diff options
| author | Thibaut Girka <thib@sitedethib.com> | 2018-12-23 11:28:28 +0100 |
|---|---|---|
| committer | Thibaut Girka <thib@sitedethib.com> | 2018-12-23 11:28:28 +0100 |
| commit | 3e686beaea1931c76c778d8ca6b03c41caaf69db (patch) | |
| tree | f659a52ba0245daf2c7776e63c3a5012f906552a /spec/policies | |
| parent | 1a3088364fe602bb48647d78dda440b174424e17 (diff) | |
| parent | e25947db4a44cd50fa1daa36d5031a950327b646 (diff) | |
Merge branch 'master' into glitch-soc/merge-upstream
Conflicts: - config/routes.rb Upstream changed some admin routes, conflict was because of an added :show action for statuses on our side. Kept it.
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/backup_policy_spec.rb | 45 | ||||
| -rw-r--r-- | spec/policies/custom_emoji_policy_spec.rb | 38 | ||||
| -rw-r--r-- | spec/policies/domain_block_policy_spec.rb | 24 | ||||
| -rw-r--r-- | spec/policies/email_domain_block_policy_spec.rb | 24 | ||||
| -rw-r--r-- | spec/policies/instance_policy_spec.rb | 24 | ||||
| -rw-r--r-- | spec/policies/invite_policy_spec.rb | 94 | ||||
| -rw-r--r-- | spec/policies/relay_policy_spec.rb | 24 | ||||
| -rw-r--r-- | spec/policies/report_note_policy_spec.rb | 48 | ||||
| -rw-r--r-- | spec/policies/report_policy_spec.rb | 24 | ||||
| -rw-r--r-- | spec/policies/settings_policy_spec.rb | 24 | ||||
| -rw-r--r-- | spec/policies/subscription_policy_spec.rb | 24 | ||||
| -rw-r--r-- | spec/policies/tag_policy_spec.rb | 24 | ||||
| -rw-r--r-- | spec/policies/user_policy_spec.rb | 167 |
13 files changed, 584 insertions, 0 deletions
diff --git a/spec/policies/backup_policy_spec.rb b/spec/policies/backup_policy_spec.rb new file mode 100644 index 000000000..80407e12f --- /dev/null +++ b/spec/policies/backup_policy_spec.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe BackupPolicy do + let(:subject) { described_class } + let(:john) { Fabricate(:user).account } + + permissions :create? do + context 'not user_signed_in?' do + it 'denies' do + expect(subject).to_not permit(nil, Backup) + end + end + + context 'user_signed_in?' do + context 'no backups' do + it 'permits' do + expect(subject).to permit(john, Backup) + end + end + + context 'backups are too old' do + it 'permits' do + travel(-8.days) do + Fabricate(:backup, user: john.user) + end + + expect(subject).to permit(john, Backup) + end + end + + context 'backups are newer' do + it 'denies' do + travel(-3.days) do + Fabricate(:backup, user: john.user) + end + + expect(subject).to_not permit(john, Backup) + end + end + end + end +end diff --git a/spec/policies/custom_emoji_policy_spec.rb b/spec/policies/custom_emoji_policy_spec.rb new file mode 100644 index 000000000..8def88212 --- /dev/null +++ b/spec/policies/custom_emoji_policy_spec.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe CustomEmojiPolicy do + let(:subject) { described_class } + let(:admin) { Fabricate(:user, admin: true).account } + let(:john) { Fabricate(:user).account } + + permissions :index?, :enable?, :disable? do + context 'staff' do + it 'permits' do + expect(subject).to permit(admin, CustomEmoji) + end + end + + context 'not staff' do + it 'denies' do + expect(subject).to_not permit(john, CustomEmoji) + end + end + end + + permissions :create?, :update?, :copy?, :destroy? do + context 'admin' do + it 'permits' do + expect(subject).to permit(admin, CustomEmoji) + end + end + + context 'not admin' do + it 'denies' do + expect(subject).to_not permit(john, CustomEmoji) + end + end + end +end diff --git a/spec/policies/domain_block_policy_spec.rb b/spec/policies/domain_block_policy_spec.rb new file mode 100644 index 000000000..aea50ec0f --- /dev/null +++ b/spec/policies/domain_block_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe DomainBlockPolicy