user_policy_spec.rb 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. require 'pundit/rspec'
  4. RSpec.describe UserPolicy do
  5. let(:subject) { described_class }
  6. let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
  7. let(:john) { Fabricate(:account) }
  8. permissions :reset_password?, :change_email? do
  9. context 'staff?' do
  10. context '!record.staff?' do
  11. it 'permits' do
  12. expect(subject).to permit(admin, john.user)
  13. end
  14. end
  15. context 'record.staff?' do
  16. it 'denies' do
  17. expect(subject).to_not permit(admin, admin.user)
  18. end
  19. end
  20. end
  21. context '!staff?' do
  22. it 'denies' do
  23. expect(subject).to_not permit(john, User)
  24. end
  25. end
  26. end
  27. permissions :disable_2fa? do
  28. context 'admin?' do
  29. context '!record.staff?' do
  30. it 'permits' do
  31. expect(subject).to permit(admin, john.user)
  32. end
  33. end
  34. context 'record.staff?' do
  35. it 'denies' do
  36. expect(subject).to_not permit(admin, admin.user)
  37. end
  38. end
  39. end
  40. context '!admin?' do
  41. it 'denies' do
  42. expect(subject).to_not permit(john, User)
  43. end
  44. end
  45. end
  46. permissions :confirm? do
  47. context 'staff?' do
  48. context '!record.confirmed?' do
  49. it 'permits' do
  50. john.user.update(confirmed_at: nil)
  51. expect(subject).to permit(admin, john.user)
  52. end
  53. end
  54. context 'record.confirmed?' do
  55. it 'denies' do
  56. john.user.confirm!
  57. expect(subject).to_not permit(admin, john.user)
  58. end
  59. end
  60. end
  61. context '!staff?' do
  62. it 'denies' do
  63. expect(subject).to_not permit(john, User)
  64. end
  65. end
  66. end
  67. permissions :enable? do
  68. context 'staff?' do
  69. it 'permits' do
  70. expect(subject).to permit(admin, User)
  71. end
  72. end
  73. context '!staff?' do
  74. it 'denies' do
  75. expect(subject).to_not permit(john, User)
  76. end
  77. end
  78. end
  79. permissions :disable? do
  80. context 'staff?' do
  81. context '!record.admin?' do
  82. it 'permits' do
  83. expect(subject).to permit(admin, john.user)
  84. end
  85. end
  86. context 'record.admin?' do
  87. it 'denies' do
  88. expect(subject).to_not permit(admin, admin.user)
  89. end
  90. end
  91. end
  92. context '!staff?' do
  93. it 'denies' do
  94. expect(subject).to_not permit(john, User)
  95. end
  96. end
  97. end
  98. end