diff options
| author | Robert | 2017-05-20 11:21:47 +0200 |
|---|---|---|
| committer | Robert | 2017-05-23 17:53:36 +0200 |
| commit | 78b991cbab5431b94afa2df2344170d38b189d27 (patch) | |
| tree | 8a373883af23a871de7c6959cf756755ecdafbb6 /spec/policies | |
| parent | 72032f2eeef7482ec725af21b87c95d3433f887d (diff) | |
| download | chouette-core-78b991cbab5431b94afa2df2344170d38b189d27.tar.bz2 | |
Refs: #3383; policy speced & implmented
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/application_policy_spec.rb | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/spec/policies/application_policy_spec.rb b/spec/policies/application_policy_spec.rb index d7e8e5e27..c6e5b89bf 100644 --- a/spec/policies/application_policy_spec.rb +++ b/spec/policies/application_policy_spec.rb @@ -1,11 +1,12 @@ RSpec.describe ApplicationPolicy, type: :policy do + let( :user_context ) { create_user_context(user: user, referential: referential) } + let( :referentail ) { create :referential } + let( :user ) { create :user } + subject { described_class } permissions :organisation_match? do - let( :user_context ) { create_user_context(user: user, referential: referential) } - let( :referentail ) { create :referential } - let( :user ) { create :user } it "denies a user with a different organisation" do expect_it.not_to permit(user_context, referential) @@ -16,4 +17,30 @@ RSpec.describe ApplicationPolicy, type: :policy do expect_it.to permit(user_context, referential) end end + + permissions :boiv_read_offer? do + + context "user of a different organisation → " do + it "denies a user with a different organisation" do + expect_it.not_to permit(user_context, referential) + end + it "even if she has the permisson" do + add_permissions('boiv:read_offer', for_user: user) + expect_it.not_to permit(user_context, referential) + end + end + + context "user of the same organisation → " do + before do + user.update_attribute :organisation, referential.organisation + end + it "denies if permission absent" do + expect_it.not_to permit(user_context, referential) + end + it "allows if permission present" do + add_permissions('boiv:read_offer', for_user: user) + expect_it.to permit(user_context, referential) + end + end + end end |