spec/models/ability_spec.rb

	ability_spec.rb revision 5ddd457a4e278410e58386a2333f5853f2f2ea8f
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornbergerrequire 'spec_helper'
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornbergerrequire 'cancan/matchers'
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornbergerdescribe Ability do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  let(:user){   create :user } # regular user
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  let(:owner){  create :user } # owner
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  context 'Repository' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    let(:editor){ create :user } # editor
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    let(:reader){ create :user } # reader
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    let(:item){   create(:permission, subject: owner, role: 'owner').item }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    before do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      create(:permission, subject: editor, role: 'editor', item: item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      create(:permission, subject: reader, role: 'reader', item: item)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'guest' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      subject(:ability){ Ability.new(User.new) }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not be allowed: new, create' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        [:new, :create].each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should_not be_able_to(perm, Repository.new)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'be allowed: show' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        should be_able_to(:show, Repository.new)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'not be allowed some actions' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        [:edit, :update, :destroy, :write].each do |perm|
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa          should_not be_able_to(perm, item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    context 'reader' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      subject(:ability){ Ability.new(reader) }
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'be allowed: new, create' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        [:new, :create].each do |perm|
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa          should be_able_to(perm, Repository.new)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not be allowed some actions' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        [:edit, :update, :destroy, :write].each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should_not be_able_to(perm, item)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'be allowed: show' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        should be_able_to(:show, create(:repository))
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'owner' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      subject(:ability){ Ability.new(owner) }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'be allowed: new, create' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        [:new, :create].each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should be_able_to(perm, Repository.new)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'be allowed: edit, update, destroy, permissions, write' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        [:show, :edit, :update, :destroy, :permissions].each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should be_able_to(perm, item)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not be allowed on other: edit, update, destroy, permissions' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        [:edit, :update, :destroy, :permissions].each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should_not be_able_to(perm, create(:repository))
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'editor' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      subject(:ability){ Ability.new(editor) }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'be allowed: write' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        [:show, :write].each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should be_able_to(perm, item)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not be allowed: edit, update, destroy, permissions' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        [:edit, :update, :destroy, :permissions].each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should_not be_able_to(perm, item)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa  context 'Private Repository' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    let(:editor){ create :user } # editor
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    let(:reader){ create :user } # reader
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    let(:item){   create(:repository, access: 'private_rw', user: owner) }
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    before do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      create(:permission, subject: editor, role: 'editor', item: item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      create(:permission, subject: reader, role: 'reader', item: item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    context 'guest' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      subject(:ability){ Ability.new(User.new) }
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'not be allowed: anything' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        [:show, :update, :write].each do |perm|
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa          should_not be_able_to(perm, item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    context 'reader' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      subject(:ability){ Ability.new(reader) }
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'not be allowed: to manage' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        [:update, :write].each do |perm|
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa          should_not be_able_to(perm, item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'be allowed: to read' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        should be_able_to(:show, item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    context 'editor' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      subject(:ability){ Ability.new(editor) }
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      it 'be allowed: to read and manage' do
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        [:show, :write].each do |perm|
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa          should be_able_to(perm, item)
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa        end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa      end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa    end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    context 'owner' do
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      subject(:ability){ Ability.new(owner) }
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      it 'be allowed: everything' do
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        [:show, :update, :write].each do |perm|
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa          should be_able_to(perm, item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa  end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa  context 'Private read-only Repository' do
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    let(:editor){ create :user } # editor
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    let(:reader){ create :user } # reader
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    let(:item){   create(:repository, access: 'private_r', user: owner) }
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    before do
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      create(:permission, subject: editor, role: 'editor', item: item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      create(:permission, subject: reader, role: 'reader', item: item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    context 'guest' do
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      subject(:ability){ Ability.new(User.new) }
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      it 'not be allowed: anything' do
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        [:show, :update, :write].each do |perm|
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa          should_not be_able_to(perm, item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    context 'reader, editor, owner' do
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      it 'not be allowed: to write' do
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        [reader, editor, owner].each do |role|
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa          Ability.new(role).should_not be_able_to(:write, item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      it 'be allowed: to read' do
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        [reader, editor, owner].each do |role|
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa          Ability.new(role).should be_able_to(:show, item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    context 'update:' do
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      it 'reader, editor should be allowed' do
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        [reader, editor].each do |role|
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa          Ability.new(role).should_not be_able_to(:update, item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      it 'owner should not be allowed' do
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa        Ability.new(owner).should be_able_to(:update, item)
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa      end
5ddd457a4e278410e58386a2333f5853f2f2ea8fEugen Kuksa    end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa  end
b2ee879528ace361f0f5a55de48c6b90515b27b0Eugen Kuksa
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  context 'Team' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    let(:other){ create :user }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    let(:memberteam){ create(:team_user, user: other).team }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    let(:otherteam){  create(:team_user, user: other).team }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    subject(:ability){ Ability.new(user) }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    before do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      memberteam.users << user
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'admin' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'be allowed: edit, update, destroy' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        [:edit, :update, :destroy].each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should be_able_to(perm, create(:team_user, user: user).team)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'member' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'be allowed: create, show, index' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        [:create, :show, :index].each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should be_able_to(perm, Team.new)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not be allowed: edit, update, destroy (without admin on team)' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        [:edit, :update, :destroy].each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should_not be_able_to(perm, @memberteam)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not be allowed: edit, update, destroy (without being on team)' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        [:edit, :update, :destroy].each do |perm|
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger          should_not be_able_to(perm, otherteam)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  context 'Comment' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    let(:comment){ create :comment }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'author' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      subject(:ability){ Ability.new(comment.user) }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'destroy his own comment' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        should be_able_to(:destroy, comment)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not be allowed to destroy others comment' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        should_not be_able_to(:destroy, create(:comment))
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'admin' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      subject(:ability){ Ability.new(create :admin) }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'destroy others comment' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        should be_able_to(:destroy, comment)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'comments repository owner' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      subject(:ability){ Ability.new(owner) }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      before do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        create(:permission, subject: owner, role: 'owner', item: comment.commentable.repository)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'destroy others comments for his repository' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        should be_able_to(:destroy, comment)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    context 'comments repository editor' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      subject(:ability){ Ability.new(owner) }
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      before do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        create(:permission, subject: owner, role: 'editor', item: comment.commentable.repository)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      it 'not destroy others comments for his repository' do
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger        should_not be_able_to(:destroy, comment)
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger      end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger    end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornberger  end
65f00d360b7b3fabfc829fcc19a019bfef587595Julian Kornbergerend