1
0

user_policy_spec.rb 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. require 'pundit/rspec'
  4. RSpec.describe UserPolicy do
  5. let(:subject) { described_class }
  6. let(:admin) { Fabricate(:user, admin: true).account }
  7. let(:john) { Fabricate(:user).account }
  8. permissions :reset_password?, :change_email? do
  9. context 'staff?' do
  10. context '!record.staff?' do
  11. it 'permits' do
  12. expect(subject).to permit(admin, john.user)
  13. end
  14. end
  15. context 'record.staff?' do
  16. it 'denies' do
  17. expect(subject).to_not permit(admin, admin.user)
  18. end
  19. end
  20. end
  21. context '!staff?' do
  22. it 'denies' do
  23. expect(subject).to_not permit(john, User)
  24. end
  25. end
  26. end
  27. permissions :disable_2fa? do
  28. context 'admin?' do
  29. context '!record.staff?' do
  30. it 'permits' do
  31. expect(subject).to permit(admin, john.user)
  32. end
  33. end
  34. context 'record.staff?' do
  35. it 'denies' do
  36. expect(subject).to_not permit(admin, admin.user)
  37. end
  38. end
  39. end
  40. context '!admin?' do
  41. it 'denies' do
  42. expect(subject).to_not permit(john, User)
  43. end
  44. end
  45. end
  46. permissions :confirm? do
  47. context 'staff?' do
  48. context '!record.confirmed?' do
  49. it 'permits' do
  50. john.user.update(confirmed_at: nil)
  51. expect(subject).to permit(admin, john.user)
  52. end
  53. end
  54. context 'record.confirmed?' do
  55. it 'denies' do
  56. john.user.confirm!
  57. expect(subject).to_not permit(admin, john.user)
  58. end
  59. end
  60. end
  61. context '!staff?' do
  62. it 'denies' do
  63. expect(subject).to_not permit(john, User)
  64. end
  65. end
  66. end
  67. permissions :enable? do
  68. context 'staff?' do
  69. it 'permits' do
  70. expect(subject).to permit(admin, User)
  71. end
  72. end
  73. context '!staff?' do
  74. it 'denies' do
  75. expect(subject).to_not permit(john, User)
  76. end
  77. end
  78. end
  79. permissions :disable? do
  80. context 'staff?' do
  81. context '!record.admin?' do
  82. it 'permits' do
  83. expect(subject).to permit(admin, john.user)
  84. end
  85. end
  86. context 'record.admin?' do
  87. it 'denies' do
  88. expect(subject).to_not permit(admin, admin.user)
  89. end
  90. end
  91. end
  92. context '!staff?' do
  93. it 'denies' do
  94. expect(subject).to_not permit(john, User)
  95. end
  96. end
  97. end
  98. permissions :promote? do
  99. context 'admin?' do
  100. context 'promoteable?' do
  101. it 'permits' do
  102. expect(subject).to permit(admin, john.user)
  103. end
  104. end
  105. context '!promoteable?' do
  106. it 'denies' do
  107. expect(subject).to_not permit(admin, admin.user)
  108. end
  109. end
  110. end
  111. context '!admin?' do
  112. it 'denies' do
  113. expect(subject).to_not permit(john, User)
  114. end
  115. end
  116. end
  117. permissions :demote? do
  118. context 'admin?' do
  119. context '!record.admin?' do
  120. context 'demoteable?' do
  121. it 'permits' do
  122. john.user.update(moderator: true)
  123. expect(subject).to permit(admin, john.user)
  124. end
  125. end
  126. context '!demoteable?' do
  127. it 'denies' do
  128. expect(subject).to_not permit(admin, john.user)
  129. end
  130. end
  131. end
  132. context 'record.admin?' do
  133. it 'denies' do
  134. expect(subject).to_not permit(admin, admin.user)
  135. end
  136. end
  137. end
  138. context '!admin?' do
  139. it 'denies' do
  140. expect(subject).to_not permit(john, User)
  141. end
  142. end
  143. end
  144. end