diff options
Diffstat (limited to 'spec/policies')
-rw-r--r-- | spec/policies/account_policy_spec.rb | 40 | ||||
-rw-r--r-- | spec/policies/account_warning_preset_policy_spec.rb | 24 | ||||
-rw-r--r-- | spec/policies/admin/status_policy_spec.rb | 51 | ||||
-rw-r--r-- | spec/policies/announcement_policy_spec.rb | 24 | ||||
-rw-r--r-- | spec/policies/appeal_policy_spec.rb | 51 | ||||
-rw-r--r-- | spec/policies/canonical_email_block_policy_spec.rb | 24 | ||||
-rw-r--r-- | spec/policies/delivery_policy_spec.rb | 24 | ||||
-rw-r--r-- | spec/policies/email_domain_block_policy_spec.rb | 2 | ||||
-rw-r--r-- | spec/policies/follow_recommendation_policy_spec.rb | 24 | ||||
-rw-r--r-- | spec/policies/ip_block_policy_spec.rb | 24 | ||||
-rw-r--r-- | spec/policies/preview_card_policy_spec.rb | 24 | ||||
-rw-r--r-- | spec/policies/preview_card_provider_policy_spec.rb | 24 | ||||
-rw-r--r-- | spec/policies/rule_policy_spec.rb | 24 | ||||
-rw-r--r-- | spec/policies/settings_policy_spec.rb | 2 | ||||
-rw-r--r-- | spec/policies/status_policy_spec.rb | 12 | ||||
-rw-r--r-- | spec/policies/tag_policy_spec.rb | 2 | ||||
-rw-r--r-- | spec/policies/webhook_policy_spec.rb | 24 |
17 files changed, 395 insertions, 5 deletions
diff --git a/spec/policies/account_policy_spec.rb b/spec/policies/account_policy_spec.rb index 0f23fd97e..d96153233 100644 --- a/spec/policies/account_policy_spec.rb +++ b/spec/policies/account_policy_spec.rb @@ -116,4 +116,44 @@ RSpec.describe AccountPolicy do end end end + + permissions :review? do + context 'admin' do + it 'permits' do + expect(subject).to permit(admin) + end + end + + context 'not admin' do + it 'denies' do + expect(subject).to_not permit(john) + end + end + end + + permissions :destroy? do + context 'admin' do + context 'with a temporarily suspended account' do + before { allow(alice).to receive(:suspended_temporarily?).and_return(true) } + + it 'permits' do + expect(subject).to permit(admin, alice) + end + end + + context 'with a not temporarily suspended account' do + before { allow(alice).to receive(:suspended_temporarily?).and_return(false) } + + it 'denies' do + expect(subject).to_not permit(admin, alice) + end + end + end + + context 'not admin' do + it 'denies' do + expect(subject).to_not permit(john, alice) + end + end + end end diff --git a/spec/policies/account_warning_preset_policy_spec.rb b/spec/policies/account_warning_preset_policy_spec.rb new file mode 100644 index 000000000..63bf33de2 --- /dev/null +++ b/spec/policies/account_warning_preset_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +describe AccountWarningPresetPolicy do + let(:policy) { described_class } + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:john) { Fabricate(:account) } + + permissions :index?, :create?, :update?, :destroy? do + context 'with an admin' do + it 'permits' do + expect(policy).to permit(admin, Tag) + end + end + + context 'with a non-admin' do + it 'denies' do + expect(policy).to_not permit(john, Tag) + end + end + end +end diff --git a/spec/policies/admin/status_policy_spec.rb b/spec/policies/admin/status_policy_spec.rb new file mode 100644 index 000000000..9e81a4f5f --- /dev/null +++ b/spec/policies/admin/status_policy_spec.rb @@ -0,0 +1,51 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +describe Admin::StatusPolicy do + let(:policy) { described_class } + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:john) { Fabricate(:account) } + let(:status) { Fabricate(:status) } + + permissions :index?, :update?, :review?, :destroy? do + context 'with an admin' do + it 'permits' do + expect(policy).to permit(admin, Tag) + end + end + + context 'with a non-admin' do + it 'denies' do + expect(policy).to_not permit(john, Tag) + end + end + end + + permissions :show? do + context 'with an admin' do + context 'with a public visible status' do + before { allow(status).to receive(:public_visibility?).and_return(true) } + + it 'permits' do + expect(policy).to permit(admin, status) + end + end + + context 'with a not public visible status' do + before { allow(status).to receive(:public_visibility?).and_return(false) } + + it 'denies' do + expect(policy).to_not permit(admin, status) + end + end + end + + context 'with a non admin' do + it 'denies' do + expect(policy).to_not permit(john, status) + end + end + end +end diff --git a/spec/policies/announcement_policy_spec.rb b/spec/policies/announcement_policy_spec.rb new file mode 100644 index 000000000..3d230b3cb --- /dev/null +++ b/spec/policies/announcement_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +describe AnnouncementPolicy do + let(:policy) { described_class } + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:john) { Fabricate(:account) } + + permissions :index?, :create?, :update?, :destroy? do + context 'with an admin' do + it 'permits' do + expect(policy).to