12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- describe StorePolicy do
- subject { described_class.new(user, record) }
- include_context 'basic Knowledge Base'
- let(:record_class) { Store }
- let(:object) { create(:knowledge_base_answer, visibility, :with_attachment, category: category) }
- let(:record) do
- record_class.create!(object: object.class.to_s, o_id: object.id, filename: 'test', data: 'test')
- end
- context 'without a user' do
- let(:user) { nil }
- context 'with published object' do
- let(:visibility) { :published }
- it { is_expected.to permit_actions :show }
- it { is_expected.to forbid_actions :destroy }
- end
- context 'with private object' do
- let(:visibility) { :internal }
- it { is_expected.to forbid_actions :show, :destroy }
- end
- end
- context 'with a user' do
- context 'with full access' do
- let(:user) { create(:admin) }
- let(:visibility) { :published }
- it { is_expected.to permit_actions :show, :destroy }
- end
- context 'with limited access' do
- let(:user) { create(:agent) }
- let(:visibility) { :internal }
- it { is_expected.to permit_actions :show }
- it { is_expected.to forbid_actions :destroy }
- end
- context 'without access' do
- let(:user) { create(:agent) }
- let(:visibility) { :draft }
- it { is_expected.to forbid_actions :show, :destroy }
- end
- context 'with object that does not have a policy' do
- let(:record) { create(:store, object: 'NonExistingObject') }
- let(:user) { create(:admin) }
- it { is_expected.to forbid_actions :show, :destroy }
- end
- end
- end
|