require 'rails_helper'

describe ApiTokenPolicy do

  subject { described_class }

  permissions :destroy? do
    it "denies access if user is nil" do
      expect(subject).not_to permit(nil, ApiToken.new)
    end

    it "grants access if user is admin" do
      user = stub_model(User, admin?: true)
      expect(subject).to permit(user, ApiToken.new)
    end

    it "grants access if user is the owner of the token" do
      user = stub_model(User, admin?: false)
      expect(subject).to permit(user, ApiToken.new(user: user))
    end

    it "denies access if user isn't the owner of the token" do
      expect(subject).not_to permit(User.new, ApiToken.new(user: User.new))
    end
  end

end