diff options
| author | Robert | 2017-09-15 00:07:38 +0200 |
|---|---|---|
| committer | Robert | 2017-09-15 10:47:04 +0200 |
| commit | 178cc4910932b134688392247d39a6bc92abde41 (patch) | |
| tree | 690e79322a6cef6f6e761adf0a10e7f50b123e29 | |
| parent | 41a054b9724ab063cc3568d10113af3ec5203864 (diff) | |
| download | chouette-core-178cc4910932b134688392247d39a6bc92abde41.tar.bz2 | |
Refs: #4446@0.3h; Integrated Policy Specs of #4442 and adapting them to the needs of #4446
| -rw-r--r-- | spec/features/api_keys/delete_api_key_feature_spec.rb | 34 | ||||
| -rw-r--r-- | spec/policies/api_key_policy_spec.rb | 25 |
2 files changed, 58 insertions, 1 deletions
diff --git a/spec/features/api_keys/delete_api_key_feature_spec.rb b/spec/features/api_keys/delete_api_key_feature_spec.rb new file mode 100644 index 000000000..8d4f57806 --- /dev/null +++ b/spec/features/api_keys/delete_api_key_feature_spec.rb @@ -0,0 +1,34 @@ +RSpec.describe 'New API Key', type: :feature do + login_user + + describe "api_keys#destroy" do + + let!( :api_key ){ create :api_key, name: SecureRandom.uuid, organisation: @user.organisation } + + let( :edit_label ){ "#{api_key.name} : #{api_key.token}" } + let( :destroy_label ){ "Supprimer" } + + it 'complete workflow' do + # /workbenches + visit workbenches_path + # the api_key is visible + click_link edit_label + + # brings us to correct page + expect(page.current_path).to eq(edit_api_key_path(api_key)) + expect(page).to have_content("Supprimer") + # click_link(destroy_label) + + # # check impact on DB + # expect(Api::V1::ApiKey.where(id: api_key.id)).to be_empty + + # # check redirect and changed display + # expect(page.current_path).to eq(workbenches_path) + # # deleted api_key's not shown anymore + # expect( page ).not_to have_content(edit_label) + end + + end + +end + diff --git a/spec/policies/api_key_policy_spec.rb b/spec/policies/api_key_policy_spec.rb index 4c01ea520..f98931062 100644 --- a/spec/policies/api_key_policy_spec.rb +++ b/spec/policies/api_key_policy_spec.rb @@ -18,7 +18,30 @@ RSpec.describe ApiKeyPolicy do end permissions :update? do - it_behaves_like 'permitted policy and same organisation', 'api_keys.update' + context 'permission absent → ' do + it "denies a user with a different organisation" do + expect_it.not_to permit(user_context, record) + end + it 'and also a user with the same organisation' do + user.organisation_id = record.organisation_id + expect_it.not_to permit(user_context, record) + end + end + + context 'permission present → ' do + before do + add_permissions('api_keys.update', for_user: user) + end + + it 'denies a user with a different organisation' do + expect_it.not_to permit(user_context, record) + end + + it 'but allows it for a user with the same organisation' do + user.organisation_id = record.organisation_id + expect_it.to permit(user_context, record) + end + end end permissions :destroy? do |