12345678910111213141516171819202122232425262728293031323334353637 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- describe ChannelPolicy do
- subject(:policy) { described_class.new(user, record) }
- let(:record) { create(:channel, area: area) }
- let(:area) { 'Email::Account' }
- context 'when user is admin' do
- let(:user) { create(:admin) }
- it { is_expected.to permit_actions(:show, :create, :update, :destroy) }
- end
- context 'when user is not admin with limited channel permissions' do
- let(:role) { create(:role, permission_names: %w[admin.channel_email]) }
- let(:user) { create(:user, roles: [role]) }
- context 'when user permission matches record' do
- it { is_expected.to permit_actions(:show, :create, :update, :destroy) }
- end
- context 'when user permission does not match record' do
- let(:area) { 'Facebook::Account' }
- it { is_expected.to forbid_actions(:show, :create, :update, :destroy) }
- end
- end
- context 'when user is not admin' do
- let(:user) { create(:agent) }
- it { is_expected.to forbid_actions(:show, :create, :update, :destroy) }
- end
- end
|