token_policy_spec.rb 780 B

123456789101112131415161718192021222324252627282930
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. describe TokenPolicy do
  4. subject(:token_policy) { described_class.new(user, record) }
  5. context 'when token is visible in frontend' do
  6. let(:record) { create(:token) }
  7. context 'when token is owned by the same user' do
  8. let(:user) { record.user }
  9. it { is_expected.to permit_action(:destroy) }
  10. end
  11. context 'when token is owned by another user' do
  12. let(:user) { create(:user) }
  13. it { is_expected.to forbid_action(:destroy) }
  14. end
  15. end
  16. context 'when token is not visible in frontend' do
  17. let(:record) { create(:token, action: :nonapi) }
  18. let(:user) { record.user }
  19. it { is_expected.to forbid_action(:destroy) }
  20. end
  21. end