mirror of
https://github.com/mastodon/mastodon.git
synced 2024-12-23 00:30:57 +01:00
Improve app/policies
coverage (#32426)
This commit is contained in:
parent
28131b4b00
commit
9e8f099d38
35 changed files with 264 additions and 55 deletions
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe AccountModerationNotePolicy do
|
RSpec.describe AccountModerationNotePolicy do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
@ -12,13 +11,13 @@ RSpec.describe AccountModerationNotePolicy do
|
||||||
permissions :create? do
|
permissions :create? do
|
||||||
context 'when staff' do
|
context 'when staff' do
|
||||||
it 'grants to create' do
|
it 'grants to create' do
|
||||||
expect(subject).to permit(admin, described_class)
|
expect(subject).to permit(admin, AccountModerationNote)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when not staff' do
|
context 'when not staff' do
|
||||||
it 'denies to create' do
|
it 'denies to create' do
|
||||||
expect(subject).to_not permit(john, described_class)
|
expect(subject).to_not permit(john, AccountModerationNote)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe AccountPolicy do
|
RSpec.describe AccountPolicy do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
@ -24,7 +23,7 @@ RSpec.describe AccountPolicy do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
permissions :show?, :unsilence?, :unsensitive?, :remove_avatar?, :remove_header? do
|
permissions :show?, :unsilence?, :unsensitive?, :remove_avatar?, :remove_header?, :sensitive?, :warn? do
|
||||||
context 'when staff' do
|
context 'when staff' do
|
||||||
it 'permits' do
|
it 'permits' do
|
||||||
expect(subject).to permit(admin, alice)
|
expect(subject).to permit(admin, alice)
|
||||||
|
|
42
spec/policies/account_warning_policy_spec.rb
Normal file
42
spec/policies/account_warning_policy_spec.rb
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
require 'rails_helper'
|
||||||
|
|
||||||
|
RSpec.describe AccountWarningPolicy do
|
||||||
|
subject { described_class }
|
||||||
|
|
||||||
|
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
|
||||||
|
let(:account) { Fabricate(:account) }
|
||||||
|
|
||||||
|
permissions :show? do
|
||||||
|
context 'with an admin' do
|
||||||
|
it { is_expected.to permit(admin, AccountWarning.new) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with a non-admin' do
|
||||||
|
context 'when account is not target' do
|
||||||
|
it { is_expected.to_not permit(account, AccountWarning.new) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when account is target' do
|
||||||
|
it { is_expected.to permit(account, AccountWarning.new(target_account_id: account.id)) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
permissions :appeal? do
|
||||||
|
context 'when account is not target' do
|
||||||
|
it { is_expected.to_not permit(account, AccountWarning.new) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when account is target' do
|
||||||
|
context 'when record is appealable' do
|
||||||
|
it { is_expected.to permit(account, AccountWarning.new(target_account_id: account.id, created_at: Appeal::MAX_STRIKE_AGE.ago + 1.hour)) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when record is not appealable' do
|
||||||
|
it { is_expected.to_not permit(account, AccountWarning.new(target_account_id: account.id, created_at: Appeal::MAX_STRIKE_AGE.ago - 1.hour)) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe AccountWarningPresetPolicy do
|
RSpec.describe AccountWarningPresetPolicy do
|
||||||
let(:policy) { described_class }
|
let(:policy) { described_class }
|
||||||
|
@ -11,13 +10,13 @@ RSpec.describe AccountWarningPresetPolicy do
|
||||||
permissions :index?, :create?, :update?, :destroy? do
|
permissions :index?, :create?, :update?, :destroy? do
|
||||||
context 'with an admin' do
|
context 'with an admin' do
|
||||||
it 'permits' do
|
it 'permits' do
|
||||||
expect(policy).to permit(admin, Tag)
|
expect(policy).to permit(admin, AccountWarningPreset)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with a non-admin' do
|
context 'with a non-admin' do
|
||||||
it 'denies' do
|
it 'denies' do
|
||||||
expect(policy).to_not permit(john, Tag)
|
expect(policy).to_not permit(john, AccountWarningPreset)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe Admin::StatusPolicy do
|
RSpec.describe Admin::StatusPolicy do
|
||||||
let(:policy) { described_class }
|
let(:policy) { described_class }
|
||||||
|
@ -13,13 +12,13 @@ RSpec.describe Admin::StatusPolicy do
|
||||||
permissions :index?, :update?, :review?, :destroy? do
|
