diff options
-rw-r--r-- | spec/policies/user_policy_spec.rb | 167 |
1 files changed, 167 insertions, 0 deletions
diff --git a/spec/policies/user_policy_spec.rb b/spec/policies/user_policy_spec.rb new file mode 100644 index 000000000..e37904f04 --- /dev/null +++ b/spec/policies/user_policy_spec.rb @@ -0,0 +1,167 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe UserPolicy do + let(:subject) { described_class } + let(:admin) { Fabricate(:user, admin: true).account } + let(:john) { Fabricate(:user).account } + + permissions :reset_password?, :change_email? do + context 'staff?' do + context '!record.staff?' do + it 'permits' do + expect(subject).to permit(admin, john.user) + end + end + + context 'record.staff?' do + it 'denies' do + expect(subject).to_not permit(admin, admin.user) + end + end + end + + context '!staff?' do + it 'denies' do + expect(subject).to_not permit(john, User) + end + end + end + + permissions :disable_2fa? do + context 'admin?' do + context '!record.staff?' do + it 'permits' do + expect(subject).to permit(admin, john.user) + end + end + + context 'record.staff?' do + it 'denies' do + expect(subject).to_not permit(admin, admin.user) + end + end + end + + context '!admin?' do + it 'denies' do + expect(subject).to_not permit(john, User) + end + end + end + + permissions :confirm? do + context 'staff?' do + context '!record.confirmed?' do + it 'permits' do + john.user.update(confirmed_at: nil) + expect(subject).to permit(admin, john.user) + end + end + + context 'record.confirmed?' do + it 'denies' do + john.user.confirm! + expect(subject).to_not permit(admin, john.user) + end + end + end + + context '!staff?' do + it 'denies' do + expect(subject).to_not permit(john, User) + end + end + end + + permissions :enable? do + context 'staff?' do + it 'permits' do + expect(subject).to permit(admin, User) + end + end + + context '!staff?' do + it 'denies' do + expect(subject).to_not permit(john, User) + end + end + end + + permissions :disable? do + context 'staff?' do + context '!record.admin?' do + it 'permits' do + expect(subject).to permit(admin, john.user) + end + end + + context 'record.admin?' do + it 'denies' do + expect(subject).to_not permit(admin, admin.user) + end + end + end + + context '!staff?' do + it 'denies' do + expect(subject).to_not permit(john, User) + end + end + end + + permissions :promote? do + context 'admin?' do + context 'promoteable?' do + it 'permits' do + expect(subject).to permit(admin, john.user) + end + end + + context '!promoteable?' do + it 'denies' do + expect(subject).to_not permit(admin, admin.user) + end + end + end + + context '!admin?' do + it 'denies' do + expect(subject).to_not permit(john, User) + end + end + end + + permissions :demote? do + context 'admin?' do + context '!record.admin?' do + context 'demoteable?' do + it 'permits' do + john.user.update(moderator: true) + expect(subject).to permit(admin, john.user) + end + end + + context '!demoteable?' do + it 'denies' do + expect(subject).to_not permit(admin, john.user) + end + end + end + + context 'record.admin?' do + it 'denies' do + expect(subject).to_not permit(admin, admin.user) + end + end + end + + context '!admin?' do + it 'denies' do + expect(subject).to_not permit(john, User) + end + end + end +end |