2014-08-30 17:38:47 +00:00
|
|
|
require 'rails_helper'
|
2014-07-05 12:59:42 +00:00
|
|
|
|
|
|
|
|
describe AsciicastPolicy do
|
|
|
|
|
|
2015-05-15 19:13:37 +00:00
|
|
|
describe AsciicastPolicy::Scope do
|
|
|
|
|
let(:policy_scope) { AsciicastPolicy::Scope.new(user, Asciicast.all) }
|
|
|
|
|
|
|
|
|
|
subject { policy_scope.resolve }
|
|
|
|
|
|
|
|
|
|
let!(:asciicast_1) { create(:asciicast, private: false) }
|
|
|
|
|
let!(:asciicast_2) { create(:asciicast, private: true) }
|
|
|
|
|
|
|
|
|
|
context "when user is not admin" do
|
|
|
|
|
let(:user) { double(:user, admin?: false) }
|
|
|
|
|
|
|
|
|
|
it { should eq([asciicast_1]) }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context "when user is admin" do
|
|
|
|
|
let(:user) { double(:user, admin?: true) }
|
|
|
|
|
|
|
|
|
|
it { should eq([asciicast_1, asciicast_2]) }
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2014-07-05 12:59:42 +00:00
|
|
|
subject { described_class }
|
|
|
|
|
|
|
|
|
|
describe '#permitted_attributes' do
|
|
|
|
|
subject { Pundit.policy(user, asciicast).permitted_attributes }
|
|
|
|
|
|
|
|
|
|
let(:asciicast) { Asciicast.new }
|
|
|
|
|
|
|
|
|
|
context "when user is admin" do
|
|
|
|
|
let(:user) { stub_model(User, admin?: true) }
|
|
|
|
|
|
2014-11-27 12:30:08 +00:00
|
|
|
it "includes form fields + featured" do
|
2015-04-27 13:10:41 +00:00
|
|
|
expect(subject).to eq([:title, :description, :theme_name, :snapshot_at, :featured, :private])
|
2014-07-05 12:59:42 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context "when user isn't admin" do
|
|
|
|
|
let(:user) { stub_model(User, admin?: false) }
|
|
|
|
|
|
|
|
|
|
it "is empty" do
|
|
|
|
|
expect(subject).to eq([])
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context "and is creator of the asciicast" do
|
|
|
|
|
let(:asciicast) { Asciicast.new(user: user) }
|
|
|
|
|
|
2014-11-15 18:30:05 +00:00
|
|
|
it "doesn't include featured but includes private" do
|
2015-05-10 16:40:39 +00:00
|
|
|
expect(subject).to eq([:title, :description, :theme_name, :snapshot_at, :private])
|
2014-07-05 12:59:42 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
permissions :update? do
|
|
|
|
|
it "denies access if user is nil" do
|
|
|
|
|
expect(subject).not_to permit(nil, Asciicast.new)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "grants access if user is admin" do
|
|
|
|
|
user = stub_model(User, admin?: true)
|
|
|
|
|
expect(subject).to permit(user, Asciicast.new)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "grants access if user is creator of the asciicast" do
|
|
|
|
|
user = stub_model(User, admin?: false)
|
|
|
|
|
expect(subject).to permit(user, Asciicast.new(user: user))
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "denies access if user isn't the creator of the asciicast" do
|
|
|
|
|
expect(subject).not_to permit(User.new, Asciicast.new(user: User.new))
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
permissions :destroy? do
|
|
|
|
|
it "denies access if user is nil" do
|
|
|
|
|
expect(subject).not_to permit(nil, Asciicast.new)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "grants access if user is admin" do
|
|
|
|
|
user = stub_model(User, admin?: true)
|
|
|
|
|
expect(subject).to permit(user, Asciicast.new)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "grants access if user is creator of the asciicast" do
|
|
|
|
|
user = stub_model(User, admin?: false)
|
|
|
|
|
expect(subject).to permit(user, Asciicast.new(user: user))
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "denies access if user isn't the creator of the asciicast" do
|
|
|
|
|
expect(subject).not_to permit(User.new, Asciicast.new(user: User.new))
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2015-04-25 18:47:52 +00:00
|
|
|
permissions :change_featured? do
|
2014-07-05 12:59:42 +00:00
|
|
|
it "denies access if user is nil" do
|
|
|
|
|
expect(subject).not_to permit(nil, Asciicast.new)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "grants access if user is admin" do
|
|
|
|
|
user = stub_model(User, admin?: true)
|
|
|
|
|
expect(subject).to permit(user, Asciicast.new)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "denies access if user isn't admin" do
|
|
|
|
|
user = stub_model(User, admin?: false)
|
|
|
|
|
expect(subject).not_to permit(user, Asciicast.new)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2015-04-28 10:34:22 +00:00
|
|
|
permissions :change_visibility? do
|
|
|
|
|
it "denies access if user is nil" do
|
|
|
|
|
expect(subject).not_to permit(nil, Asciicast.new)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "grants access if user is admin" do
|
|
|
|
|
user = stub_model(User, admin?: true)
|
|
|
|
|
expect(subject).to permit(user, Asciicast.new)
|
|
|
|
|
end
|
|
|
|
|
|
2015-05-10 16:40:39 +00:00
|
|
|
it "grants access if user is creator of the asciicast" do
|
|
|
|
|
user = stub_model(User, admin?: false)
|
|
|
|
|
expect(subject).to permit(user, Asciicast.new(user: user))
|
2015-04-28 10:34:22 +00:00
|
|
|
end
|
|
|
|
|
|
2015-05-10 16:40:39 +00:00
|
|
|
it "denies access if user isn't the creator of the asciicast" do
|
|
|
|
|
expect(subject).not_to permit(User.new, Asciicast.new(user: User.new))
|
2015-04-28 10:34:22 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2014-07-05 12:59:42 +00:00
|
|
|
end
|
