2022-01-01 13:38:12 +00:00
|
|
|
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
|
2021-06-01 12:20:20 +00:00
|
|
|
|
2018-12-13 09:10:32 +00:00
|
|
|
RSpec.shared_examples 'HasRoles' do |group_access_factory:|
|
2017-06-16 20:43:09 +00:00
|
|
|
context 'role' do
|
2018-12-13 09:10:32 +00:00
|
|
|
subject { create(group_access_factory) }
|
2019-04-15 01:41:17 +00:00
|
|
|
|
2017-06-16 20:43:09 +00:00
|
|
|
let(:role) { create(:role) }
|
|
|
|
let(:group_instance) { create(:group) }
|
|
|
|
let(:group_role) { create(:group) }
|
|
|
|
let(:group_inactive) { create(:group, active: false) }
|
|
|
|
|
2020-02-18 19:51:31 +00:00
|
|
|
describe '#role_access?' do
|
2017-06-16 20:43:09 +00:00
|
|
|
|
|
|
|
it 'responds to role_access?' do
|
2018-12-13 09:10:32 +00:00
|
|
|
expect(subject).to respond_to(:role_access?)
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
|
2017-06-20 15:13:42 +00:00
|
|
|
context 'active Role' do
|
2019-04-15 01:41:17 +00:00
|
|
|
before do
|
2017-06-20 15:13:42 +00:00
|
|
|
role.group_names_access_map = {
|
|
|
|
group_role.name => 'read',
|
|
|
|
}
|
|
|
|
|
2018-12-13 09:10:32 +00:00
|
|
|
subject.roles.push(role)
|
|
|
|
subject.save
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
|
2017-06-20 15:13:42 +00:00
|
|
|
context 'Group ID parameter' do
|
|
|
|
include_examples '#role_access? call' do
|
|
|
|
let(:group_parameter) { group_role.id }
|
|
|
|
end
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
|
2017-06-20 15:13:42 +00:00
|
|
|
context 'Group parameter' do
|
|
|
|
include_examples '#role_access? call' do
|
|
|
|
let(:group_parameter) { group_role }
|
|
|
|
end
|
|
|
|
end
|
2017-06-16 20:43:09 +00:00
|
|
|
|
2017-06-20 15:13:42 +00:00
|
|
|
it 'prevents inactive Group' do
|
|
|
|
role.group_names_access_map = {
|
|
|
|
group_inactive.name => 'read',
|
|
|
|
}
|
|
|
|
|
2018-12-13 09:10:32 +00:00
|
|
|
expect(subject.group_access?(group_inactive.id, 'read')).to be false
|
2017-06-20 15:13:42 +00:00
|
|
|
end
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'prevents inactive Role' do
|
|
|
|
role_inactive = create(:role, active: false)
|
|
|
|
role_inactive.group_names_access_map = {
|
|
|
|
group_role.name => 'read',
|
|
|
|
}
|
|
|
|
|
2018-12-13 09:10:32 +00:00
|
|
|
subject.roles.push(role_inactive)
|
|
|
|
subject.save
|
2017-06-16 20:43:09 +00:00
|
|
|
|
2018-12-13 09:10:32 +00:00
|
|
|
expect(subject.group_access?(group_role.id, 'read')).to be false
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-02-18 19:51:31 +00:00
|
|
|
describe '.role_access_ids' do
|
2017-06-16 20:43:09 +00:00
|
|
|
|
2019-04-15 01:41:17 +00:00
|
|
|
before do
|
2017-06-16 20:43:09 +00:00
|
|
|
role.group_names_access_map = {
|
|
|
|
group_role.name => 'read',
|
|
|
|
}
|
|
|
|
|
2018-12-13 09:10:32 +00:00
|
|
|
subject.roles.push(role)
|
|
|
|
subject.save
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'responds to role_access_ids' do
|
|
|
|
expect(described_class).to respond_to(:role_access_ids)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'lists only active instance IDs' do
|
2018-12-13 09:10:32 +00:00
|
|
|
subject.update!(active: false)
|
|
|
|
|
2017-06-16 20:43:09 +00:00
|
|
|
role.group_names_access_map = {
|
|
|
|
group_role.name => 'read',
|
|
|
|
}
|
|
|
|
|
2018-12-13 09:10:32 +00:00
|
|
|
subject.roles.push(role)
|
|
|
|
subject.save
|
|
|
|
subject.save
|
2017-06-16 20:43:09 +00:00
|
|
|
|
|
|
|
result = described_class.role_access_ids(group_role.id, 'read')