permit(admin, Tag) + end + end + + context 'with a non-admin' do + it 'denies' do + expect(policy).to_not permit(john, Tag) + end + end + end +end diff --git a/spec/policies/appeal_policy_spec.rb b/spec/policies/appeal_policy_spec.rb new file mode 100644 index 000000000..d7498eb9f --- /dev/null +++ b/spec/policies/appeal_policy_spec.rb @@ -0,0 +1,51 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +describe AppealPolicy do + let(:policy) { described_class } + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:john) { Fabricate(:account) } + let(:appeal) { Fabricate(:appeal) } + + permissions :index? do + context 'with an admin' do + it 'permits' do + expect(policy).to permit(admin, Tag) + end + end + + context 'with a non-admin' do + it 'denies' do + expect(policy).to_not permit(john, Tag) + end + end + end + + permissions :reject? do + context 'with an admin' do + context 'with a pending appeal' do + before { allow(appeal).to receive(:pending?).and_return(true) } + + it 'permits' do + expect(policy).to permit(admin, appeal) + end + end + + context 'with a not pending appeal' do + before { allow(appeal).to receive(:pending?).and_return(false) } + + it 'denies' do + expect(policy).to_not permit(admin, appeal) + end + end + end + + context 'with a non admin' do + it 'denies' do + expect(policy).to_not permit(john, appeal) + end + end + end +end diff --git a/spec/policies/canonical_email_block_policy_spec.rb b/spec/policies/canonical_email_block_policy_spec.rb new file mode 100644 index 000000000..0e55febfa --- /dev/null +++ b/spec/policies/canonical_email_block_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +describe CanonicalEmailBlockPolicy do + let(:policy) { described_class } + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:john) { Fabricate(:account) } + + permissions :index?, :show?, :test?, :create?, :destroy? do + context 'with an admin' do + it 'permits' do + expect(policy).to permit(admin, Tag) + end + end + + context 'with a non-admin' do + it 'denies' do + expect(policy).to_not permit(john, Tag) + end + end + end +end diff --git a/spec/policies/delivery_policy_spec.rb b/spec/policies/delivery_policy_spec.rb new file mode 100644 index 000000000..fbcbf390d --- /dev/null +++ b/spec/policies/delivery_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +describe DeliveryPolicy do + let(:policy) { described_class } + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:john) { Fabricate(:account) } + + permissions :clear_delivery_errors?, :restart_delivery?, :stop_delivery? do + context 'with an admin' do + it 'permits' do + expect(policy).to permit(admin, Tag) + end + end + + context 'with a non-admin' do + it 'denies' do + expect(policy).to_not permit(john, Tag) + end + end + end +end diff --git a/spec/policies/email_domain_block_policy_spec.rb b/spec/policies/email_domain_block_policy_spec.rb index 913075c3d..e7c455907 100644 --- a/spec/policies/email_domain_block_policy_spec.rb +++ b/spec/policies/email_domain_block_policy_spec.rb @@ -8,7 +8,7 @@ RSpec.describe EmailDomainBlockPolicy do let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } let(:john) { Fabricate(:account) } - permissions :index?, :create?, :destroy? do + permissions :index?, :show?, :create?, :destroy? do context 'admin' do it 'permits' do expect(subject).to permit(admin, EmailDomainBlock) diff --git a/spec/policies/follow_recommendation_policy_spec.rb b/spec/policies/follow_recommendation_policy_spec.rb new file mode 100644 index 000000000..01f4da0be --- /dev/null +++ b/spec/policies/follow_recommendation_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +describe FollowRecommendationPolicy do + let(:policy) { described_class } + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:john) { Fabricate(:account) } + + permissions :show?, :suppress?, :unsuppress? do + context 'with an admin' do + it 'permits' do + expect(policy).to permit(admin, Tag) + end + end + + context 'with a non-admin' do + it 'denies' do + expect(policy).to_not permit(john, Tag) + end + end + end +end diff --git a/spec/policies/ip_block_policy_spec.rb b/spec/policies/ip_block_policy_spec.rb new file mode 100644 index 000000000..3cfa85863 --- /dev/null +++ b/spec/policies/ip_block_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +describe IpBlockPolicy do + let(:policy) { described_class } + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:john) { Fabricate(:account) } + + permissions :index?, :show?, :create?, :update?, :destroy? do + context 'with an admin' do + it 'permits' do + expect(policy).to permit(admin, Tag) + end + end + + context 'with a non-admin' do + it 'denies' do + expect(policy).to_not permit(john, Tag) + end + end + end +end diff --git a/spec/policies/preview_card_policy_spec.rb b/spec/policies/preview_card_policy_spec.rb new file mode 100644 index 