trabajo-afectivo/spec/policies/user_policy_spec.rb

202 lines
5.9 KiB
Ruby
Raw Normal View History

# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
require 'rails_helper'
describe UserPolicy do
subject { described_class.new(user, record) }
context 'when user is an admin' do
let(:user) { create(:user, roles: [partial_admin_role]) }
context 'with "admin.user" privileges' do
let(:partial_admin_role) do
create(:role).tap { |role| role.permission_grant('admin.user') }
end
context 'wants to read, change, or delete any user' do
context 'when record is an admin user' do
let(:record) { create(:admin) }
it { is_expected.to permit_actions(%i[show update destroy]) }
end
context 'when record is an agent user' do
let(:record) { create(:agent) }
it { is_expected.to permit_actions(%i[show update destroy]) }
end
context 'when record is a customer user' do
let(:record) { create(:customer) }
it { is_expected.to permit_actions(%i[show update destroy]) }
end
context 'when record is any user' do
let(:record) { create(:user) }
it { is_expected.to permit_actions(%i[show update destroy]) }
end
context 'when record is the same user' do
let(:record) { user }
it { is_expected.to permit_actions(%i[show update destroy]) }
end
end
end
context 'without "admin.user" privileges' do
let(:partial_admin_role) do
create(:role).tap { |role| role.permission_grant('admin.tag') }
end
context 'when record is an admin user' do
let(:record) { create(:admin) }
it { is_expected.to permit_action(:show) }
it { is_expected.to forbid_actions(%i[update destroy]) }
end
context 'when record is an agent user' do
let(:record) { create(:agent) }
it { is_expected.to permit_action(:show) }
it { is_expected.to forbid_actions(%i[update destroy]) }
end
context 'when record is a customer user' do
let(:record) { create(:customer) }
it { is_expected.to permit_action(:show) }
it { is_expected.to forbid_actions(%i[update destroy]) }
end
context 'when record is any user' do
let(:record) { create(:user) }
it { is_expected.to permit_action(:show) }
it { is_expected.to forbid_actions(%i[update destroy]) }
end
context 'when record is the same user' do
let(:record) { user }
it { is_expected.to permit_action(:show) }
it { is_expected.to forbid_actions(%i[update destroy]) }
end
end
end
context 'when user is an agent' do
let(:user) { create(:agent) }
context 'when record is an admin user' do
let(:record) { create(:admin) }
it { is_expected.to permit_action(:show) }
it { is_expected.to forbid_actions(%i[update destroy]) }
end
context 'when record is an agent user' do
let(:record) { create(:agent) }
it { is_expected.to permit_action(:show) }
it { is_expected.to forbid_actions(%i[update destroy]) }
end
context 'when record is a customer user' do
let(:record) { create(:customer) }
it { is_expected.to permit_actions(%i[show update]) }
it { is_expected.to forbid_action(:destroy) }
end
context 'when record is any user' do
let(:record) { create(:user) }
it { is_expected.to permit_actions(%i[show update]) }
it { is_expected.to forbid_action(:destroy) }
end
context 'when record is the same user' do
let(:record) { user }
it { is_expected.to permit_action(:show) }
it { is_expected.to forbid_actions(%i[update destroy]) }
end
context 'when record is both admin and customer' do
let(:record) { create(:customer, role_ids: Role.signup_role_ids.push(Role.find_by(name: 'Admin').id)) }
it { is_expected.to permit_action(:show) }
it { is_expected.to forbid_actions(%i[update destroy]) }
end
context 'when record is both agent and customer' do
let(:record) { create(:customer, role_ids: Role.signup_role_ids.push(Role.find_by(name: 'Agent').id)) }
it { is_expected.to permit_action(:show) }
it { is_expected.to forbid_actions(%i[update destroy]) }
end
end
context 'when user is a customer' do
let(:user) { create(:customer) }
context 'when record is an admin user' do
let(:record) { create(:admin) }
it { is_expected.to forbid_actions(%i[show update destroy]) }
end
context 'when record is an agent user' do
let(:record) { create(:agent) }
it { is_expected.to forbid_actions(%i[show update destroy]) }
end
context 'when record is a customer user' do
let(:record) { create(:customer) }
it { is_expected.to forbid_actions(%i[show update destroy]) }
end
context 'when record is any user' do
let(:record) { create(:user) }
it { is_expected.to forbid_actions(%i[show update destroy]) }
end
context 'when record is a colleague' do
let(:user) { create(:customer, :with_org) }
let(:record) { create(:customer, organization: user.organization) }
it { is_expected.to permit_action(:show) }
it { is_expected.to forbid_actions(%i[update destroy]) }
end
context 'when record is the same user' do
let(:record) { user }
it { is_expected.to permit_action(:show) }
it { is_expected.to forbid_actions(%i[update destroy]) }
end
context 'when record is both admin and customer' do
let(:record) { create(:customer, role_ids: Role.signup_role_ids.push(Role.find_by(name: 'Admin').id)) }
it { is_expected.to forbid_actions(%i[show update destroy]) }
end
context 'when record is both agent and customer' do
let(:record) { create(:customer, role_ids: Role.signup_role_ids.push(Role.find_by(name: 'Agent').id)) }
it { is_expected.to forbid_actions(%i[show update destroy]) }
end
end
end