permission_test.rb 5.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169
  1. require 'test_helper'
  2. class PermissionTest < ActiveSupport::TestCase
  3. test 'permission' do
  4. permissions = Permission.with_parents('some_key.sub_key')
  5. assert_equal('some_key', permissions[0])
  6. assert_equal('some_key.sub_key', permissions[1])
  7. assert_equal(2, permissions.count)
  8. end
  9. test 'user permission' do
  10. permission1 = Permission.create_or_update(
  11. name: 'admin.permission1',
  12. note: 'Admin Interface',
  13. preferences: {},
  14. active: true,
  15. )
  16. permission2 = Permission.create_or_update(
  17. name: 'admin.permission2',
  18. note: 'Admin Interface',
  19. preferences: {},
  20. active: true,
  21. )
  22. role_permission1 = Role.create_or_update(
  23. name: 'AdminPermission1',
  24. note: 'To configure your permission1.',
  25. preferences: {
  26. not: ['Customer'],
  27. },
  28. default_at_signup: false,
  29. updated_by_id: 1,
  30. created_by_id: 1,
  31. )
  32. role_permission1.permission_revoke('admin')
  33. role_permission1.permission_grant('admin.permission1')
  34. user_with_permission1 = User.create_or_update(
  35. login: 'setting-permission1',
  36. firstname: 'Setting',
  37. lastname: 'Admin Permission1',
  38. email: 'setting-admin-permission1@example.com',
  39. password: 'some_pw',
  40. active: true,
  41. roles: [role_permission1],
  42. updated_by_id: 1,
  43. created_by_id: 1,
  44. )
  45. assert_equal(true, user_with_permission1.permissions?('admin.permission1'))
  46. assert_equal(true, user_with_permission1.permissions?('admin.*'))
  47. assert_equal(false, user_with_permission1.permissions?('admi.*'))
  48. assert_equal(false, user_with_permission1.permissions?('admin.permission2'))
  49. assert_equal(false, user_with_permission1.permissions?('admin'))
  50. permission1.active = false
  51. permission1.save!
  52. assert_equal(false, user_with_permission1.permissions?('admin.permission1'))
  53. assert_equal(false, user_with_permission1.permissions?('admin.*'))
  54. assert_equal(false, user_with_permission1.permissions?('admi.*'))
  55. assert_equal(false, user_with_permission1.permissions?('admin.permission2'))
  56. assert_equal(false, user_with_permission1.permissions?('admin'))
  57. role_permission1.permission_grant('admin')
  58. assert_equal(false, user_with_permission1.permissions?('admin.permission1'))
  59. assert_equal(true, user_with_permission1.permissions?('admin.*'))
  60. assert_equal(false, user_with_permission1.permissions?('admi.*'))
  61. assert_equal(true, user_with_permission1.permissions?('admin.permission2'))
  62. assert_equal(true, user_with_permission1.permissions?('admin'))
  63. role_permission1.permission_revoke('admin')
  64. end
  65. test 'user permission with invalid role' do
  66. permission3 = Permission.create_or_update(
  67. name: 'admin.permission3',
  68. note: 'Admin Interface',
  69. preferences: {},
  70. active: true,
  71. )
  72. role_permission3 = Role.create_or_update(
  73. name: 'AdminPermission2',
  74. note: 'To configure your permission3.',
  75. preferences: {
  76. not: ['Customer'],
  77. },
  78. default_at_signup: false,
  79. active: true,
  80. updated_by_id: 1,
  81. created_by_id: 1,
  82. )
  83. role_permission3.permission_grant('admin.permission3')
  84. user_with_permission3 = User.create_or_update(
  85. login: 'setting-permission3',
  86. firstname: 'Setting',
  87. lastname: 'Admin Permission2',
  88. email: 'setting-admin-permission3@example.com',
  89. password: 'some_pw',
  90. active: true,
  91. roles: [role_permission3],
  92. updated_by_id: 1,
  93. created_by_id: 1,
  94. )
  95. assert_equal(true, user_with_permission3.permissions?('admin.permission3'))
  96. assert_equal(true, user_with_permission3.permissions?('admin.*'))
  97. assert_equal(false, user_with_permission3.permissions?('admi.*'))
  98. assert_equal(false, user_with_permission3.permissions?('admin.permission4'))
  99. assert_equal(false, user_with_permission3.permissions?('admin'))
  100. role_permission3.active = false
  101. role_permission3.save
  102. user_with_permission3.reload
  103. assert_equal(false, user_with_permission3.permissions?('admin.permission3'))
  104. assert_equal(false, user_with_permission3.permissions?('admin.*'))
  105. assert_equal(false, user_with_permission3.permissions?('admi.*'))
  106. assert_equal(false, user_with_permission3.permissions?('admin.permission4'))
  107. assert_equal(false, user_with_permission3.permissions?('admin'))
  108. end
  109. test 'user permission with childs' do
  110. permission1 = Permission.create_or_update(
  111. name: 'admin.permission_child1',
  112. note: 'Admin Interface',
  113. preferences: {},
  114. active: true,
  115. )
  116. permission2 = Permission.create_or_update(
  117. name: 'admin.permission_child2',
  118. note: 'Admin Interface',
  119. preferences: {},
  120. active: false,
  121. )
  122. role_permission1 = Role.create_or_update(
  123. name: 'AdminPermissionChild1',
  124. note: 'To configure your permission child1.',
  125. preferences: {
  126. not: ['Customer'],
  127. },
  128. default_at_signup: false,
  129. updated_by_id: 1,
  130. created_by_id: 1,
  131. )
  132. role_permission1.permission_grant('admin')
  133. user_with_permission1 = User.create_or_update(
  134. login: 'setting-permission-child1',
  135. firstname: 'Setting',
  136. lastname: 'Admin Permission Child1',
  137. email: 'setting-admin-permission-child1@example.com',
  138. password: 'some_pw',
  139. active: true,
  140. roles: [role_permission1],
  141. updated_by_id: 1,
  142. created_by_id: 1,
  143. )
  144. assert(user_with_permission1.permissions_with_child_ids.include?(permission1.id))
  145. assert_not(user_with_permission1.permissions_with_child_ids.include?(permission2.id))
  146. assert(user_with_permission1.permissions_with_child_ids.include?(Permission.find_by(name: 'admin').id))
  147. # cleanup
  148. user_with_permission1.destroy
  149. role_permission1.destroy
  150. end
  151. end