spec/models/ability_spec.rb

65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornbergerrequire 'spec_helper'
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornbergerrequire 'cancan/matchers'
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornbergerdescribe Ability do
ee5342a8882c2fc7631fcffb5497e6597747887cTim Reddehase
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  let(:user){   create :user } # regular user
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  let(:owner){  create :user } # owner
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  context 'Repository' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa    let(:editor) { create :user } # editor
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa    let(:reader) { create :user } # reader
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa    let(:item) { create(:permission, subject: owner, role: 'owner').item }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    before do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      create(:permission, subject: editor, role: 'editor', item: item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      create(:permission, subject: reader, role: 'reader', item: item)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'guest' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      subject(:ability){ Ability.new(User.new, nil) }
ee5342a8882c2fc7631fcffb5497e6597747887cTim Reddehase
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not be allowed: new, create' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(new create).each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should_not be_able_to(perm, Repository.new)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'be allowed: show' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        should be_able_to(:show, Repository.new)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'not be allowed some actions' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(edit update destroy write).each do |perm|
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa          should_not be_able_to(perm, item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    context 'reader' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      subject(:ability){ Ability.new(reader, nil) }
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'be allowed: new, create' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(new create).each do |perm|
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa          should be_able_to(perm, Repository.new)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not be allowed some actions' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(edit update destroy write).each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should_not be_able_to(perm, item)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'be allowed: show' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        should be_able_to(:show, create(:repository))
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'owner' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      subject(:ability){ Ability.new(owner, nil) }
ee5342a8882c2fc7631fcffb5497e6597747887cTim Reddehase
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'be allowed: new, create' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(new create).each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should be_able_to(perm, Repository.new)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'be allowed: edit, update, destroy, permissions, write' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(show edit update destroy permissions).each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should be_able_to(perm, item)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not be allowed on other: edit, update, destroy, permissions' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(edit update destroy permissions).each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should_not be_able_to(perm, create(:repository))
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'editor' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      subject(:ability){ Ability.new(editor, nil) }
ee5342a8882c2fc7631fcffb5497e6597747887cTim Reddehase
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'be allowed: write' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(show write).each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should be_able_to(perm, item)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not be allowed: edit, update, destroy, permissions' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(edit update destroy permissions).each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should_not be_able_to(perm, item)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa  context 'Private Repository' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    let(:editor){ create :user } # editor
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    let(:reader){ create :user } # reader
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa    let!(:access_token) { create :access_token }
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa    let(:item) do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      repo = access_token.repository
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      create(:permission, subject: owner, role: 'owner', item: repo)
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      repo
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa    end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    before do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      create(:permission, subject: editor, role: 'editor', item: item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      create(:permission, subject: reader, role: 'reader', item: item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    context 'guest' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      subject(:ability){ Ability.new(User.new, nil) }
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'not be allowed: anything' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(show update write).each do |perm|
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa          should_not be_able_to(perm, item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      context 'with access token' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa        subject(:ability){ Ability.new(User.new, access_token.to_s) }
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa
8a03fefc49541c745e176a8a436c090e55358370Eugen Kuksa        context 'not be allowed: change' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa          %i(update write).each do |perm|
8a03fefc49541c745e176a8a436c090e55358370Eugen Kuksa            it "via #{perm}" do
8a03fefc49541c745e176a8a436c090e55358370Eugen Kuksa              should_not be_able_to(perm, item)
8a03fefc49541c745e176a8a436c090e55358370Eugen Kuksa            end
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa          end
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa        end
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa        it 'be allowed: read' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa          should be_able_to(:show, item)
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa        end
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    context 'reader' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      subject(:ability){ Ability.new(reader, nil) }
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'not be allowed: to manage' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(update write).each do |perm|
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa          should_not be_able_to(perm, item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'be allowed: to read' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        should be_able_to(:show, item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    context 'editor' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      subject(:ability){ Ability.new(editor, nil) }
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'be allowed: to read and manage' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(show write).each do |perm|
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa          should be_able_to(perm, item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    context 'owner' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      subject(:ability){ Ability.new(owner, nil) }
