has_roles_examples.rb 6.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267
  1. RSpec.shared_examples 'HasRoles' do |group_access_factory:|
  2. context 'role' do
  3. subject { create(group_access_factory) }
  4. let(:role) { create(:role) }
  5. let(:group_instance) { create(:group) }
  6. let(:group_role) { create(:group) }
  7. let(:group_inactive) { create(:group, active: false) }
  8. describe '#role_access?' do
  9. it 'responds to role_access?' do
  10. expect(subject).to respond_to(:role_access?)
  11. end
  12. context 'active Role' do
  13. before do
  14. role.group_names_access_map = {
  15. group_role.name => 'read',
  16. }
  17. subject.roles.push(role)
  18. subject.save
  19. end
  20. context 'Group ID parameter' do
  21. include_examples '#role_access? call' do
  22. let(:group_parameter) { group_role.id }
  23. end
  24. end
  25. context 'Group parameter' do
  26. include_examples '#role_access? call' do
  27. let(:group_parameter) { group_role }
  28. end
  29. end
  30. it 'prevents inactive Group' do
  31. role.group_names_access_map = {
  32. group_inactive.name => 'read',
  33. }
  34. expect(subject.group_access?(group_inactive.id, 'read')).to be false
  35. end
  36. end
  37. it 'prevents inactive Role' do
  38. role_inactive = create(:role, active: false)
  39. role_inactive.group_names_access_map = {
  40. group_role.name => 'read',
  41. }
  42. subject.roles.push(role_inactive)
  43. subject.save
  44. expect(subject.group_access?(group_role.id, 'read')).to be false
  45. end
  46. end
  47. describe '.role_access_ids' do
  48. before do
  49. role.group_names_access_map = {
  50. group_role.name => 'read',
  51. }
  52. subject.roles.push(role)
  53. subject.save
  54. end
  55. it 'responds to role_access_ids' do
  56. expect(described_class).to respond_to(:role_access_ids)
  57. end
  58. it 'lists only active instance IDs' do
  59. subject.update!(active: false)
  60. role.group_names_access_map = {
  61. group_role.name => 'read',
  62. }
  63. subject.roles.push(role)
  64. subject.save
  65. subject.save
  66. result = described_class.role_access_ids(group_role.id, 'read')
  67. expect(result).not_to include(subject.id)
  68. end
  69. context 'Group ID parameter' do
  70. include_examples '.role_access_ids call' do
  71. let(:group_parameter) { group_role.id }
  72. end
  73. end
  74. context 'Group parameter' do
  75. include_examples '.role_access_ids call' do
  76. let(:group_parameter) { group_role }
  77. end
  78. end
  79. end
  80. context 'group' do
  81. before do
  82. role.group_names_access_map = {
  83. group_role.name => 'read',
  84. }
  85. subject.roles.push(role)
  86. subject.save
  87. subject.group_names_access_map = {
  88. group_instance.name => 'read',
  89. }
  90. end
  91. describe '#group_access?' do
  92. it 'falls back to #role_access?' do
  93. expect(subject).to receive(:role_access?)
  94. subject.group_access?(group_role, 'read')
  95. end
  96. it "doesn't fall back to #role_access? if not needed" do
  97. expect(subject).not_to receive(:role_access?)
  98. subject.group_access?(group_instance, 'read')
  99. end
  100. end
  101. describe '#group_ids_access' do
  102. before do
  103. role.group_names_access_map = {
  104. group_role.name => 'read',
  105. }
  106. subject.roles.push(role)
  107. subject.save
  108. subject.group_names_access_map = {
  109. group_instance.name => 'read',
  110. }
  111. end
  112. it 'lists only active Group IDs' do
  113. role.group_names_access_map = {
  114. group_role.name => 'read',
  115. group_inactive.name => 'read',
  116. }
  117. result = subject.group_ids_access('read')
  118. expect(result).not_to include(group_inactive.id)
  119. end
  120. context 'single access' do
  121. it 'lists access Group IDs' do
  122. result = subject.group_ids_access('read')
  123. expect(result).to include(group_role.id)
  124. end
  125. it "doesn't list for no access" do
  126. result = subject.group_ids_access('change')
  127. expect(result).not_to include(group_role.id)
  128. end
  129. it "doesn't contain duplicate IDs" do
  130. subject.group_names_access_map = {
  131. group_role.name => 'read',
  132. }
  133. result = subject.group_ids_access('read')
  134. expect(result.uniq).to eq(result)
  135. end
  136. end
  137. context 'access list' do
  138. it 'lists access Group IDs' do
  139. result = subject.group_ids_access(%w[read change])
  140. expect(result).to include(group_role.id)
  141. end
  142. it "doesn't list for no access" do
  143. result = subject.group_ids_access(%w[change create])
  144. expect(result).not_to include(group_role.id)
  145. end
  146. it "doesn't contain duplicate IDs" do
  147. subject.group_names_access_map = {
  148. group_role.name => 'read',
  149. }
  150. result = subject.group_ids_access(%w[read create])
  151. expect(result.uniq).to eq(result)
  152. end
  153. end
  154. end
  155. describe '.group_access_ids' do
  156. it 'includes the result of .role_access_ids' do
  157. result = described_class.group_access_ids(group_role, 'read')
  158. expect(result).to include(subject.id)
  159. end
  160. it "doesn't contain duplicate IDs" do
  161. subject.group_names_access_map = {
  162. group_role.name => 'read',
  163. }
  164. result = described_class.group_access_ids(group_role, 'read')
  165. expect(result.uniq).to eq(result)
  166. end
  167. end
  168. end
  169. end
  170. end
  171. RSpec.shared_examples '#role_access? call' do
  172. context 'single access' do
  173. it 'checks positive' do
  174. expect(subject.role_access?(group_parameter, 'read')).to be true
  175. end
  176. it 'checks negative' do
  177. expect(subject.role_access?(group_parameter, 'change')).to be false
  178. end
  179. end
  180. context 'access list' do
  181. it 'checks positive' do
  182. expect(subject.role_access?(group_parameter, %w[read change])).to be true
  183. end
  184. it 'checks negative' do
  185. expect(subject.role_access?(group_parameter, %w[change create])).to be false
  186. end
  187. end
  188. end
  189. RSpec.shared_examples '.role_access_ids call' do
  190. context 'single access' do
  191. it 'lists access IDs' do
  192. expect(described_class.role_access_ids(group_parameter, 'read')).to include(subject.id)
  193. end
  194. it 'excludes non access IDs' do
  195. expect(described_class.role_access_ids(group_parameter, 'change')).not_to include(subject.id)
  196. end
  197. end
  198. context 'access list' do
  199. it 'lists access IDs' do
  200. expect(described_class.role_access_ids(group_parameter, %w[read change])).to include(subject.id)
  201. end
  202. it 'excludes non access IDs' do
  203. expect(described_class.role_access_ids(group_parameter, %w[change create])).not_to include(subject.id)
  204. end
  205. end
  206. end