138. email: 'setting-admin-permission-child1@example.com',
  139. password: 'some_pw',
  140. active: true,
  141. roles: [role_permission1],
  142. updated_by_id: 1,
  143. created_by_id: 1,
  144. )
  145. assert(user_with_permission1.permissions_with_child_ids.include?(permission1.id))
  146. assert_not(user_with_permission1.permissions_with_child_ids.include?(permission2.id))
  147. assert(user_with_permission1.permissions_with_child_ids.include?(Permission.find_by(name: 'admin').id))
  148. # cleanup
  149. user_with_permission1.destroy
  150. role_permission1.destroy
  151. end
  152. end