diff options
| author | David Yip <yipdw@member.fsf.org> | 2018-04-04 13:55:42 -0500 |
|---|---|---|
| committer | David Yip <yipdw@member.fsf.org> | 2018-04-04 13:55:42 -0500 |
| commit | bda1782cd864ed3aabb5a4d87359a1cb7595f4a6 (patch) | |
| tree | 4ecb8623959b616fec9ab2a9c855048fb8c2da49 /spec/controllers/application_controller_spec.rb | |
| parent | 77b650b69c8146a2acf4e7d270343f89c9838690 (diff) | |
| parent | 6611100480c86c07972c1223e7231c136966e11d (diff) | |
Merge remote-tracking branch 'personal/merge/tootsuite/master' into gs-master
Diffstat (limited to 'spec/controllers/application_controller_spec.rb')
| -rw-r--r-- | spec/controllers/application_controller_spec.rb | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index 51c0e3c70..3e4d27e05 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -181,10 +181,48 @@ describe ApplicationController, type: :controller do routes.draw { get 'sucesss' => 'anonymous#sucesss' } end - it 'redirects to root path if current user is not admin' do + it 'returns a 403 if current user is not admin' do sign_in(Fabricate(:user, admin: false)) get 'sucesss' - expect(response).to redirect_to('/') + expect(response).to have_http_status(403) + end + + it 'returns a 403 if current user is only a moderator' do + sign_in(Fabricate(:user, moderator: true)) + get 'sucesss' + expect(response).to have_http_status(403) + end + + it 'does nothing if current user is admin' do + sign_in(Fabricate(:user, admin: true)) + get 'sucesss' + expect(response).to have_http_status(200) + end + end + + describe 'require_staff!' do + controller do + before_action :require_staff! + + def sucesss + head 200 + end + end + + before do + routes.draw { get 'sucesss' => 'anonymous#sucesss' } + end + + it 'returns a 403 if current user is not admin or moderator' do + sign_in(Fabricate(:user, admin: false, moderator: false)) + get 'sucesss' + expect(response).to have_http_status(403) + end + + it 'does nothing if current user is moderator' do + sign_in(Fabricate(:user, moderator: true)) + get 'sucesss' + expect(response).to have_http_status(200) end it 'does nothing if current user is admin' do |