000000000..d6675c5b3 --- /dev/null +++ b/spec/policies/preview_card_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +describe PreviewCardPolicy do + let(:policy) { described_class } + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:john) { Fabricate(:account) } + + permissions :index?, :review? do + context 'with an admin' do + it 'permits' do + expect(policy).to permit(admin, Tag) + end + end + + context 'with a non-admin' do + it 'denies' do + expect(policy).to_not permit(john, Tag) + end + end + end +end diff --git a/spec/policies/preview_card_provider_policy_spec.rb b/spec/policies/preview_card_provider_policy_spec.rb new file mode 100644 index 000000000..8d3715de9 --- /dev/null +++ b/spec/policies/preview_card_provider_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +describe PreviewCardProviderPolicy do + let(:policy) { described_class } + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:john) { Fabricate(:account) } + + permissions :index?, :review? do + context 'with an admin' do + it 'permits' do + expect(policy).to permit(admin, Tag) + end + end + + context 'with a non-admin' do + it 'denies' do + expect(policy).to_not permit(john, Tag) + end + end + end +end diff --git a/spec/policies/rule_policy_spec.rb b/spec/policies/rule_policy_spec.rb new file mode 100644 index 000000000..0e45f6df0 --- /dev/null +++ b/spec/policies/rule_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +describe RulePolicy do + let(:policy) { described_class } + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:john) { Fabricate(:account) } + + permissions :index?, :create?, :update?, :destroy? do + context 'with an admin' do + it 'permits' do + expect(policy).to permit(admin, Tag) + end + end + + context 'with a non-admin' do + it 'denies' do + expect(policy).to_not permit(john, Tag) + end + end + end +end diff --git a/spec/policies/settings_policy_spec.rb b/spec/policies/settings_policy_spec.rb index e16ee51a4..3268c1622 100644 --- a/spec/policies/settings_policy_spec.rb +++ b/spec/policies/settings_policy_spec.rb @@ -8,7 +8,7 @@ RSpec.describe SettingsPolicy do let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } let(:john) { Fabricate(:account) } - permissions :update?, :show? do + permissions :update?, :show?, :destroy? do context 'admin?' do it 'permits' do expect(subject).to permit(admin, Settings) diff --git a/spec/policies/status_policy_spec.rb b/spec/policies/status_policy_spec.rb index 2afcfe96e..38b9c4fdb 100644 --- a/spec/policies/status_policy_spec.rb +++ b/spec/policies/status_policy_spec.rb @@ -39,6 +39,14 @@ RSpec.describe StatusPolicy, type: :model do expect(subject).to permit(alice, status) end + it 'grants access when direct and non-owner viewer is mentioned and mentions are loaded' do + status.visibility = :direct + status.mentions = [Fabricate(:mention, account: bob)] + status.mentions.load + + expect(subject).to permit(bob, status) + end + it 'denies access when direct and viewer is not mentioned' do viewer = Fabricate(:account) status.visibility = :direct @@ -75,14 +83,14 @@ RSpec.describe StatusPolicy, type: :model do end it 'denies access when local-only and the viewer is not logged in' do - allow(status).to receive(:local_only?) { true } + allow(status).to receive(:local_only?).and_return(true) expect(subject).to_not permit(nil, status) end it 'denies access when local-only and the viewer is from another domain' do viewer = Fabricate(:account, domain: 'remote-domain') - allow(status).to receive(:local_only?) { true } + allow(status).to receive(:local_only?).and_return(true) expect(subject).to_not permit(viewer, status) end end diff --git a/spec/policies/tag_policy_spec.rb b/spec/policies/tag_policy_spec.rb index 9be7140fc..fb09fdd3b 100644 --- a/spec/policies/tag_policy_spec.rb +++ b/spec/policies/tag_policy_spec.rb @@ -8,7 +8,7 @@ RSpec.describe TagPolicy do let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } let(:john) { Fabricate(:account) } - permissions :index?, :show?, :update? do + permissions :index?, :show?, :update?, :review? do context 'staff?' do it 'permits' do expect(subject).to permit(admin, Tag) diff --git a/spec/policies/webhook_policy_spec.rb b/spec/policies/webhook_policy_spec.rb new file mode 100644 index 000000000..1eac8932d --- /dev/null +++ b/spec/policies/webhook_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'pundit/rspec' + +describe WebhookPolicy do + let(:policy) { described_class } + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:john) { Fabricate(:account) } + + permissions :index?, :create?, :show?, :update?, :enable?, :disable?, :rotate_secret?, :destroy? do + context 'with an admin' do + it 'permits' do + expect(policy).to permit(admin, Tag) + end + end + + context 'with a non-admin' do + it 'denies' do + expect(policy).to_not permit(john, Tag) + end + end + end +end |