ability_spec.rb revision 8a03fefc49541c745e176a8a436c090e55358370
2N/Arequire 'spec_helper'
2N/Arequire 'cancan/matchers'
2N/A
2N/Adescribe Ability do
2N/A
2N/A let(:user){ create :user } # regular user
2N/A let(:owner){ create :user } # owner
2N/A
2N/A context 'Repository' do
2N/A let(:editor) { create :user } # editor
2N/A let(:reader) { create :user } # reader
2N/A let(:item) { create(:permission, subject: owner, role: 'owner').item }
2N/A
2N/A before do
2N/A create(:permission, subject: editor, role: 'editor', item: item)
2N/A create(:permission, subject: reader, role: 'reader', item: item)
2N/A end
2N/A
2N/A context 'guest' do
2N/A subject(:ability){ Ability.new(User.new, nil) }
58N/A
2N/A it 'not be allowed: new, create' do
2N/A %i(new create).each do |perm|
2N/A should_not be_able_to(perm, Repository.new)
2N/A end
23N/A end
23N/A
23N/A it 'be allowed: show' do
23N/A should be_able_to(:show, Repository.new)
23N/A end
32N/A
32N/A it 'not be allowed some actions' do
32N/A %i(edit update destroy write).each do |perm|
34N/A should_not be_able_to(perm, item)
32N/A end
34N/A end
32N/A end
32N/A
58N/A context 'reader' do
32N/A subject(:ability){ Ability.new(reader, nil) }
2N/A
38N/A it 'be allowed: new, create' do
38N/A %i(new create).each do |perm|
38N/A should be_able_to(perm, Repository.new)
38N/A end
38N/A end
38N/A
38N/A it 'not be allowed some actions' do
38N/A %i(edit update destroy write).each do |perm|
38N/A should_not be_able_to(perm, item)
83N/A end
83N/A end
99N/A
2N/A it 'be allowed: show' do
92N/A should be_able_to(:show, create(:repository))
92N/A end
92N/A end
2N/A
2N/A context 'owner' do
83N/A subject(:ability){ Ability.new(owner, nil) }
83N/A
2N/A it 'be allowed: new, create' do
34N/A %i(new create).each do |perm|
2N/A should be_able_to(perm, Repository.new)
34N/A end
34N/A end
2N/A
34N/A it 'be allowed: edit, update, destroy, permissions, write' do
53N/A %i(show edit update destroy permissions).each do |perm|
34N/A should be_able_to(perm, item)
70N/A end
2N/A end
2N/A
2N/A it 'not be allowed on other: edit, update, destroy, permissions' do
2N/A %i(edit update destroy permissions).each do |perm|
70N/A should_not be_able_to(perm, create(:repository))
105N/A end
105N/A end
2N/A end
70N/A
70N/A context 'editor' do
70N/A subject(:ability){ Ability.new(editor, nil) }
70N/A
70N/A it 'be allowed: write' do
70N/A %i(show write).each do |perm|
70N/A should be_able_to(perm, item)
70N/A end
70N/A end
70N/A
6N/A it 'not be allowed: edit, update, destroy, permissions' do
6N/A %i(edit update destroy permissions).each do |perm|
6N/A should_not be_able_to(perm, item)
34N/A end
34N/A end
34N/A end
34N/A end
34N/A
34N/A context 'Private Repository' do
34N/A let(:editor){ create :user } # editor
32N/A let(:reader){ create :user } # reader
38N/A let!(:access_token) { create :access_token }
34N/A let(:item) do
38N/A repo = access_token.repository
34N/A create(:permission, subject: owner, role: 'owner', item: repo)
92N/A repo
145N/A end
92N/A
92N/A before do
92N/A create(:permission, subject: editor, role: 'editor', item: item)
92N/A create(:permission, subject: reader, role: 'reader', item: item)
92N/A end
92N/A
92N/A context 'guest' do
92N/A subject(:ability){ Ability.new(User.new, nil) }
34N/A
38N/A it 'not be allowed: anything' do
34N/A %i(show update write).each do |perm|
38N/A should_not be_able_to(perm, item)
32N/A end
32N/A end
32N/A
32N/A context 'with access token' do
34N/A subject(:ability){ Ability.new(User.new, access_token.to_s) }
32N/A
32N/A
145N/A context 'not be allowed: change' do
145N/A %i(update write).each do |perm|
2N/A it "via #{perm}" do
2N/A should_not be_able_to(perm, item)
end