permissions :index?, :update?, :review?, :destroy? do
|
||||||
context 'with an admin' do
|
context 'with an admin' do
|
||||||
it 'permits' do
|
it 'permits' do
|
||||||
expect(policy).to permit(admin, Tag)
|
expect(policy).to permit(admin, Status)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with a non-admin' do
|
context 'with a non-admin' do
|
||||||
it 'denies' do
|
it 'denies' do
|
||||||
expect(policy).to_not permit(john, Tag)
|
expect(policy).to_not permit(john, Status)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe AnnouncementPolicy do
|
RSpec.describe AnnouncementPolicy do
|
||||||
let(:policy) { described_class }
|
let(:policy) { described_class }
|
||||||
|
@ -11,13 +10,13 @@ RSpec.describe AnnouncementPolicy do
|
||||||
permissions :index?, :create?, :update?, :destroy? do
|
permissions :index?, :create?, :update?, :destroy? do
|
||||||
context 'with an admin' do
|
context 'with an admin' do
|
||||||
it 'permits' do
|
it 'permits' do
|
||||||
expect(policy).to permit(admin, Tag)
|
expect(policy).to permit(admin, Announcement)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with a non-admin' do
|
context 'with a non-admin' do
|
||||||
it 'denies' do
|
it 'denies' do
|
||||||
expect(policy).to_not permit(john, Tag)
|
expect(policy).to_not permit(john, Announcement)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe AppealPolicy do
|
RSpec.describe AppealPolicy do
|
||||||
let(:policy) { described_class }
|
let(:policy) { described_class }
|
||||||
|
@ -12,18 +11,18 @@ RSpec.describe AppealPolicy do
|
||||||
permissions :index? do
|
permissions :index? do
|
||||||
context 'with an admin' do
|
context 'with an admin' do
|
||||||
it 'permits' do
|
it 'permits' do
|
||||||
expect(policy).to permit(admin, Tag)
|
expect(policy).to permit(admin, Appeal)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with a non-admin' do
|
context 'with a non-admin' do
|
||||||
it 'denies' do
|
it 'denies' do
|
||||||
expect(policy).to_not permit(john, Tag)
|
expect(policy).to_not permit(john, Appeal)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
permissions :reject? do
|
permissions :reject?, :approve? do
|
||||||
context 'with an admin' do
|
context 'with an admin' do
|
||||||
context 'with a pending appeal' do
|
context 'with a pending appeal' do
|
||||||
before { allow(appeal).to receive(:pending?).and_return(true) }
|
before { allow(appeal).to receive(:pending?).and_return(true) }
|
||||||
|
|
20
spec/policies/audit_log_policy_spec.rb
Normal file
20
spec/policies/audit_log_policy_spec.rb
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
require 'rails_helper'
|
||||||
|
|
||||||
|
RSpec.describe AuditLogPolicy do
|
||||||
|
subject { described_class }
|
||||||
|
|
||||||
|
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
|
||||||
|
let(:account) { Fabricate(:account) }
|
||||||
|
|
||||||
|
permissions :index? do
|
||||||
|
context 'with an admin' do
|
||||||
|
it { is_expected.to permit(admin, nil) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with a non-admin' do
|
||||||
|
it { is_expected.to_not permit(account, nil) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe BackupPolicy do
|
RSpec.describe BackupPolicy do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe CanonicalEmailBlockPolicy do
|
RSpec.describe CanonicalEmailBlockPolicy do
|
||||||
let(:policy) { described_class }
|
let(:policy) { described_class }
|
||||||
|
@ -11,13 +10,13 @@ RSpec.describe CanonicalEmailBlockPolicy do
|
||||||
permissions :index?, :show?, :test?, :create?, :destroy? do
|
permissions :index?, :show?, :test?, :create?, :destroy? do
|
||||||
context 'with an admin' do
|
context 'with an admin' do
|
||||||
it 'permits' do
|
it 'permits' do
|
||||||
expect(policy).to permit(admin, Tag)
|
expect(policy).to permit(admin, CanonicalEmailBlock)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with a non-admin' do
|
context 'with a non-admin' do
|
||||||
it 'denies' do
|
it 'denies' do
|
||||||
expect(policy).to_not permit(john, Tag)
|
expect(policy).to_not permit(john, CanonicalEmailBlock)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe CustomEmojiPolicy do
|
RSpec.describe CustomEmojiPolicy do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
|
20
spec/policies/dashboard_policy_spec.rb
Normal file
20
spec/policies/dashboard_policy_spec.rb
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
require 'rails_helper'
|
||||||
|
|
||||||
|
RSpec.describe DashboardPolicy do
|
||||||
|
subject { described_class }
|
||||||
|
|
||||||
|
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