do + let(:subject) { described_class } + let(:admin) { Fabricate(:user, admin: true).account } + let(:john) { Fabricate(:user).account } + + permissions :index?, :show?, :create?, :destroy? do + context 'admin' do + it 'permits' do + expect(subject).to permit(admin, DomainBlock) + end + end + + context 'not admin' do + it 'denies' do + expect(subject).to_not permit(john, DomainBlock) + end + end + end +end diff --git a/spec/policies/email_domain_block_policy_spec.rb b/spec/policies/email_domain_block_policy_spec.rb new file mode 100644 index 000000000..a3e825e07 --- /dev/null +++ b/spec/policies/email_domain_block_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe EmailDomainBlockPolicy do + let(:subject) { described_class } + let(:admin) { Fabricate(:user, admin: true).account } + let(:john) { Fabricate(:user).account } + + permissions :index?, :create?, :destroy? do + context 'admin' do + it 'permits' do + expect(subject).to permit(admin, EmailDomainBlock) + end + end + + context 'not admin' do + it 'denies' do + expect(subject).to_not permit(john, EmailDomainBlock) + end + end + end +end diff --git a/spec/policies/instance_policy_spec.rb b/spec/policies/instance_policy_spec.rb new file mode 100644 index 000000000..fbfddd72f --- /dev/null +++ b/spec/policies/instance_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe InstancePolicy do + let(:subject) { described_class } + let(:admin) { Fabricate(:user, admin: true).account } + let(:john) { Fabricate(:user).account } + + permissions :index?, :resubscribe? do + context 'admin' do + it 'permits' do + expect(subject).to permit(admin, Instance) + end + end + + context 'not admin' do + it 'denies' do + expect(subject).to_not permit(john, Instance) + end + end + end +end diff --git a/spec/policies/invite_policy_spec.rb b/spec/policies/invite_policy_spec.rb new file mode 100644 index 000000000..e391455be --- /dev/null +++ b/spec/policies/invite_policy_spec.rb @@ -0,0 +1,94 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe InvitePolicy do + let(:subject) { described_class } + let(:admin) { Fabricate(:user, admin: true).account } + let(:john) { Fabricate(:user).account } + + permissions :index? do + context 'staff?' do + it 'permits' do + expect(subject).to permit(admin, Invite) + end + end + end + + permissions :create? do + context 'min_required_role?' do + it 'permits' do + allow_any_instance_of(described_class).to receive(:min_required_role?) { true } + expect(subject).to permit(john, Invite) + end + end + + context 'not min_required_role?' do + it 'denies' do + allow_any_instance_of(described_class).to receive(:min_required_role?) { false } + expect(subject).to_not permit(john, Invite) + end + end + end + + permissions :deactivate_all? do + context 'admin?' do + it 'permits' do + expect(subject).to permit(admin, Invite) + end + end + + context 'not admin?' do + it 'denies' do + expect(subject).to_not permit(john, Invite) + end + end + end + + permissions :destroy? do + context 'owner?' do + it 'permits' do + expect(subject).to permit(john, Fabricate(:invite, user: john.user)) + end + end + + context 'not owner?' do + context 'Setting.min_invite_role == "admin"' do + before do + Setting.min_invite_role = 'admin' + end + + context 'admin?' do + it 'permits' do + expect(subject).to permit(admin, Fabricate(:invite)) + end + end + + context 'not admin?' do + it 'denies' do + expect(subject).to_not permit(john, Fabricate(:invite)) + end + end + end + + context 'Setting.min_invite_role != "admin"' do + before do + Setting.min_invite_role = 'else' + end + + context 'staff?' do + it 'permits' do + expect(subject).to permit(admin, Fabricate(:invite)) + end + end + + context 'not staff?' do + it 'denies' do + expect(subject).to_not