overview_policy_spec.rb 2.2 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
  1. # Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. describe OverviewPolicy do
  4. subject { described_class.new(user, record) }
  5. let(:record_role) { create(:role) }
  6. let(:record) { create(:overview, roles: [record_role]) } # Make sure no default roles are assigned
  7. let(:user_role) { create(:role) }
  8. let(:user) { create(:user, roles: [user_role]) } # Make sure no default roles are assigned
  9. context 'with unassigned admin user' do
  10. let(:user) { create(:admin) }
  11. it { is_expected.to permit_actions(%i[show create update destroy]) }
  12. it { is_expected.to forbid_actions(%i[use]) }
  13. end
  14. context 'with assigned admin user' do
  15. let(:record) { create(:overview, roles: [Role.find_by(name: 'Admin')]) }
  16. let(:user) { create(:admin) }
  17. it { is_expected.to permit_actions(%i[use show create update destroy]) }
  18. end
  19. context 'with users assigned to the overview' do
  20. let(:other_user) { create(:user) }
  21. let(:record) { create(:overview, users: [other_user]) }
  22. context 'with user assigned via role, but not directly' do
  23. let(:record) { create(:overview, users: [other_user], roles: [user_role]) }
  24. it { is_expected.to forbid_actions(%i[use show create update destroy]) }
  25. end
  26. context 'with user assigned directly, but not also via role' do
  27. let(:other_user) { user }
  28. it { is_expected.to forbid_actions(%i[use show create update destroy]) }
  29. end
  30. context 'with user assigned directly, and also via role' do
  31. let(:record) { create(:overview, roles: [user_role], users: [user]) }
  32. it { is_expected.to permit_actions(%i[use show]) }
  33. it { is_expected.to forbid_actions(%i[create update destroy]) }
  34. end
  35. end
  36. context 'without users assigned to the overview' do
  37. context 'with user assigned via role' do
  38. let(:record) { create(:overview, roles: [user_role]) }
  39. it { is_expected.to permit_actions(%i[use show]) }
  40. it { is_expected.to forbid_actions(%i[create update destroy]) }
  41. end
  42. context 'with user not assigned via role' do
  43. it { is_expected.to forbid_actions(%i[use show create update destroy]) }
  44. end
  45. end
  46. end