end
end
it 'be allowed: read' do
should be_able_to(:show, item)
end
end
end
context 'reader' do
subject(:ability){ Ability.new(reader, nil) }
it 'not be allowed: to manage' do
%i(update write).each do |perm|
should_not be_able_to(perm, item)
end
end
it 'be allowed: to read' do
should be_able_to(:show, item)
end
end
context 'editor' do
subject(:ability){ Ability.new(editor, nil) }
it 'be allowed: to read and manage' do
%i(show write).each do |perm|
should be_able_to(perm, item)
end
end
end
context 'owner' do
subject(:ability){ Ability.new(owner, nil) }
it 'be allowed: everything' do
%i(show update write).each do |perm|
should be_able_to(perm, item)
end
end
end
end
context 'Private read-only Repository' do
let(:editor){ create :user } # editor
let(:reader){ create :user } # reader
let(:item){ create(:repository, access: 'private_r', user: owner) }
before do
create(:permission, subject: editor, role: 'editor', item: item)
create(:permission, subject: reader, role: 'reader', item: item)
end
context 'guest' do
subject(:ability){ Ability.new(User.new, nil) }
it 'not be allowed: anything' do
%i(show update write).each do |perm|
should_not be_able_to(perm, item)
end
end
end
context 'reader, editor, owner' do
it 'not be allowed: to write' do
[reader, editor, owner].each do |role|
Ability.new(role, nil).should_not be_able_to(:write, item)
end
end
it 'be allowed: to read' do
[reader, editor, owner].each do |role|
Ability.new(role, nil).should be_able_to(:show, item)
end
end
end
context 'update:' do
it 'reader, editor should be allowed' do
[reader, editor].each do |role|
Ability.new(role, nil).should_not be_able_to(:update, item)
end
end
it 'owner should not be allowed' do
Ability.new(owner, nil).should be_able_to(:update, item)
end
end
end
context 'Team' do
let(:other){ create :user }
let(:memberteam){ create(:team_user, user: other).team }
let(:otherteam){ create(:team_user, user: other).team }
subject(:ability){ Ability.new(user, nil) }
before { memberteam.users << user }
context 'admin' do
it 'be allowed: edit, update, destroy' do
%i(edit update destroy).each do |perm|
should be_able_to(perm, create(:team_user, user: user).team)
end
end
end
context 'member' do
it 'be allowed: create, show, index' do
%i(create show index).each do |perm|
should be_able_to(perm, Team.new)
end
end
it 'not be allowed: edit, update, destroy (without admin on team)' do
%i(edit update destroy).each do |perm|
should_not be_able_to(perm, @memberteam)
end
end
it 'not be allowed: edit, update, destroy (without being on team)' do
%i(edit update destroy).each do |perm|
should_not be_able_to(perm, otherteam)
end
end
end
end
context 'Comment' do
let(:comment){ create :comment }
context 'author' do
subject(:ability){ Ability.new(comment.user, nil) }
it 'destroy his own comment' do
should be_able_to(:destroy, comment)
end
it 'not be allowed to destroy others comment' do
should_not be_able_to(:destroy, create(:comment))
end
end
context 'admin' do
subject(:ability){ Ability.new(create(:admin), nil) }
it 'destroy others comment' do
should be_able_to(:destroy, comment)
end
end
context 'comments repository owner' do
subject(:ability){ Ability.new(owner, nil) }
before do
create(:permission, subject: owner, role: 'owner', item: comment.commentable.repository)
end
it 'destroy others comments for his repository' do
should be_able_to(:destroy, comment)
end
end
context 'comments repository editor' do
subject(:ability){ Ability.new(owner, nil) }
before do
create(:permission, subject: owner, role: 'editor', item: comment.commentable.repository)
end
it 'not destroy others comments for his repository' do
should_not be_able_to(:destroy, comment)
end
end
end
end