permit(john, Fabricate(:invite)) + end + end + end + end + end +end diff --git a/spec/policies/relay_policy_spec.rb b/spec/policies/relay_policy_spec.rb new file mode 100644 index 000000000..640f27d54 --- /dev/null +++ b/spec/policies/relay_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe RelayPolicy do + let(:subject) { described_class } + let(:admin) { Fabricate(:user, admin: true).account } + let(:john) { Fabricate(:user).account } + + permissions :update? do + context 'admin?' do + it 'permits' do + expect(subject).to permit(admin, Relay) + end + end + + context '!admin?' do + it 'denies' do + expect(subject).to_not permit(john, Relay) + end + end + end +end diff --git a/spec/policies/report_note_policy_spec.rb b/spec/policies/report_note_policy_spec.rb new file mode 100644 index 000000000..596d7d7a9 --- /dev/null +++ b/spec/policies/report_note_policy_spec.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe ReportNotePolicy do + let(:subject) { described_class } + let(:admin) { Fabricate(:user, admin: true).account } + let(:john) { Fabricate(:user).account } + + permissions :create? do + context 'staff?' do + it 'permits' do + expect(subject).to permit(admin, ReportNote) + end + end + + context '!staff?' do + it 'denies' do + expect(subject).to_not permit(john, ReportNote) + end + end + end + + permissions :destroy? do + context 'admin?' do + it 'permit' do + expect(subject).to permit(admin, ReportNote) + end + end + + context 'admin?' do + context 'owner?' do + it 'permit' do + report_note = Fabricate(:report_note, account: john) + expect(subject).to permit(john, report_note) + end + end + + context '!owner?' do + it 'denies' do + report_note = Fabricate(:report_note) + expect(subject).to_not permit(john, report_note) + end + end + end + end +end diff --git a/spec/policies/report_policy_spec.rb b/spec/policies/report_policy_spec.rb new file mode 100644 index 000000000..c9ae1e87a --- /dev/null +++ b/spec/policies/report_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe ReportPolicy do + let(:subject) { described_class } + let(:admin) { Fabricate(:user, admin: true).account } + let(:john) { Fabricate(:user).account } + + permissions :update?, :index?, :show? do + context 'staff?' do + it 'permits' do + expect(subject).to permit(admin, Report) + end + end + + context '!staff?' do + it 'denies' do + expect(subject).to_not permit(john, Report) + end + end + end +end diff --git a/spec/policies/settings_policy_spec.rb b/spec/policies/settings_policy_spec.rb new file mode 100644 index 000000000..92f1f4869 --- /dev/null +++ b/spec/policies/settings_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe SettingsPolicy do + let(:subject) { described_class } + let(:admin) { Fabricate(:user, admin: true).account } + let(:john) { Fabricate(:user).account } + + permissions :update?, :show? do + context 'admin?' do + it 'permits' do + expect(subject).to permit(admin, Settings) + end + end + + context '!admin?' do + it 'denies' do + expect(subject).to_not permit(john, Settings) + end + end + end +end diff --git a/spec/policies/subscription_policy_spec.rb b/spec/policies/subscription_policy_spec.rb new file mode 100644 index 000000000..21d60c15f --- /dev/null +++ b/spec/policies/subscription_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe SubscriptionPolicy do + let(:subject) { described_class } + let(:admin) { Fabricate(:user, admin: true).account } + let(:john) { Fabricate(:user).account } + + permissions :index? do + context 'admin?' do + it 'permits' do + expect(subject).to permit(admin, Subscription) + end + end + + context '!admin?' do + it 'denies' do + expect(subject).to_not permit(john, Subscription) + end + end + end +end diff --git a/spec/policies/tag_policy_spec.rb