8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksarequire 'spec_helper'
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksadescribe Permission do
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa context 'associations' do
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa %i(creator item subject).each do |association|
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa it { should belong_to(association) }
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa context 'validations' do
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa %w(owner editor).each do |val|
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa it { should allow_value(val).for :role }
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa [ nil, '','foo' ].each do |val|
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa it { should_not allow_value(val).for :role }
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa let(:owner) { create :user }
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa let(:permission) { create(:permission, subject: owner, role: 'owner') }
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa context 'one owner' do
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa it 'should not be possible to remove him' do
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa expect{ permission.destroy }.to raise_error(Permission::PowerVaccuumError)
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa end
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa it 'should not be possible to degrade his role' do
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa permission.role = 'editor'
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa expect(permission).not_to be_valid
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa end
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa
b43c698edd82b247d49e3ee7b77a77817a5dda42Eugen Kuksa %w(editor reader).each do |role|
1e3b00b030ba156e5002b1013b28be89adea13d5Eugen Kuksa it "should be possible to remove a #{role} permission" do
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa other_permission = create(:permission, subject: owner, role: role)
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa expect{ other_permission.destroy }.not_to raise_error
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa end
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa end
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa end
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa context 'many owners' do
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa let(:other_owner) { create(:user) }
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa before do
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa create(:permission, subject: other_owner, role: 'owner', item: permission.item)
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa end
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa it 'should be possible to remove one' do
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa expect{ permission.destroy }.not_to raise_error
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa end
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa it 'should be possible to degrade his role' do
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa permission.role = 'editor'
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa expect(permission).to be_valid
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa end
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa context 'repository' do
7c7a19761235efff584ee65a1c6dc4aa1735ff64Eugen Kuksa let(:repository) { create :repository }
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa context 'admin user' do
7c7a19761235efff584ee65a1c6dc4aa1735ff64Eugen Kuksa let(:admin) { create :admin }
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa %i(owner editor).each do |perm|
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa it "have #{perm} permission" do
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa expect(repository.permission?(perm, admin)).to be(true)
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa context 'owner user' do
7c7a19761235efff584ee65a1c6dc4aa1735ff64Eugen Kuksa let(:permission) { create :permission, item: repository }
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa %i(owner editor).each do |perm|
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa it "have #{perm} permission" do
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa expect(repository.permission?(perm, permission.subject)).to be(true)
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa context 'editor user' do
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa let(:permission) do
7c7a19761235efff584ee65a1c6dc4aa1735ff64Eugen Kuksa create :permission,
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa item: repository, role: 'editor'
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa it 'not have owner permission' do
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa expect(repository.permission?(:owner, permission.subject)).to be(false)
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa it 'have editor permission' do
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa expect(repository.permission?(:editor, permission.subject)).to be(true)
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa context 'team user' do
7c7a19761235efff584ee65a1c6dc4aa1735ff64Eugen Kuksa let(:team_user) { create :team_user }
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa let!(:permission) do
7c7a19761235efff584ee65a1c6dc4aa1735ff64Eugen Kuksa create :permission,
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa item: repository, subject: team_user.team
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa %i(owner editor).each do |perm|
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa it "have #{perm} permission" do
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa expect(repository.permission?(perm, team_user.user)).to be(true)
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa context 'bernd' do
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa %i(owner editor).each do |perm|
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa it "not have #{perm} permission" do
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa expect(repository.permission?(perm, nil)).to be(false)
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa context 'user on other team' do
7c7a19761235efff584ee65a1c6dc4aa1735ff64Eugen Kuksa let(:team_user) { create :team_user }
7c7a19761235efff584ee65a1c6dc4aa1735ff64Eugen Kuksa let(:permission) { create :permission, item: repository }
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa %i(owner editor).each do |perm|
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa it "not have #{perm} permission" do
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa expect(repository.permission?(perm, team_user.user)).to be(false)
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa context 'some user' do
7c7a19761235efff584ee65a1c6dc4aa1735ff64Eugen Kuksa let(:user) { create :user }
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa %i(owner editor).each do |perm|
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa it "not have #{perm} permission" do
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa expect(repository.permission?(perm, user)).to be(false)
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
0549ef82aa9c58cf3d5bf707040482b3aa5695b2Eugen Kuksa end
8e3f37bc508aba0ca3408003cc59c6bec0d5ffcaEugen Kuksaend