|
||||||
|
let(:account) { Fabricate(:account) }
|
||||||
|
|
||||||
|
permissions :index? do
|
||||||
|
context 'with an admin' do
|
||||||
|
it { is_expected.to permit(admin, nil) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with a non-admin' do
|
||||||
|
it { is_expected.to_not permit(account, nil) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe DeliveryPolicy do
|
RSpec.describe DeliveryPolicy do
|
||||||
let(:policy) { described_class }
|
let(:policy) { described_class }
|
||||||
|
@ -11,13 +10,13 @@ RSpec.describe DeliveryPolicy do
|
||||||
permissions :clear_delivery_errors?, :restart_delivery?, :stop_delivery? do
|
permissions :clear_delivery_errors?, :restart_delivery?, :stop_delivery? do
|
||||||
context 'with an admin' do
|
context 'with an admin' do
|
||||||
it 'permits' do
|
it 'permits' do
|
||||||
expect(policy).to permit(admin, Tag)
|
expect(policy).to permit(admin, nil)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with a non-admin' do
|
context 'with a non-admin' do
|
||||||
it 'denies' do
|
it 'denies' do
|
||||||
expect(policy).to_not permit(john, Tag)
|
expect(policy).to_not permit(john, nil)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
24
spec/policies/domain_allow_policy_spec.rb
Normal file
24
spec/policies/domain_allow_policy_spec.rb
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
require 'rails_helper'
|
||||||
|
|
||||||
|
RSpec.describe DomainAllowPolicy do
|
||||||
|
subject { described_class }
|
||||||
|
|
||||||
|
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
|
||||||
|
let(:john) { Fabricate(:account) }
|
||||||
|
|
||||||
|
permissions :index?, :show?, :create?, :destroy? do
|
||||||
|
context 'when admin' do
|
||||||
|
it 'permits' do
|
||||||
|
expect(subject).to permit(admin, DomainAllow)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when not admin' do
|
||||||
|
it 'denies' do
|
||||||
|
expect(subject).to_not permit(john, DomainAllow)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe DomainBlockPolicy do
|
RSpec.describe DomainBlockPolicy do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
@ -9,7 +8,7 @@ RSpec.describe DomainBlockPolicy do
|
||||||
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
|
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
|
||||||
let(:john) { Fabricate(:account) }
|
let(:john) { Fabricate(:account) }
|
||||||
|
|
||||||
permissions :index?, :show?, :create?, :destroy? do
|
permissions :index?, :show?, :create?, :destroy?, :update? do
|
||||||
context 'when admin' do
|
context 'when admin' do
|
||||||
it 'permits' do
|
it 'permits' do
|
||||||
expect(subject).to permit(admin, DomainBlock)
|
expect(subject).to permit(admin, DomainBlock)
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe EmailDomainBlockPolicy do
|
RSpec.describe EmailDomainBlockPolicy do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe FollowRecommendationPolicy do
|
RSpec.describe FollowRecommendationPolicy do
|
||||||
let(:policy) { described_class }
|
let(:policy) { described_class }
|
||||||
|
@ -11,13 +10,13 @@ RSpec.describe FollowRecommendationPolicy do
|
||||||
permissions :show?, :suppress?, :unsuppress? do
|
permissions :show?, :suppress?, :unsuppress? do
|
||||||
context 'with an admin' do
|
context 'with an admin' do
|
||||||
it 'permits' do
|
it 'permits' do
|
||||||
expect(policy).to permit(admin, Tag)
|
expect(policy).to permit(admin, FollowRecommendation)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with a non-admin' do
|
context 'with a non-admin' do
|
||||||
it 'denies' do
|
it 'denies' do
|
||||||
expect(policy).to_not permit(john, Tag)
|
expect(policy).to_not permit(john, FollowRecommendation)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe InstancePolicy do
|
RSpec.describe InstancePolicy do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe InvitePolicy do
|
RSpec.describe InvitePolicy do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe IpBlockPolicy do
|
RSpec.describe IpBlockPolicy do
|
||||||
let(:policy) { described_class }
|
let(:policy) { described_class }
|
||||||
|
@ -11,13 +10,13 @@ RSpec.describe IpBlockPolicy do
|
||||||
permissions :index?, :show?, :create?, :update?, :destroy? do
|
permissions :index?, :show?, :create?, :update?, :destroy? do
|
||||||
context 'with an admin' do
|
context 'with an admin' do
|
||||||
it 'permits' do
|
it 'permits' do
|
||||||
expect(policy).to permit(admin, Tag)
|
expect(policy).to permit(admin, IpBlock)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with a non-admin' do
|
context 'with a non-admin' do