b/spec/policies/tag_policy_spec.rb new file mode 100644 index 000000000..c7afaa7c9 --- /dev/null +++ b/spec/policies/tag_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe TagPolicy do + let(:subject) { described_class } + let(:admin) { Fabricate(:user, admin: true).account } + let(:john) { Fabricate(:user).account } + + permissions :index?, :hide?, :unhide? do + context 'staff?' do + it 'permits' do + expect(subject).to permit(admin, Tag) + end + end + + context '!staff?' do + it 'denies' do + expect(subject).to_not permit(john, Tag) + end + end + end +end diff --git a/spec/policies/user_policy_spec.rb b/spec/policies/user_policy_spec.rb new file mode 100644 index 000000000..e37904f04 --- /dev/null +++ b/spec/policies/user_policy_spec.rb @@ -0,0 +1,167 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe UserPolicy do + let(:subject) { described_class } + let(:admin) { Fabricate(:user, admin: true).account } + let(:john) { Fabricate(:user).account } + + permissions :reset_password?, :change_email? do + context 'staff?' do + context '!record.staff?' do + it 'permits' do + expect(subject).to permit(admin, john.user) + end + end + + context 'record.staff?' do + it 'denies' do + expect(subject).to_not permit(admin, admin.user) + end + end + end + + context '!staff?' do + it 'denies' do + expect(subject).to_not permit(john, User) + end + end + end + + permissions :disable_2fa? do + context 'admin?' do + context '!record.staff?' do + it 'permits' do + expect(subject).to permit(admin, john.user) + end + end + + context 'record.staff?' do + it 'denies' do + expect(subject).to_not permit(admin, admin.user) + end + end + end + + context '!admin?' do + it 'denies' do + expect(subject).to_not permit(john, User) + end + end + end + + permissions :confirm? do + context 'staff?' do + context '!record.confirmed?' do + it 'permits' do + john.user.update(confirmed_at: nil) + expect(subject).to permit(admin, john.user) + end + end + + context 'record.confirmed?' do + it 'denies' do + john.user.confirm! + expect(subject).to_not permit(admin, john.user) + end + end + end + + context '!staff?' do + it 'denies' do + expect(subject).to_not permit(john, User) + end + end + end + + permissions :enable? do + context 'staff?' do + it 'permits' do + expect(subject).to permit(admin, User) + end + end + + context '!staff?' do + it 'denies' do + expect(subject).to_not permit(john, User) + end + end + end + + permissions :disable? do + context 'staff?' do + context '!record.admin?' do + it 'permits' do + expect(subject).to permit(admin, john.user) + end + end + + context 'record.admin?' do + it 'denies' do + expect(subject).to_not permit(admin, admin.user) + end + end + end + + context '!staff?' do + it 'denies' do + expect(subject).to_not permit(john, User) + end + end + end + + permissions :promote? do + context 'admin?' do + context 'promoteable?' do + it 'permits' do + expect(subject).to permit(admin, john.user) + end + end + + context '!promoteable?' do + it 'denies' do + expect(subject).to_not permit(admin, admin.user) + end + end + end + + context '!admin?' do + it 'denies' do + expect(subject).to_not permit(john, User) + end + end + end + + permissions :demote? do + context 'admin?' do + context '!record.admin?' do + context 'demoteable?' do + it 'permits' do + john.user.update(moderator: true) + expect(subject).to permit(admin, john.user) + end + end + + context '!demoteable?' do + it 'denies' do + expect(subject).to_not permit(admin, john.user) + end + end + end + + context 'record.admin?' do + it 'denies' do + expect(subject).to_not permit(admin, admin.user) + end + end + end + + context '!admin?' do + it 'denies' do + expect(subject).to_not permit(john, User) + end + end + end +end |