roles_controller_spec.rb 7.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. describe Admin::RolesController do
  4. render_views
  5. let(:permissions) { UserRole::Flags::NONE }
  6. let(:current_role) { UserRole.create(name: 'Foo', permissions: permissions, position: 10) }
  7. let(:current_user) { Fabricate(:user, role: current_role) }
  8. before do
  9. sign_in current_user, scope: :user
  10. end
  11. describe 'GET #index' do
  12. before do
  13. get :index
  14. end
  15. context 'when user does not have permission to manage roles' do
  16. it 'returns http forbidden' do
  17. expect(response).to have_http_status(403)
  18. end
  19. end
  20. context 'when user has permission to manage roles' do
  21. let(:permissions) { UserRole::FLAGS[:manage_roles] }
  22. it 'returns http success' do
  23. expect(response).to have_http_status(:success)
  24. end
  25. end
  26. end
  27. describe 'GET #new' do
  28. before do
  29. get :new
  30. end
  31. context 'when user does not have permission to manage roles' do
  32. it 'returns http forbidden' do
  33. expect(response).to have_http_status(403)
  34. end
  35. end
  36. context 'when user has permission to manage roles' do
  37. let(:permissions) { UserRole::FLAGS[:manage_roles] }
  38. it 'returns http success' do
  39. expect(response).to have_http_status(:success)
  40. end
  41. end
  42. end
  43. describe 'POST #create' do
  44. let(:selected_position) { 1 }
  45. let(:selected_permissions_as_keys) { %w(manage_roles) }
  46. before do
  47. post :create, params: { user_role: { name: 'Bar', position: selected_position, permissions_as_keys: selected_permissions_as_keys } }
  48. end
  49. context 'when user has permission to manage roles' do
  50. let(:permissions) { UserRole::FLAGS[:manage_roles] }
  51. context 'when new role\'s does not elevate above the user\'s role' do
  52. let(:selected_position) { 1 }
  53. let(:selected_permissions_as_keys) { %w(manage_roles) }
  54. it 'redirects to roles page' do
  55. expect(response).to redirect_to(admin_roles_path)
  56. end
  57. it 'creates new role' do
  58. expect(UserRole.find_by(name: 'Bar')).to_not be_nil
  59. end
  60. end
  61. context 'when new role\'s position is higher than user\'s role' do
  62. let(:selected_position) { 100 }
  63. let(:selected_permissions_as_keys) { %w(manage_roles) }
  64. it 'renders new template' do
  65. expect(response).to render_template(:new)
  66. end
  67. it 'does not create new role' do
  68. expect(UserRole.find_by(name: 'Bar')).to be_nil
  69. end
  70. end
  71. context 'when new role has permissions the user does not have' do
  72. let(:selected_position) { 1 }
  73. let(:selected_permissions_as_keys) { %w(manage_roles manage_users manage_reports) }
  74. it 'renders new template' do
  75. expect(response).to render_template(:new)
  76. end
  77. it 'does not create new role' do
  78. expect(UserRole.find_by(name: 'Bar')).to be_nil
  79. end
  80. end
  81. context 'when user has administrator permission' do
  82. let(:permissions) { UserRole::FLAGS[:administrator] }
  83. let(:selected_position) { 1 }
  84. let(:selected_permissions_as_keys) { %w(manage_roles manage_users manage_reports) }
  85. it 'redirects to roles page' do
  86. expect(response).to redirect_to(admin_roles_path)
  87. end
  88. it 'creates new role' do
  89. expect(UserRole.find_by(name: 'Bar')).to_not be_nil
  90. end
  91. end
  92. end
  93. end
  94. describe 'GET #edit' do
  95. let(:role_position) { 8 }
  96. let(:role) { UserRole.create(name: 'Bar', permissions: UserRole::FLAGS[:manage_users], position: role_position) }
  97. before do
  98. get :edit, params: { id: role.id }
  99. end
  100. context 'when user does not have permission to manage roles' do
  101. it 'returns http forbidden' do
  102. expect(response).to have_http_status(403)
  103. end
  104. end
  105. context 'when user has permission to manage roles' do
  106. let(:permissions) { UserRole::FLAGS[:manage_roles] }
  107. context 'when user outranks the role' do
  108. it 'returns http success' do
  109. expect(response).to have_http_status(:success)
  110. end
  111. end
  112. context 'when role outranks user' do
  113. let(:role_position) { current_role.position + 1 }
  114. it 'returns http forbidden' do
  115. expect(response).to have_http_status(403)
  116. end
  117. end
  118. end
  119. end
  120. describe 'PUT #update' do
  121. let(:role_position) { 8 }
  122. let(:role_permissions) { UserRole::FLAGS[:manage_users] }
  123. let(:role) { UserRole.create(name: 'Bar', permissions: role_permissions, position: role_position) }
  124. let(:selected_position) { 8 }
  125. let(:selected_permissions_as_keys) { %w(manage_users) }
  126. before do
  127. put :update, params: { id: role.id, user_role: { name: 'Baz', position: selected_position, permissions_as_keys: selected_permissions_as_keys } }
  128. end
  129. context 'when user does not have permission to manage roles' do
  130. it 'returns http forbidden' do
  131. expect(response).to have_http_status(403)
  132. end
  133. it 'does not update the role' do
  134. expect(role.reload.name).to eq 'Bar'
  135. end
  136. end
  137. context 'when user has permission to manage roles' do
  138. let(:permissions) { UserRole::FLAGS[:manage_roles] }
  139. context 'when role has permissions the user doesn\'t' do
  140. it 'renders edit template' do
  141. expect(response).to render_template(:edit)
  142. end
  143. it 'does not update the role' do
  144. expect(role.reload.name).to eq 'Bar'
  145. end
  146. end
  147. context 'when user has all permissions of the role' do
  148. let(:permissions) { UserRole::FLAGS[:manage_roles] | UserRole::FLAGS[:manage_users] }
  149. context 'when user outranks the role' do
  150. it 'redirects to roles page' do
  151. expect(response).to redirect_to(admin_roles_path)
  152. end
  153. it 'updates the role' do
  154. expect(role.reload.name).to eq 'Baz'
  155. end
  156. end
  157. context 'when role outranks user' do
  158. let(:role_position) { current_role.position + 1 }
  159. it 'returns http forbidden' do
  160. expect(response).to have_http_status(403)
  161. end
  162. it 'does not update the role' do
  163. expect(role.reload.name).to eq 'Bar'
  164. end
  165. end
  166. end
  167. end
  168. end
  169. describe 'DELETE #destroy' do
  170. let(:role_position) { 8 }
  171. let(:role) { UserRole.create(name: 'Bar', permissions: UserRole::FLAGS[:manage_users], position: role_position) }
  172. before do
  173. delete :destroy, params: { id: role.id }
  174. end
  175. context 'when user does not have permission to manage roles' do
  176. it 'returns http forbidden' do
  177. expect(response).to have_http_status(403)
  178. end
  179. end
  180. context 'when user has permission to manage roles' do
  181. let(:permissions) { UserRole::FLAGS[:manage_roles] }
  182. context 'when user outranks the role' do
  183. it 'redirects to roles page' do
  184. expect(response).to redirect_to(admin_roles_path)
  185. end
  186. end
  187. context 'when role outranks user' do
  188. let(:role_position) { current_role.position + 1 }
  189. it 'returns http forbidden' do
  190. expect(response).to have_http_status(403)
  191. end
  192. end
  193. end
  194. end
  195. end