|
||||||
it 'denies' do
|
it 'denies' do
|
||||||
expect(policy).to_not permit(john, Tag)
|
expect(policy).to_not permit(john, IpBlock)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
36
spec/policies/poll_policy_spec.rb
Normal file
36
spec/policies/poll_policy_spec.rb
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
require 'rails_helper'
|
||||||
|
|
||||||
|
RSpec.describe PollPolicy do
|
||||||
|
subject { described_class }
|
||||||
|
|
||||||
|
let(:account) { Fabricate(:account) }
|
||||||
|
let(:poll) { Fabricate :poll }
|
||||||
|
|
||||||
|
permissions :vote? do
|
||||||
|
context 'when account cannot view status' do
|
||||||
|
before { poll.status.update(visibility: :private) }
|
||||||
|
|
||||||
|
it { is_expected.to_not permit(account, poll) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when account can view status' do
|
||||||
|
context 'when accounts do not block each other' do
|
||||||
|
it { is_expected.to permit(account, poll) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when view blocks poll creator' do
|
||||||
|
before { Fabricate :block, account: account, target_account: poll.account }
|
||||||
|
|
||||||
|
it { is_expected.to_not permit(account, poll) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when poll creator blocks viewer' do
|
||||||
|
before { Fabricate :block, account: poll.account, target_account: account }
|
||||||
|
|
||||||
|
it { is_expected.to_not permit(account, poll) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe PreviewCardPolicy do
|
RSpec.describe PreviewCardPolicy do
|
||||||
let(:policy) { described_class }
|
let(:policy) { described_class }
|
||||||
|
@ -11,13 +10,13 @@ RSpec.describe PreviewCardPolicy do
|
||||||
permissions :index?, :review? do
|
permissions :index?, :review? do
|
||||||
context 'with an admin' do
|
context 'with an admin' do
|
||||||
it 'permits' do
|
it 'permits' do
|
||||||
expect(policy).to permit(admin, Tag)
|
expect(policy).to permit(admin, PreviewCard)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with a non-admin' do
|
context 'with a non-admin' do
|
||||||
it 'denies' do
|
it 'denies' do
|
||||||
expect(policy).to_not permit(john, Tag)
|
expect(policy).to_not permit(john, PreviewCard)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe PreviewCardProviderPolicy do
|
RSpec.describe PreviewCardProviderPolicy do
|
||||||
let(:policy) { described_class }
|
let(:policy) { described_class }
|
||||||
|
@ -11,13 +10,13 @@ RSpec.describe PreviewCardProviderPolicy do
|
||||||
permissions :index?, :review? do
|
permissions :index?, :review? do
|
||||||
context 'with an admin' do
|
context 'with an admin' do
|
||||||
it 'permits' do
|
it 'permits' do
|
||||||
expect(policy).to permit(admin, Tag)
|
expect(policy).to permit(admin, PreviewCardProvider)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with a non-admin' do
|
context 'with a non-admin' do
|
||||||
it 'denies' do
|
it 'denies' do
|
||||||
expect(policy).to_not permit(john, Tag)
|
expect(policy).to_not permit(john, PreviewCardProvider)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe RelayPolicy do
|
RSpec.describe RelayPolicy do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe ReportNotePolicy do
|
RSpec.describe ReportNotePolicy do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe ReportPolicy do
|
RSpec.describe ReportPolicy do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe RulePolicy do
|
RSpec.describe RulePolicy do
|
||||||
let(:policy) { described_class }
|
let(:policy) { described_class }
|
||||||
|
@ -11,13 +10,13 @@ RSpec.describe RulePolicy do
|
||||||
permissions :index?, :create?, :update?, :destroy? do
|
permissions :index?, :create?, :update?, :destroy? do
|
||||||
context 'with an admin' do
|
context 'with an admin' do
|
||||||
it 'permits' do
|
it 'permits' do
|
||||||
expect(policy).to permit(admin, Tag)
|
expect(policy).to permit(admin, Rule)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with a non-admin' do
|
context 'with a non-admin' do
|
||||||
it 'denies' do
|
it 'denies' do
|
||||||
expect(policy).to_not permit(john, Tag)
|
expect(policy).to_not permit(john, Rule)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe SettingsPolicy do
|
RSpec.describe SettingsPolicy do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe SoftwareUpdatePolicy do
|
RSpec.describe SoftwareUpdatePolicy do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe StatusPolicy, type: :model do
|
RSpec.describe StatusPolicy, type: :model do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe TagPolicy do