|
2018-12-13 09:10:32 +00:00
|
|
|
expect(result).not_to include(subject.id)
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'Group ID parameter' do
|
|
|
|
include_examples '.role_access_ids call' do
|
|
|
|
let(:group_parameter) { group_role.id }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'Group parameter' do
|
|
|
|
include_examples '.role_access_ids call' do
|
2017-06-20 15:13:42 +00:00
|
|
|
let(:group_parameter) { group_role }
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-06-23 11:35:27 +00:00
|
|
|
describe 'group' do
|
2017-06-16 20:43:09 +00:00
|
|
|
|
2019-04-15 01:41:17 +00:00
|
|
|
before do
|
2017-06-16 20:43:09 +00:00
|
|
|
role.group_names_access_map = {
|
|
|
|
group_role.name => 'read',
|
|
|
|
}
|
|
|
|
|
2018-12-13 09:10:32 +00:00
|
|
|
subject.roles.push(role)
|
|
|
|
subject.save
|
2017-06-16 20:43:09 +00:00
|
|
|
|
2018-12-13 09:10:32 +00:00
|
|
|
subject.group_names_access_map = {
|
2017-06-16 20:43:09 +00:00
|
|
|
group_instance.name => 'read',
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
2020-02-18 19:51:31 +00:00
|
|
|
describe '#group_access?' do
|
2017-06-16 20:43:09 +00:00
|
|
|
|
|
|
|
it 'falls back to #role_access?' do
|
2018-12-13 09:10:32 +00:00
|
|
|
expect(subject).to receive(:role_access?)
|
|
|
|
subject.group_access?(group_role, 'read')
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't fall back to #role_access? if not needed" do
|
2018-12-13 09:10:32 +00:00
|
|
|
expect(subject).not_to receive(:role_access?)
|
|
|
|
subject.group_access?(group_instance, 'read')
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-02-18 19:51:31 +00:00
|
|
|
describe '#group_ids_access' do
|
2017-06-16 20:43:09 +00:00
|
|
|
|
2019-04-15 01:41:17 +00:00
|
|
|
before do
|
2017-06-16 20:43:09 +00:00
|
|
|
role.group_names_access_map = {
|
|
|
|
group_role.name => 'read',
|
|
|
|
}
|
|
|
|
|
2018-12-13 09:10:32 +00:00
|
|
|
subject.roles.push(role)
|
|
|
|
subject.save
|
2017-06-16 20:43:09 +00:00
|
|
|
|
2018-12-13 09:10:32 +00:00
|
|
|
subject.group_names_access_map = {
|
2017-06-16 20:43:09 +00:00
|
|
|
group_instance.name => 'read',
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'lists only active Group IDs' do
|
|
|
|
role.group_names_access_map = {
|
|
|
|
group_role.name => 'read',
|
|
|
|
group_inactive.name => 'read',
|
|
|
|
}
|
|
|
|
|
2018-12-13 09:10:32 +00:00
|
|
|
result = subject.group_ids_access('read')
|
2017-06-16 20:43:09 +00:00
|
|
|
expect(result).not_to include(group_inactive.id)
|
|
|
|
end
|
|
|
|
|
2021-06-23 11:35:27 +00:00
|
|
|
describe 'single access' do
|
2017-06-16 20:43:09 +00:00
|
|
|
|
|
|
|
it 'lists access Group IDs' do
|
2018-12-13 09:10:32 +00:00
|
|
|
result = subject.group_ids_access('read')
|
2017-06-16 20:43:09 +00:00
|
|
|
expect(result).to include(group_role.id)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't list for no access" do
|
2018-12-13 09:10:32 +00:00
|
|
|
result = subject.group_ids_access('change')
|
2017-06-16 20:43:09 +00:00
|
|
|
expect(result).not_to include(group_role.id)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't contain duplicate IDs" do
|
2018-12-13 09:10:32 +00:00
|
|
|
subject.group_names_access_map = {
|
2017-06-16 20:43:09 +00:00
|
|
|
group_role.name => 'read',
|
|
|
|
}
|
|
|
|
|
2018-12-13 09:10:32 +00:00
|
|
|
result = subject.group_ids_access('read')
|
2017-06-16 20:43:09 +00:00
|
|
|
expect(result.uniq).to eq(result)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-06-23 11:35:27 +00:00
