28 lines
699 B
Ruby
28 lines
699 B
Ruby
require 'rails_helper'
|
|
|
|
describe ApiTokenPolicy do
|
|
|
|
subject { described_class }
|
|
|
|
permissions :destroy? do
|
|
it "denies access if user is nil" do
|
|
expect(subject).not_to permit(nil, ApiToken.new)
|
|
end
|
|
|
|
it "grants access if user is admin" do
|
|
user = stub_model(User, admin?: true)
|
|
expect(subject).to permit(user, ApiToken.new)
|
|
end
|
|
|
|
it "grants access if user is the owner of the token" do
|
|
user = stub_model(User, admin?: false)
|
|
expect(subject).to permit(user, ApiToken.new(user: user))
|
|
end
|
|
|
|
it "denies access if user isn't the owner of the token" do
|
|
expect(subject).not_to permit(User.new, ApiToken.new(user: User.new))
|
|
end
|
|
end
|
|
|
|
end
|