|
RSpec.describe TagPolicy do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe UserPolicy do
|
RSpec.describe UserPolicy do
|
||||||
subject { described_class }
|
subject { described_class }
|
||||||
|
@ -112,4 +111,42 @@ RSpec.describe UserPolicy do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
permissions :approve?, :reject? do
|
||||||
|
context 'when admin' do
|
||||||
|
context 'when user is approved' do
|
||||||
|
it { is_expected.to_not permit(admin, User.new(approved: true)) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when user is not approved' do
|
||||||
|
it { is_expected.to permit(admin, User.new(approved: false)) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when not admin' do
|
||||||
|
it { is_expected.to_not permit(john, User.new) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
permissions :change_role? do
|
||||||
|
context 'when not admin' do
|
||||||
|
it { is_expected.to_not permit(john, User.new) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when admin' do
|
||||||
|
let(:user) { User.new(role: role) }
|
||||||
|
|
||||||
|
context 'when role of admin overrides user role' do
|
||||||
|
let(:role) { UserRole.new(position: admin.user.role.position - 10, id: 123) }
|
||||||
|
|
||||||
|
it { is_expected.to permit(admin, user) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when role of admin does not override user role' do
|
||||||
|
let(:role) { UserRole.new(position: admin.user.role.position + 10, id: 123) }
|
||||||
|
|
||||||
|
it { is_expected.to_not permit(admin, user) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
56
spec/policies/user_role_policy_spec.rb
Normal file
56
spec/policies/user_role_policy_spec.rb
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
require 'rails_helper'
|
||||||
|
|
||||||
|
RSpec.describe UserRolePolicy do
|
||||||
|
subject { described_class }
|
||||||
|
|
||||||
|
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
|
||||||
|
let(:account) { Fabricate(:account) }
|
||||||
|
|
||||||
|
permissions :index?, :create? do
|
||||||
|
context 'when admin' do
|
||||||
|
it { is_expected.to permit(admin, UserRole.new) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when not admin' do
|
||||||
|
it { is_expected.to_not permit(account, UserRole.new) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
permissions :update? do
|
||||||
|
context 'when admin' do
|
||||||
|
context 'when role of admin overrides relevant role' do
|
||||||
|
it { is_expected.to permit(admin, UserRole.new(position: admin.user.role.position - 10, id: 123)) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when role of admin does not override relevant role' do
|
||||||
|
it { is_expected.to_not permit(admin, UserRole.new(position: admin.user.role.position + 10, id: 123)) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when not admin' do
|
||||||
|
it { is_expected.to_not permit(account, UserRole.new) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
permissions :destroy? do
|
||||||
|
context 'when admin' do
|
||||||
|
context 'when role of admin overrides relevant role' do
|
||||||
|
it { is_expected.to permit(admin, UserRole.new(position: admin.user.role.position - 10)) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when role of admin does not override relevant role' do
|
||||||
|
it { is_expected.to_not permit(admin, UserRole.new(position: admin.user.role.position + 10)) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when everyone role' do
|
||||||
|
it { is_expected.to_not permit(admin, UserRole.everyone) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when not admin' do
|
||||||
|
it { is_expected.to_not permit(account, UserRole.new) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,7 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
require 'pundit/rspec'
|
|
||||||
|
|
||||||
RSpec.describe WebhookPolicy do
|
RSpec.describe WebhookPolicy do
|
||||||
let(:policy) { described_class }
|
let(:policy) { described_class }
|
||||||
|
|
|
@ -43,6 +43,7 @@ require 'paperclip/matchers'
|
||||||
require 'capybara/rspec'
|
require 'capybara/rspec'
|
||||||
require 'chewy/rspec'
|
require 'chewy/rspec'
|
||||||
require 'email_spec/rspec'
|
require 'email_spec/rspec'
|
||||||
|
require 'pundit/rspec'
|
||||||
require 'test_prof/recipes/rspec/before_all'
|
require 'test_prof/recipes/rspec/before_all'
|
||||||
|
|
||||||
Rails.root.glob('spec/support/**/*.rb').each { |f| require f }
|
Rails.root.glob('spec/support/**/*.rb').each { |f| require f }
|
||||||
|
|
Loading…
Reference in a new issue