123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201 |
- # Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- describe UserPolicy do
- subject { described_class.new(user, record) }
- context 'when user is an admin' do
- let(:user) { create(:user, roles: [partial_admin_role]) }
- context 'with "admin.user" privileges' do
- let(:partial_admin_role) do
- create(:role).tap { |role| role.permission_grant('admin.user') }
- end
- context 'wants to read, change, or delete any user' do
- context 'when record is an admin user' do
- let(:record) { create(:admin) }
- it { is_expected.to permit_actions(%i[show update destroy]) }
- end
- context 'when record is an agent user' do
- let(:record) { create(:agent) }
- it { is_expected.to permit_actions(%i[show update destroy]) }
- end
- context 'when record is a customer user' do
- let(:record) { create(:customer) }
- it { is_expected.to permit_actions(%i[show update destroy]) }
- end
- context 'when record is any user' do
- let(:record) { create(:user) }
- it { is_expected.to permit_actions(%i[show update destroy]) }
- end
- context 'when record is the same user' do
- let(:record) { user }
- it { is_expected.to permit_actions(%i[show update destroy]) }
- end
- end
- end
- context 'without "admin.user" privileges' do
- let(:partial_admin_role) do
- create(:role).tap { |role| role.permission_grant('admin.tag') }
- end
- context 'when record is an admin user' do
- let(:record) { create(:admin) }
- it { is_expected.to permit_action(:show) }
- it { is_expected.to forbid_actions(%i[update destroy]) }
- end
- context 'when record is an agent user' do
- let(:record) { create(:agent) }
- it { is_expected.to permit_action(:show) }
- it { is_expected.to forbid_actions(%i[update destroy]) }
- end
- context 'when record is a customer user' do
- let(:record) { create(:customer) }
- it { is_expected.to permit_action(:show) }
- it { is_expected.to forbid_actions(%i[update destroy]) }
- end
- context 'when record is any user' do
- let(:record) { create(:user) }
- it { is_expected.to permit_action(:show) }
- it { is_expected.to forbid_actions(%i[update destroy]) }
- end
- context 'when record is the same user' do
- let(:record) { user }
- it { is_expected.to permit_action(:show) }
- it { is_expected.to forbid_actions(%i[update destroy]) }
- end
- end
- end
- context 'when user is an agent' do
- let(:user) { create(:agent) }
- context 'when record is an admin user' do
- let(:record) { create(:admin) }
- it { is_expected.to permit_action(:show) }
- it { is_expected.to forbid_actions(%i[update destroy]) }
- end
- context 'when record is an agent user' do
- let(:record) { create(:agent) }
- it { is_expected.to permit_action(:show) }
- it { is_expected.to forbid_actions(%i[update destroy]) }
- end
- context 'when record is a customer user' do
- let(:record) { create(:customer) }
- it { is_expected.to permit_actions(%i[show update]) }
- it { is_expected.to forbid_action(:destroy) }
- end
- context 'when record is any user' do
- let(:record) { create(:user) }
- it { is_expected.to permit_actions(%i[show update]) }
- it { is_expected.to forbid_action(:destroy) }
- end
- context 'when record is the same user' do
- let(:record) { user }
- it { is_expected.to permit_action(:show) }
- it { is_expected.to forbid_actions(%i[update destroy]) }
- end
- context 'when record is both admin and customer' do
- let(:record) { create(:customer, role_ids: Role.signup_role_ids.push(Role.find_by(name: 'Admin').id)) }
- it { is_expected.to permit_action(:show) }
- it { is_expected.to forbid_actions(%i[update destroy]) }
- end
- context 'when record is both agent and customer' do
- let(:record) { create(:customer, role_ids: Role.signup_role_ids.push(Role.find_by(name: 'Agent').id)) }
- it { is_expected.to permit_action(:show) }
- it { is_expected.to forbid_actions(%i[update destroy]) }
- end
- end
- context 'when user is a customer' do
- let(:user) { create(:customer) }
- context 'when record is an admin user' do
- let(:record) { create(:admin) }
- it { is_expected.to forbid_actions(%i[show update destroy]) }
- end
- context 'when record is an agent user' do
- let(:record) { create(:agent) }
- it { is_expected.to forbid_actions(%i[show update destroy]) }
- end
- context 'when record is a customer user' do
- let(:record) { create(:customer) }
- it { is_expected.to forbid_actions(%i[show update destroy]) }
- end
- context 'when record is any user' do
- let(:record) { create(:user) }
- it { is_expected.to forbid_actions(%i[show update destroy]) }
- end
- context 'when record is a colleague' do
- let(:user) { create(:customer, :with_org) }
- let(:record) { create(:customer, organization: user.organization) }
- it { is_expected.to permit_action(:show) }
- it { is_expected.to forbid_actions(%i[update destroy]) }
- end
- context 'when record is the same user' do
- let(:record) { user }
- it { is_expected.to permit_action(:show) }
- it { is_expected.to forbid_actions(%i[update destroy]) }
- end
- context 'when record is both admin and customer' do
- let(:record) { create(:customer, role_ids: Role.signup_role_ids.push(Role.find_by(name: 'Admin').id)) }
- it { is_expected.to forbid_actions(%i[show update destroy]) }
- end
- context 'when record is both agent and customer' do
- let(:record) { create(:customer, role_ids: Role.signup_role_ids.push(Role.find_by(name: 'Agent').id)) }
- it { is_expected.to forbid_actions(%i[show update destroy]) }
- end
- end
- end
|