|
|
|
describe 'access list' do
|
2017-06-16 20:43:09 +00:00
|
|
|
|
|
|
|
it 'lists access Group IDs' do
|
2018-12-13 09:10:32 +00:00
|
|
|
result = subject.group_ids_access(%w[read change])
|
2017-06-16 20:43:09 +00:00
|
|
|
expect(result).to include(group_role.id)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't list for no access" do
|
2018-12-13 09:10:32 +00:00
|
|
|
result = subject.group_ids_access(%w[change create])
|
2017-06-16 20:43:09 +00:00
|
|
|
expect(result).not_to include(group_role.id)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't contain duplicate IDs" do
|
2018-12-13 09:10:32 +00:00
|
|
|
subject.group_names_access_map = {
|
2017-06-16 20:43:09 +00:00
|
|
|
group_role.name => 'read',
|
|
|
|
}
|
|
|
|
|
2018-12-13 09:10:32 +00:00
|
|
|
result = subject.group_ids_access(%w[read create])
|
2017-06-16 20:43:09 +00:00
|
|
|
expect(result.uniq).to eq(result)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-02-18 19:51:31 +00:00
|
|
|
describe '.group_access_ids' do
|
2017-06-16 20:43:09 +00:00
|
|
|
|
|
|
|
it 'includes the result of .role_access_ids' do
|
|
|
|
result = described_class.group_access_ids(group_role, 'read')
|
2018-12-13 09:10:32 +00:00
|
|
|
expect(result).to include(subject.id)
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't contain duplicate IDs" do
|
2018-12-13 09:10:32 +00:00
|
|
|
subject.group_names_access_map = {
|
2017-06-16 20:43:09 +00:00
|
|
|
group_role.name => 'read',
|
|
|
|
}
|
|
|
|
|
|
|
|
result = described_class.group_access_ids(group_role, 'read')
|
|
|
|
expect(result.uniq).to eq(result)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
RSpec.shared_examples '#role_access? call' do
|
|
|
|
context 'single access' do
|
|
|
|
|
|
|
|
it 'checks positive' do
|
2018-12-13 09:10:32 +00:00
|
|
|
expect(subject.role_access?(group_parameter, 'read')).to be true
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'checks negative' do
|
2018-12-13 09:10:32 +00:00
|
|
|
expect(subject.role_access?(group_parameter, 'change')).to be false
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'access list' do
|
|
|
|
|
|
|
|
it 'checks positive' do
|
2018-12-13 09:10:32 +00:00
|
|
|
expect(subject.role_access?(group_parameter, %w[read change])).to be true
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'checks negative' do
|
2018-12-13 09:10:32 +00:00
|
|
|
expect(subject.role_access?(group_parameter, %w[change create])).to be false
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
RSpec.shared_examples '.role_access_ids call' do
|
|
|
|
context 'single access' do
|
|
|
|
|
|
|
|
it 'lists access IDs' do
|
2018-12-13 09:10:32 +00:00
|
|
|
expect(described_class.role_access_ids(group_parameter, 'read')).to include(subject.id)
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'excludes non access IDs' do
|
2018-12-13 09:10:32 +00:00
|
|
|
expect(described_class.role_access_ids(group_parameter, 'change')).not_to include(subject.id)
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'access list' do
|
|
|
|
|
|
|
|
it 'lists access IDs' do
|
2018-12-13 09:10:32 +00:00
|
|
|
expect(described_class.role_access_ids(group_parameter, %w[read change])).to include(subject.id)
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'excludes non access IDs' do
|
2018-12-13 09:10:32 +00:00
|
|
|
expect(described_class.role_access_ids(group_parameter, %w[change create])).not_to include(subject.id)
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|