closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7259 Commits
4 Branches
567 MiB
Tree: c9e5ce4eba
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c9e5ce4eba'
${ noResults }
mastodon/spec/policies/user_policy_spec.rb

167 lines
3.5 KiB
Raw Normal View History

Add specs for UserPolicy (#9593)
5 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. require 'rails_helper'
  4. require 'pundit/rspec'
  5. 

  6. RSpec.describe UserPolicy do
  7.   let(:subject) { described_class }
  8.   let(:admin)   { Fabricate(:user, admin: true).account }
  9.   let(:john)    { Fabricate(:user).account }
  10. 

  11.   permissions :reset_password?, :change_email? do
  12.     context 'staff?' do
  13.       context '!record.staff?' do
  14.         it 'permits' do
  15.           expect(subject).to permit(admin, john.user)
  16.         end
  17.       end
  18. 

  19.       context 'record.staff?' do
  20.         it 'denies' do
  21.           expect(subject).to_not permit(admin, admin.user)
  22.         end
  23.       end
  24.     end
  25. 

  26.     context '!staff?' do
  27.       it 'denies' do
  28.         expect(subject).to_not permit(john, User)
  29.       end
  30.     end
  31.   end
  32. 

  33.   permissions :disable_2fa? do
  34.     context 'admin?' do
  35.       context '!record.staff?' do
  36.         it 'permits' do
  37.           expect(subject).to permit(admin, john.user)
  38.         end
  39.       end
  40. 

  41.       context 'record.staff?' do
  42.         it 'denies' do
  43.           expect(subject).to_not permit(admin, admin.user)
  44.         end
  45.       end
  46.     end
  47. 

  48.     context '!admin?' do
  49.       it 'denies' do
  50.         expect(subject).to_not permit(john, User)
  51.       end
  52.     end
  53.   end
  54. 

  55.   permissions :confirm? do
  56.     context 'staff?' do
  57.       context '!record.confirmed?' do
  58.         it 'permits' do
  59.           john.user.update(confirmed_at: nil)
  60.           expect(subject).to permit(admin, john.user)
  61.         end
  62.       end
  63. 

  64.       context 'record.confirmed?' do
  65.         it 'denies' do
  66.           john.user.confirm!
  67.           expect(subject).to_not permit(admin, john.user)
  68.         end
  69.       end
  70.     end
  71. 

  72.     context '!staff?' do
  73.       it 'denies' do
  74.         expect(subject).to_not permit(john, User)
  75.       end
  76.     end
  77.   end
  78. 

  79.   permissions :enable? do
  80.     context 'staff?' do
  81.       it 'permits' do
  82.         expect(subject).to permit(admin, User)
  83.       end
  84.     end
  85. 

  86.     context '!staff?' do
  87.       it 'denies' do
  88.         expect(subject).to_not permit(john, User)
  89.       end
  90.     end
  91.   end
  92. 

  93.   permissions :disable? do
  94.     context 'staff?' do
  95.       context '!record.admin?' do
  96.         it 'permits' do
  97.           expect(subject).to permit(admin, john.user)
  98.         end
  99.       end
  100. 

  101.       context 'record.admin?' do
  102.         it 'denies' do
  103.           expect(subject).to_not permit(admin, admin.user)
  104.         end
  105.       end
  106.     end
  107. 

  108.     context '!staff?' do
  109.       it 'denies' do
  110.         expect(subject).to_not permit(john, User)
  111.       end
  112.     end
  113.   end
  114. 

  115.   permissions :promote? do
  116.     context 'admin?' do
  117.       context 'promoteable?' do
  118.         it 'permits' do
  119.           expect(subject).to permit(admin, john.user)
  120.         end
  121.       end
  122. 

  123.       context '!promoteable?' do
  124.         it 'denies' do
  125.           expect(subject).to_not permit(admin, admin.user)
  126.         end
  127.       end
  128.     end
  129. 

  130.     context '!admin?' do
  131.       it 'denies' do
  132.         expect(subject).to_not permit(john, User)
  133.       end
  134.     end
  135.   end
  136. 

  137.   permissions :demote? do
  138.     context 'admin?' do
  139.       context '!record.admin?' do
  140.         context 'demoteable?' do
  141.           it 'permits' do
  142.             john.user.update(moderator: true)
  143.             expect(subject).to permit(admin, john.user)
  144.           end
  145.         end
  146. 

  147.         context '!demoteable?' do
  148.           it 'denies' do
  149.             expect(subject).to_not permit(admin, john.user)
  150.           end
  151.         end
  152.       end
  153. 

  154.       context 'record.admin?' do
  155.         it 'denies' do
  156.           expect(subject).to_not permit(admin, admin.user)
  157.         end
  158.       end
  159.     end
  160. 

  161.     context '!admin?' do
  162.       it 'denies' do
  163.         expect(subject).to_not permit(john, User)
  164.       end
  165.     end
  166.   end
  167. end