diff options
| author | Thibaut Girka <thib@sitedethib.com> | 2018-12-19 12:58:49 +0100 |
|---|---|---|
| committer | Thibaut Girka <thib@sitedethib.com> | 2018-12-19 12:58:49 +0100 |
| commit | add74816a5fd7c46391413a61f06e01f173ea295 (patch) | |
| tree | a1f23bd6e496495ea69c1b831359f7770b7e9354 /spec/policies | |
| parent | 655da1be2029cecedcaf86479938d7805e72107d (diff) | |
| parent | af56efdec56230eddab711edd33a7e33694f2b34 (diff) | |
Merge branch 'master' into glitch-soc/merge-upstream
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/account_moderation_note_policy_spec.rb | 52 | ||||
| -rw-r--r-- | spec/policies/account_policy_spec.rb | 86 | ||||
| -rw-r--r-- | spec/policies/status_policy_spec.rb | 28 |
3 files changed, 166 insertions, 0 deletions
diff --git a/spec/policies/account_moderation_note_policy_spec.rb b/spec/policies/account_moderation_note_policy_spec.rb new file mode 100644 index 000000000..bb7af94e4 --- /dev/null +++ b/spec/policies/account_moderation_note_policy_spec.rb @@ -0,0 +1,52 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe AccountModerationNotePolicy do + let(:subject) { described_class } + let(:admin) { Fabricate(:user, admin: true).account } + let(:john) { Fabricate(:user).account } + + permissions :create? do + context 'staff' do + it 'grants to create' do + expect(subject).to permit(admin, AccountModerationNotePolicy) + end + end + + context 'not staff' do + it 'denies to create' do + expect(subject).to_not permit(john, AccountModerationNotePolicy) + end + end + end + + permissions :destroy? do + let(:account_moderation_note) do + Fabricate(:account_moderation_note, + account: john, + target_account: Fabricate(:account)) + end + + context 'admin' do + it 'grants to destroy' do + expect(subject).to permit(admin, AccountModerationNotePolicy) + end + end + + context 'owner' do + it 'grants to destroy' do + expect(subject).to permit(john, account_moderation_note) + end + end + + context 'neither admin nor owner' do + let(:kevin) { Fabricate(:user).account } + + it 'denies to destroy' do + expect(subject).to_not permit(kevin, account_moderation_note) + end + end + end +end diff --git a/spec/policies/account_policy_spec.rb b/spec/policies/account_policy_spec.rb new file mode 100644 index 000000000..6648b0888 --- /dev/null +++ b/spec/policies/account_policy_spec.rb @@ -0,0 +1,86 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe AccountPolicy do + let(:subject) { described_class } + let(:admin) { Fabricate(:user, admin: true).account } + let(:john) { Fabricate(:user).account } + + permissions :index?, :show?, :unsuspend?, :unsilence?, :remove_avatar?, :remove_header? do + context 'staff' do + it 'permits' do + expect(subject).to permit(admin) + end + end + + context 'not staff' do + it 'denies' do + expect(subject).to_not permit(john) + end + end + end + + permissions :redownload?, :subscribe?, :unsubscribe? do + context 'admin' do + it 'permits' do + expect(subject).to permit(admin) + end + end + + context 'not admin' do + it 'denies' do + expect(subject).to_not permit(john) + end + end + end + + permissions :suspend?, :silence? do + let(:staff) { Fabricate(:user, admin: true).account } + + context 'staff' do + context 'record is staff' do + it 'denies' do + expect(subject).to_not permit(admin, staff) + end + end + + context 'record is not staff' do + it 'permits' do + expect(subject).to permit(admin, john) + end + end + end + + context 'not staff' do + it 'denies' do + expect(subject).to_not permit(john, Account) + end + end + end + + permissions :memorialize? do + let(:other_admin) { Fabricate(:user, admin: true).account } + + context 'admin' do + context 'record is admin' do + it 'denies' do + expect(subject).to_not permit(admin, other_admin) + end + end + + context 'record is not admin' do + it 'permits' do + expect(subject).to permit(admin, john) + end + end + end + + context 'not admin' do + it 'denies' do + expect(subject).to_not permit(john, Account) + end + end + end +end diff --git a/spec/policies/status_policy_spec.rb b/spec/policies/status_policy_spec.rb index 837fa9cee..8bce29cad 100644 --- a/spec/policies/status_policy_spec.rb +++ b/spec/policies/status_policy_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'rails_helper' require 'pundit/rspec' @@ -118,4 +120,30 @@ RSpec.describe StatusPolicy, type: :model do expect(subject).to_not permit(nil, status) end end + + permissions :favourite? do + it 'grants access when viewer is not blocked' do + follow = Fabricate(:follow) + status.account = follow.target_account + + expect(subject).to permit(follow.account, status) + end + + it 'denies when viewer is blocked' do + block = Fabricate(:block) + status.account = block.target_account + + expect(subject).to_not permit(block.account, status) + end + end + + permissions :index?, :update? do + it 'grants access if staff' do + expect(subject).to permit(admin.account) + end + + it 'denies access unless staff' do + expect(subject).to_not permit(alice) + end + end end |