Refs #5865 @1h; Ensure user is allowed to duplicate a referential before doing so

I also changed the way 403 errors are handled, to properly respond with
a 403 HTTP code

1 files changed, 36 insertions, 0 deletions

diff --git a/spec/controllers/referentials_controller_spec.rb b/spec/controllers/referentials_controller_spec.rb
index f97480600..521856258 100644
--- a/spec/controllers/referentials_controller_spec.rb
+++ b/spec/controllers/referentials_controller_spec.rb
@@ -6,6 +6,42 @@ describe ReferentialsController, :type => :controller do
   let(:organisation) { create :organisation }
   let(:other_referential) { create :referential, organisation: organisation }
 
+  describe "GET new" do
+    let(:request){ get :new }
+    before{ request }
+
+    it 'returns http success' do
+      expect(response).to have_http_status(200)
+    end
+
+    context "when cloning another referential" do
+      let(:source){ referential }
+      let(:request){ get :new, from: source.id }
+
+      it 'returns http success' do
+        expect(response).to have_http_status(200)
+      end
+
+      context "when the referential is in another organisation but accessible by the user" do
+        let(:source){ create(:workbench_referential) }
+        before do
+          source.workbench.update_attribute :workgroup_id, referential.workbench.workgroup_id
+        end
+
+        it 'returns http forbidden' do
+          expect(response).to have_http_status(403)
+        end
+      end
+
+      context "when the referential is not accessible by the user" do
+        let(:source){ create(:workbench_referential) }
+        it 'returns http forbidden' do
+          expect(response).to have_http_status(403)
+        end
+      end
+    end
+  end
+
   describe 'PUT archive' do
     context "user's organisation matches referential's organisation" do
       it 'returns http success' do