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      it 'be allowed: everything' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(show update write).each do |perm|
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa          should be_able_to(perm, item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa  end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa  context 'Private Repository' do
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa    let(:editor) { create :user } # editor
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa    let(:reader) { create :user } # reader
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa    let(:item) { create(:repository, access: 'private_rw', user: owner) }
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    before do
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      create(:permission, subject: editor, role: 'editor', item: item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      create(:permission, subject: reader, role: 'reader', item: item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    context 'guest' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      subject(:ability){ Ability.new(User.new, nil) }
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      it 'not be allowed: anything' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(show update write).each do |perm|
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa          should_not be_able_to(perm, item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa    context 'reader' do
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      it 'not be allowed: to write' do
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa        expect(Ability.new(reader, nil)).to_not be_able_to(:write, item)
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa      end
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa      it 'be allowed: to read' do
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa        expect(Ability.new(reader, nil)).to be_able_to(:show, item)
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa      end
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa    end
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa    context 'editor, owner' do
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa      it 'be allowed: to write' do
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa        [editor, owner].each do |role|
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa          expect(Ability.new(role, nil)).to be_able_to(:write, item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      it 'be allowed: to read' do
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa        [editor, owner].each do |role|
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa          expect(Ability.new(role, nil)).to be_able_to(:show, item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    context 'update:' do
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa      it 'reader, editor should not be allowed' do
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        [reader, editor].each do |role|
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa          expect(Ability.new(role, nil)).to_not be_able_to(:update, item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa      it 'owner should be allowed' do
8cb89db2406324b7f09d5a83b39eb14b2623150eEugen Kuksa        expect(Ability.new(owner, nil)).to be_able_to(:update, item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa  end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  context 'Team' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    let(:other){ create :user }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    let(:memberteam){ create(:team_user, user: other).team }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    let(:otherteam){  create(:team_user, user: other).team }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa    subject(:ability){ Ability.new(user, nil) }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
23305f217b86a2ebf90a848af9036908e0070542Eugen Kuksa    before { memberteam.users << user }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'admin' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'be allowed: edit, update, destroy' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(edit update destroy).each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should be_able_to(perm, create(:team_user, user: user).team)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'member' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'be allowed: create, show, index' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(create show index).each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should be_able_to(perm, Team.new)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not be allowed: edit, update, destroy (without admin on team)' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(edit update destroy).each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should_not be_able_to(perm, @memberteam)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not be allowed: edit, update, destroy (without being on team)' do
d74b53ae8ec704603bf3c74d46280f60f9ce9647Eugen Kuksa        %i(edit update destroy).each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should_not be_able_to(perm, otherteam)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  end
ee5342a8882c2fc7631fcffb5497e6597747887cTim Reddehase
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  context 'Comment' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    let(:comment){ create :comment }
ee5342a8882c2fc7631fcffb5497e6597747887cTim Reddehase
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'author' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      subject(:ability){ Ability.new(comment.user, nil) }
ee5342a8882c2fc7631fcffb5497e6597747887cTim Reddehase
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'destroy his own comment' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        should be_able_to(:destroy, comment)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
ee5342a8882c2fc7631fcffb5497e6597747887cTim Reddehase
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not be allowed to destroy others comment' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        should_not be_able_to(:destroy, create(:comment))
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
ee5342a8882c2fc7631fcffb5497e6597747887cTim Reddehase
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'admin' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      subject(:ability){ Ability.new(create(:admin), nil) }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'destroy others comment' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        should be_able_to(:destroy, comment)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
ee5342a8882c2fc7631fcffb5497e6597747887cTim Reddehase
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'comments repository owner' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      subject(:ability){ Ability.new(owner, nil) }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      before do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        create(:permission, subject: owner, role: 'owner', item: comment.commentable.repository)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
ee5342a8882c2fc7631fcffb5497e6597747887cTim Reddehase
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'destroy others comments for his repository' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        should be_able_to(:destroy, comment)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
ee5342a8882c2fc7631fcffb5497e6597747887cTim Reddehase
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'comments repository editor' do
0d6f8d00bbfa3e07fe9e6bb453e0731246ad6e01Eugen Kuksa      subject(:ability){ Ability.new(owner, nil) }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      before do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        create(:permission, subject: owner, role: 'editor', item: comment.commentable.repository)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
ee5342a8882c2fc7631fcffb5497e6597747887cTim Reddehase
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not destroy others comments for his repository' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        should_not be_able_to(:destroy, comment)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornbergerend