diff options
| author | cedricnjanga | 2017-07-06 17:38:47 +0200 |
|---|---|---|
| committer | cedricnjanga | 2017-07-06 17:38:47 +0200 |
| commit | 4bddbdb6a1eb52260b1fdaa78ebd9415582daafd (patch) | |
| tree | d85f906433876b05a35edfe093e3aa6b5b40956e /spec | |
| parent | bf63449de6ac9624352af4c0319758da3c8d827e (diff) | |
| parent | 1ed7b4a1398fcc39c539de5e0b045e098e02e50f (diff) | |
| download | chouette-core-4bddbdb6a1eb52260b1fdaa78ebd9415582daafd.tar.bz2 | |
Merge branch 'master' of github.com:af83/stif-boiv
Diffstat (limited to 'spec')
30 files changed, 771 insertions, 289 deletions
diff --git a/spec/controllers/journey_patterns_collections_controller_spec.rb b/spec/controllers/journey_patterns_collections_controller_spec.rb index 888281036..442d73fb7 100644 --- a/spec/controllers/journey_patterns_collections_controller_spec.rb +++ b/spec/controllers/journey_patterns_collections_controller_spec.rb @@ -1,5 +1,3 @@ -require 'rails_helper' - RSpec.describe JourneyPatternsCollectionsController, :type => :controller do end diff --git a/spec/controllers/routes_controller_spec.rb b/spec/controllers/routes_controller_spec.rb index 18067dec7..000b799db 100644 --- a/spec/controllers/routes_controller_spec.rb +++ b/spec/controllers/routes_controller_spec.rb @@ -1,6 +1,4 @@ -require 'spec_helper' - -describe RoutesController, :type => :controller do +RSpec.describe RoutesController, :type => :controller do login_user let!(:route) { create(:route) } diff --git a/spec/decorators/company_decorator_spec.rb b/spec/decorators/company_decorator_spec.rb index 42ed6a408..a1df03449 100644 --- a/spec/decorators/company_decorator_spec.rb +++ b/spec/decorators/company_decorator_spec.rb @@ -1,4 +1,2 @@ -require 'spec_helper' - describe CompanyDecorator do end diff --git a/spec/features/lines_spec.rb b/spec/features/lines_spec.rb index a55f30ebc..2a442bd2f 100644 --- a/spec/features/lines_spec.rb +++ b/spec/features/lines_spec.rb @@ -8,89 +8,91 @@ describe "Lines", type: :feature do let!(:group_of_line) { create(:group_of_line) } subject { lines.first } - describe "index" do - before(:each) { visit line_referential_lines_path(line_referential) } + with_permissions "boiv:read" do + describe "index" do + before(:each) { visit line_referential_lines_path(line_referential) } - it "displays lines" do - expect(page).to have_content(lines.first.name) - expect(page).to have_content(lines.last.name) - end - - it 'allows only R in CRUD' do - expect(page).to have_link(I18n.t('actions.show')) - expect(page).not_to have_link(I18n.t('actions.edit'), href: edit_referential_line_path(referential, lines.first)) - expect(page).not_to have_link(I18n.t('actions.destroy'), href: referential_line_path(referential, lines.first)) - expect(page).not_to have_link(I18n.t('actions.add'), href: new_referential_line_path(referential)) - end - - context 'filtering' do - it 'supports filtering by name' do - fill_in 'q[name_or_number_or_objectid_cont]', with: lines.first.name - click_button 'search-btn' + it "displays lines" do expect(page).to have_content(lines.first.name) - expect(page).not_to have_content(lines.last.name) + expect(page).to have_content(lines.last.name) end - it 'supports filtering by number' do - fill_in 'q[name_or_number_or_objectid_cont]', with: lines.first.number - click_button 'search-btn' - expect(page).to have_content(lines.first.name) - expect(page).not_to have_content(lines.last.name) + it 'allows only R in CRUD' do + expect(page).to have_link(I18n.t('actions.show')) + expect(page).not_to have_link(I18n.t('actions.edit'), href: edit_referential_line_path(referential, lines.first)) + expect(page).not_to have_link(I18n.t('actions.destroy'), href: referential_line_path(referential, lines.first)) + expect(page).not_to have_link(I18n.t('actions.add'), href: new_referential_line_path(referential)) end - it 'supports filtering by objectid' do - fill_in 'q[name_or_number_or_objectid_cont]', with: lines.first.objectid - click_button 'search-btn' - expect(page).to have_content(lines.first.name) - expect(page).not_to have_content(lines.last.name) + context 'filtering' do + it 'supports filtering by name' do + fill_in 'q[name_or_number_or_objectid_cont]', with: lines.first.name + click_button 'search-btn' + expect(page).to have_content(lines.first.name) + expect(page).not_to have_content(lines.last.name) + end + + it 'supports filtering by number' do + fill_in 'q[name_or_number_or_objectid_cont]', with: lines.first.number + click_button 'search-btn' + expect(page).to have_content(lines.first.name) + expect(page).not_to have_content(lines.last.name) + end + + it 'supports filtering by objectid' do + fill_in 'q[name_or_number_or_objectid_cont]', with: lines.first.objectid + click_button 'search-btn' + expect(page).to have_content(lines.first.name) + expect(page).not_to have_content(lines.last.name) + end end end - end - describe "show" do - it "displays line" do - visit line_referential_line_path(line_referential, lines.first) - expect(page).to have_content(lines.first.name) + describe "show" do + it "displays line" do + visit line_referential_line_path(line_referential, lines.first) + expect(page).to have_content(lines.first.name) + end end - end - # Fixme #1780 - # describe "new" do - # it "creates line and return to show" do - # visit line_referential_lines_path(line_referential) - # click_link "Ajouter une ligne" - # fill_in "line_name", :with => "Line 1" - # fill_in "Numéro d'enregistrement", :with => "1" - # fill_in "Identifiant Neptune", :with => "chouette:test:Line:999" - # click_button("Créer ligne") - # expect(page).to have_content("Line 1") - # end - # end + # Fixme #1780 + # describe "new" do + # it "creates line and return to show" do + # visit line_referential_lines_path(line_referential) + # click_link "Ajouter une ligne" + # fill_in "line_name", :with => "Line 1" + # fill_in "Numéro d'enregistrement", :with => "1" + # fill_in "Identifiant Neptune", :with => "chouette:test:Line:999" + # click_button("Créer ligne") + # expect(page).to have_content("Line 1") + # end + # end - # Fixme #1780 - # describe "new with group of line", :js => true do - # it "creates line and return to show" do - # visit new_line_referential_line_path(line_referential) - # fill_in "line_name", :with => "Line 1" - # fill_in "Numéro d'enregistrement", :with => "1" - # fill_in "Identifiant Neptune", :with => "test:Line:999" - # fill_in_token_input('line_group_of_line_tokens', :with => "#{group_of_line.name}") - # find_button("Créer ligne").trigger("click") - # expect(page).to have_text("Line 1") - # expect(page).to have_text("#{group_of_line.name}") - # end - # end + # Fixme #1780 + # describe "new with group of line", :js => true do + # it "creates line and return to show" do + # visit new_line_referential_line_path(line_referential) + # fill_in "line_name", :with => "Line 1" + # fill_in "Numéro d'enregistrement", :with => "1" + # fill_in "Identifiant Neptune", :with => "test:Line:999" + # fill_in_token_input('line_group_of_line_tokens', :with => "#{group_of_line.name}") + # find_button("Créer ligne").trigger("click") + # expect(page).to have_text("Line 1") + # expect(page).to have_text("#{group_of_line.name}") + # end + # end - # Fixme #1780 - # describe "edit and return to show" do - # it "edit line" do - # visit line_referential_line_path(line_referential, subject) - # click_link "Editer cette ligne" - # fill_in "line_name", :with => "Line Modified" - # fill_in "Numéro d'enregistrement", :with => "test-1" - # click_button("Editer ligne") - # expect(page).to have_content("Line Modified") - # end - # end + # Fixme #1780 + # describe "edit and return to show" do + # it "edit line" do + # visit line_referential_line_path(line_referential, subject) + # click_link "Editer cette ligne" + # fill_in "line_name", :with => "Line Modified" + # fill_in "Numéro d'enregistrement", :with => "test-1" + # click_button("Editer ligne") + # expect(page).to have_content("Line Modified") + # end + # end + end end diff --git a/spec/features/routes_spec.rb b/spec/features/routes_spec.rb index 28015f011..561725ddd 100644 --- a/spec/features/routes_spec.rb +++ b/spec/features/routes_spec.rb @@ -1,6 +1,3 @@ -# -*- coding: utf-8 -*- -require 'spec_helper' - describe "Routes", :type => :feature do login_user @@ -13,130 +10,132 @@ describe "Routes", :type => :feature do before { @user.update(organisation: referential.organisation) } - describe "from lines page to a line page" do - it "display line's routes" do - visit referential_lines_path(referential) - first(:link, 'Consulter').click - expect(page).to have_content(route.name) - expect(page).to have_content(route2.name) + with_permissions "boiv:read" do + context "from lines page to a line page" do + it "display line's routes" do + visit referential_lines_path(referential) + first(:link, 'Consulter').click + expect(page).to have_content(route.name) + expect(page).to have_content(route2.name) + end end - end - describe "from line's page to route's page" do - it "display route properties" do - visit referential_line_path(referential, line) - click_link "#{route.name}" - expect(page).to have_content(route.name) - expect(page).to have_content(route.number) + describe "from line's page to route's page" do + it "display route properties" do + visit referential_line_path(referential, line) + click_link "#{route.name}" + expect(page).to have_content(route.name) + expect(page).to have_content(route.number) + end end - end - describe "from line's page, create a new route" do - it "return to line's page that display new route" do - visit referential_line_path(referential, line) - click_link "Ajouter un itinéraire" - fill_in "route_name", :with => "A to B" - fill_in "route_published_name", :with => "Published A to B" - # select 'Aller', :from => "route_direction" - check('route[wayback]') - click_button("Valider") - expect(page).to have_content("A to B") - expect(page).to have_content("Published A to B") - + describe "from line's page, create a new route" do + it "return to line's page that display new route" do + visit referential_line_path(referential, line) + click_link "Ajouter un itinéraire" + fill_in "route_name", :with => "A to B" + fill_in "route_published_name", :with => "Published A to B" + # select 'Aller', :from => "route_direction" + check('route[wayback]') + click_button("Valider") + expect(page).to have_content("A to B") + expect(page).to have_content("Published A to B") + + end end - end - describe "Modifies boarding/alighting properties on route stops" do - xit "Puts (http) an update request" do - #visit edit_boarding_alighting_referential_line_route_path(referential, line, route) - visit referential_line_route_path(referential, line, route) - - click_link I18n.t('routes.actions.edit_boarding_alighting') - #select('', :from => '') - # Changes the boarding of the first stop - # Changes the alighting of the last stop - # save - #click_button(I18n.t('helpers.submit.update', model: I18n.t('activerecord.models.route.one'))) - click_button(I18n.t('helpers.submit.update', model: I18n.t('activerecord.models.route.one'))) + describe "Modifies boarding/alighting properties on route stops" do + xit "Puts (http) an update request" do + #visit edit_boarding_alighting_referential_line_route_path(referential, line, route) + visit referential_line_route_path(referential, line, route) + + click_link I18n.t('routes.actions.edit_boarding_alighting') + #select('', :from => '') + # Changes the boarding of the first stop + # Changes the alighting of the last stop + # save + #click_button(I18n.t('helpers.submit.update', model: I18n.t('activerecord.models.route.one'))) + click_button(I18n.t('helpers.submit.update', model: I18n.t('activerecord.models.route.one'))) + end end - end - describe 'show' do - before(:each) { visit referential_line_route_path(referential, line, route) } + describe 'show' do + before(:each) { visit referential_line_route_path(referential, line, route) } - context 'user has permission to edit journey patterns' do - skip "not sure the spec is correct or the code" do - it 'shows edit links for journey patterns' do - expect(page).to have_link(I18n.t('actions.edit'), href: edit_referential_line_route_journey_pattern_path(referential, line, route, journey_pattern)) + context 'user has permission to edit journey patterns' do + skip "not sure the spec is correct or the code" do + it 'shows edit links for journey patterns' do + expect(page).to have_link(I18n.t('actions.edit'), href: edit_referential_line_route_journey_pattern_path(referential, line, route, journey_pattern)) + end end end - end - context 'user does not have permission to edit journey patterns' do - it 'does not show edit links for journey patterns' do - @user.update_attribute(:permissions, []) - visit referential_line_route_path(referential, line, route) - expect(page).not_to have_link(I18n.t('actions.edit'), href: edit_referential_line_route_journey_pattern_path(referential, line, route, journey_pattern)) + context 'user does not have permission to edit journey patterns' do + it 'does not show edit links for journey patterns' do + @user.update_attribute(:permissions, []) + visit referential_line_route_path(referential, line, route) + expect(page).not_to have_link(I18n.t('actions.edit'), href: edit_referential_line_route_journey_pattern_path(referential, line, route, journey_pattern)) + end end - end - context 'user has permission to destroy journey patterns' do - it 'shows destroy links for journey patterns' do - expect(page).to have_content(I18n.t('actions.destroy')) + context 'user has permission to destroy journey patterns' do + it 'shows destroy links for journey patterns' do + expect(page).to have_content(I18n.t('actions.destroy')) + end end - end - context 'user does not have permission to destroy journey patterns' do - it 'does not show destroy links for journey patterns' do - @user.update_attribute(:permissions, []) - visit referential_line_route_path(referential, line, route) - expect(page).not_to have_link(I18n.t('actions.destroy'), href: referential_line_route_journey_pattern_path(referential, line, route, journey_pattern)) + context 'user does not have permission to destroy journey patterns' do + it 'does not show destroy links for journey patterns' do + @user.update_attribute(:permissions, []) + visit referential_line_route_path(referential, line, route) + expect(page).not_to have_link(I18n.t('actions.destroy'), href: referential_line_route_journey_pattern_path(referential, line, route, journey_pattern)) + end end end - end - describe 'referential line show' do - before(:each) { visit referential_line_path(referential, line) } + describe 'referential line show' do + before(:each) { visit referential_line_path(referential, line) } - context 'user has permission to edit routes' do - it 'shows edit buttons for routes' do - expect(page).to have_content(I18n.t('actions.edit')) + context 'user has permission to edit routes' do + it 'shows edit buttons for routes' do + expect(page).to have_content(I18n.t('actions.edit')) + end end - end - context 'user does not have permission to edit routes' do - it 'does not show edit buttons for routes' do - @user.update_attribute(:permissions, []) - visit referential_line_path(referential, line) - expect(page).not_to have_link(I18n.t('actions.edit'), href: edit_referential_line_route_path(referential, line, route)) + context 'user does not have permission to edit routes' do + it 'does not show edit buttons for routes' do + @user.update_attribute(:permissions, []) + visit referential_line_path(referential, line) + expect(page).not_to have_link(I18n.t('actions.edit'), href: edit_referential_line_route_path(referential, line, route)) + end end - end - context 'user has permission to create routes' do - it 'shows link to a create route page' do - expect(page).to have_content(I18n.t('routes.actions.new')) + context 'user has permission to create routes' do + it 'shows link to a create route page' do + expect(page).to have_content(I18n.t('routes.actions.new')) + end end - end - context 'user belongs to another organisation' do - xit 'does not show link to a create route page' do - expect(page).not_to have_content(I18n.t('routes.actions.new')) + context 'user belongs to another organisation' do + xit 'does not show link to a create route page' do + expect(page).not_to have_content(I18n.t('routes.actions.new')) + end end - end - context 'user does not have permission to create routes' do - it 'does not show link to a create route page' do - @user.update_attribute(:permissions, []) - visit referential_line_path(referential, line) - expect(page).not_to have_content(I18n.t('routes.actions.new')) + context 'user does not have permission to create routes' do + it 'does not show link to a create route page' do + @user.update_attribute(:permissions, []) + visit referential_line_path(referential, line) + expect(page).not_to have_content(I18n.t('routes.actions.new')) + end end - end - context 'user does not have permission to destroy routes' do - it 'does not show destroy buttons for routes' do - @user.update_attribute(:permissions, []) - visit referential_line_path(referential, line) - expect(page).not_to have_link(I18n.t('actions.destroy'), href: referential_line_route_path(referential, line, route)) + context 'user does not have permission to destroy routes' do + it 'does not show destroy buttons for routes' do + @user.update_attribute(:permissions, []) + visit referential_line_path(referential, line) + expect(page).not_to have_link(I18n.t('actions.destroy'), href: referential_line_route_path(referential, line, route)) + end end end end diff --git a/spec/features/time_tables_spec.rb b/spec/features/time_tables_spec.rb index 58a1dc98f..0fb4bb30d 100644 --- a/spec/features/time_tables_spec.rb +++ b/spec/features/time_tables_spec.rb @@ -1,7 +1,4 @@ -# -*- coding: utf-8 -*- -require 'spec_helper' - -describe "TimeTables", :type => :feature do +RSpec.describe "TimeTables", :type => :feature do login_user let!(:time_tables) { Array.new(2) { create(:time_table) } } diff --git a/spec/features/vehicle_journeys_spec.rb b/spec/features/vehicle_journeys_spec.rb index 5a3a9ad7d..16a79e2c5 100644 --- a/spec/features/vehicle_journeys_spec.rb +++ b/spec/features/vehicle_journeys_spec.rb @@ -43,7 +43,7 @@ describe 'VehicleJourneys', type: :feature do context 'user does not have permission to edit vehicle journeys' do it 'does not show an edit link for vehicle journeys' do - @user.tap { |u| u.permissions.delete('vehicle_journeys.edit') }.save + @user.tap { |u| u.permissions.delete('vehicle_journeys.update') }.save visit referential_line_route_vehicle_journey_path(referential, line, route, vehicle_journey) expect(page).not_to have_content(I18n.t('vehicle_journeys.actions.edit')) end diff --git a/spec/features/workbenches_spec.rb b/spec/features/workbenches_spec.rb index 9a40a8376..9141b5673 100644 --- a/spec/features/workbenches_spec.rb +++ b/spec/features/workbenches_spec.rb @@ -121,7 +121,7 @@ describe 'Workbenches', type: :feature do expect(page).to_not have_content(other_referential.name) end - it 'should keep filtering on sort' do + it 'should keep filtering on sort' do dates = referential.validity_period.to_a fill_validity_field dates[0], 'begin_gteq' fill_validity_field dates[1], 'end_lteq' @@ -149,47 +149,47 @@ describe 'Workbenches', type: :feature do end click_button 'Filtrer' - ['begin_gteq', 'end_lteq'].each_with_index do |field, index| + ['begin_gteq', 'end_lteq'].each_with_index do |field, index| expect(find("#q_validity_period_#{field}_3i").value).to eq dates[index].day.to_s expect(find("#q_validity_period_#{field}_2i").value).to eq dates[index].month.to_s expect(find("#q_validity_period_#{field}_1i").value).to eq dates[index].year.to_s end end end - end - context 'permissions' do - before(:each) do - visit workbench_path(workbench) - end + context 'permissions' do + before(:each) do + visit workbench_path(workbench) + end - context 'user has the permission to create referentials' do - it 'shows the link for a new referetnial' do - expect(page).to have_link(I18n.t('actions.add'), href: new_referential_path(workbench_id: workbench.id)) + context 'user has the permission to create referentials' do + it 'shows the link for a new referetnial' do + expect(page).to have_link(I18n.t('actions.add'), href: new_referential_path(workbench_id: workbench.id)) + end end - end - context 'user does not have the permission to create referentials' do - it 'does not show the clone link for referential' do - @user.update_attribute(:permissions, []) - visit referential_path(referential) - expect(page).not_to have_link(I18n.t('actions.add'), href: new_referential_path(workbench_id: workbench.id)) + context 'user does not have the permission to create referentials' do + it 'does not show the clone link for referential' do + @user.update_attribute(:permissions, []) + visit referential_path(referential) + expect(page).not_to have_link(I18n.t('actions.add'), href: new_referential_path(workbench_id: workbench.id)) + end end end - end - end - describe 'create new Referential' do - it "create a new Referential with a specifed line and period" do - referential.destroy + describe 'create new Referential' do + it "create a new Referential with a specifed line and period" do + referential.destroy - visit workbench_path(workbench) - click_link I18n.t('actions.add') - fill_in "referential[name]", with: "Referential to test creation" - select workbench.lines.first.id, from: 'referential[metadatas_attributes][0][lines][]' + visit workbench_path(workbench) + click_link I18n.t('actions.add') + fill_in "referential[name]", with: "Referential to test creation" + select workbench.lines.first.id, from: 'referential[metadatas_attributes][0][lines][]' - click_button "Valider" - expect(page).to have_css("h1", text: "Referential to test creation") + click_button "Valider" + expect(page).to have_css("h1", text: "Referential to test creation") + end + end end end end diff --git a/spec/helpers/table_builder_helper/custom_links_spec.rb b/spec/helpers/table_builder_helper/custom_links_spec.rb index b64e97527..4b07922a7 100644 --- a/spec/helpers/table_builder_helper/custom_links_spec.rb +++ b/spec/helpers/table_builder_helper/custom_links_spec.rb @@ -1,5 +1,3 @@ -require 'spec_helper' - describe TableBuilderHelper::CustomLinks do describe "#actions_after_policy_check" do it "includes :show" do @@ -8,19 +6,17 @@ describe TableBuilderHelper::CustomLinks do build_stubbed( :user, organisation: referential.organisation, - permissions: [ - 'boiv:read-offer' - ] ), referential: referential ) + stub_policy_scope(referential) expect( TableBuilderHelper::CustomLinks.new( referential, user_context, [:show] - ).actions_after_policy_check + ).authorized_actions ).to eq([:show]) end end diff --git a/spec/helpers/table_builder_helper_spec.rb b/spec/helpers/table_builder_helper_spec.rb index d90c14204..4f7c1bd69 100644 --- a/spec/helpers/table_builder_helper_spec.rb +++ b/spec/helpers/table_builder_helper_spec.rb @@ -16,8 +16,8 @@ describe TableBuilderHelper, type: :helper do organisation: referential.organisation, permissions: [ 'referentials.create', - 'referentials.edit', - 'referentials.destroy' + 'referentials.update', + 'referentials.destroy', ] ), referential: referential @@ -27,6 +27,7 @@ describe TableBuilderHelper, type: :helper do referentials = [referential] allow(referentials).to receive(:model).and_return(Referential) + stub_policy_scope(referential) allow(helper).to receive(:params).and_return({ controller: 'workbenches', @@ -193,6 +194,7 @@ describe TableBuilderHelper, type: :helper do companies, with: CompanyDecorator ) + stub_policy_scope(company) expected = <<-HTML <table class="table has-search"> @@ -299,8 +301,10 @@ describe TableBuilderHelper, type: :helper do companies = ModelDecorator.decorate( companies, - with: CompanyDecorator + with: CompanyDecorator, + context: {line_referential: line_referential} ) + stub_policy_scope(company) expected = <<-HTML <table class="table has-search"> diff --git a/spec/policies/access_link_policy_spec.rb b/spec/policies/access_link_policy_spec.rb new file mode 100644 index 000000000..6194ae55c --- /dev/null +++ b/spec/policies/access_link_policy_spec.rb @@ -0,0 +1,20 @@ +RSpec.describe AccessLinkPolicy, type: :policy do + + let( :record ){ build_stubbed :access_link } + + permissions :create? do + it_behaves_like 'permitted policy and same organisation', "access_links.create", archived: true + end + permissions :destroy? do + it_behaves_like 'permitted policy and same organisation', "access_links.destroy", archived: true + end + permissions :edit? do + it_behaves_like 'permitted policy and same organisation', "access_links.update", archived: true + end + permissions :new? do + it_behaves_like 'permitted policy and same organisation', "access_links.create", archived: true + end + permissions :update? do + it_behaves_like 'permitted policy and same organisation', "access_links.update", archived: true + end +end diff --git a/spec/policies/access_point_policy_spec.rb b/spec/policies/access_point_policy_spec.rb new file mode 100644 index 000000000..b6bc46eb4 --- /dev/null +++ b/spec/policies/access_point_policy_spec.rb @@ -0,0 +1,20 @@ +RSpec.describe AccessPointPolicy, type: :policy do + + let( :record ){ build_stubbed :access_point } + + permissions :create? do + it_behaves_like 'permitted policy and same organisation', "access_points.create", archived: true + end + permissions :destroy? do + it_behaves_like 'permitted policy and same organisation', "access_points.destroy", archived: true + end + permissions :edit? do + it_behaves_like 'permitted policy and same organisation', "access_points.update", archived: true + end + permissions :new? do + it_behaves_like 'permitted policy and same organisation', "access_points.create", archived: true + end + permissions :update? do + it_behaves_like 'permitted policy and same organisation', "access_points.update", archived: true + end +end diff --git a/spec/policies/boiv_policy_spec.rb b/spec/policies/boiv_policy_spec.rb deleted file mode 100644 index 6787ab2ac..000000000 --- a/spec/policies/boiv_policy_spec.rb +++ /dev/null @@ -1,16 +0,0 @@ -RSpec.describe BoivPolicy, type: :policy do - - let( :record ){ nil } - - permissions :index? do - it_behaves_like 'permitted policy and same organisation', 'boiv:read-offer' - end - - permissions :boiv_read_offer? do - it_behaves_like 'permitted policy and same organisation', 'boiv:read-offer' - end - - permissions :show? do - it_behaves_like 'permitted policy and same organisation', 'boiv:read-offer' - end -end diff --git a/spec/policies/calendar_policy_spec.rb b/spec/policies/calendar_policy_spec.rb new file mode 100644 index 000000000..57f771c54 --- /dev/null +++ b/spec/policies/calendar_policy_spec.rb @@ -0,0 +1,22 @@ +RSpec.describe CalendarPolicy, type: :policy do + + let( :record ){ build_stubbed :calendar } + before { stub_policy_scope(record) } + + + permissions :create? do + it_behaves_like 'permitted policy and same organisation', 'calendars.create', archived: true + end + permissions :destroy? do + it_behaves_like 'permitted policy and same organisation', 'calendars.destroy', archived: true + end + permissions :edit? do + it_behaves_like 'permitted policy and same organisation', 'calendars.update', archived: true + end + permissions :new? do + it_behaves_like 'permitted policy and same organisation', 'calendars.create', archived: true + end + permissions :update? do + it_behaves_like 'permitted policy and same organisation', 'calendars.update', archived: true + end +end diff --git a/spec/policies/company_policy_spec.rb b/spec/policies/company_policy_spec.rb new file mode 100644 index 000000000..2d249a2be --- /dev/null +++ b/spec/policies/company_policy_spec.rb @@ -0,0 +1,42 @@ +RSpec.describe CompanyPolicy, type: :policy do + + let( :record ){ build_stubbed :company } + before { stub_policy_scope(record) } + + + # + # Non Destructive + # --------------- + + context 'Non Destructive actions →' do + permissions :index? do + it_behaves_like 'always allowed', 'anything', archived: true + end + permissions :show? do + it_behaves_like 'always allowed', 'anything', archived: true + end + end + + + # + # Destructive + # ----------- + + context 'Destructive actions →' do + permissions :create? do + it_behaves_like 'always forbidden', 'companies.create', archived: true + end + permissions :destroy? do + it_behaves_like 'always forbidden', 'companies.destroy', archived: true + end + permissions :edit? do + it_behaves_like 'always forbidden', 'companies.update', archived: true + end + permissions :new? do + it_behaves_like 'always forbidden', 'companies.create', archived: true + end + permissions :update? do + it_behaves_like 'always forbidden', 'companies.update', archived: true + end + end +end diff --git a/spec/policies/connection_link_policy_spec.rb b/spec/policies/connection_link_policy_spec.rb new file mode 100644 index 000000000..23e40abe3 --- /dev/null +++ b/spec/policies/connection_link_policy_spec.rb @@ -0,0 +1,20 @@ +RSpec.describe ConnectionLinkPolicy, type: :policy do + + let( :record ){ build_stubbed :connection_link } + + permissions :create? do + it_behaves_like 'permitted policy and same organisation', "connection_links.create", archived: true + end + permissions :destroy? do + it_behaves_like 'permitted policy and same organisation', "connection_links.destroy", archived: true + end + permissions :edit? do + it_behaves_like 'permitted policy and same organisation', "connection_links.update", archived: true + end + permissions :new? do + it_behaves_like 'permitted policy and same organisation', "connection_links.create", archived: true + end + permissions :update? do + it_behaves_like 'permitted policy and same organisation', "connection_links.update", archived: true + end +end diff --git a/spec/policies/group_of_line_policy_spec.rb b/spec/policies/group_of_line_policy_spec.rb new file mode 100644 index 000000000..29fbb1bfb --- /dev/null +++ b/spec/policies/group_of_line_policy_spec.rb @@ -0,0 +1,42 @@ +RSpec.describe GroupOfLinePolicy, type: :policy do + + let( :record ){ build_stubbed :group_of_line } + before { stub_policy_scope(record) } + + + # + # Non Destructive + # --------------- + + context 'Non Destructive actions →' do + permissions :index? do + it_behaves_like 'always allowed', 'anything', archived: true + end + permissions :show? do + it_behaves_like 'always allowed', 'anything', archived: true + end + end + + + # + # Destructive + # ----------- + + context 'Destructive actions →' do + permissions :create? do + it_behaves_like 'always forbidden', 'group_of_lines.create', archived: true + end + permissions :destroy? do + it_behaves_like 'always forbidden', 'group_of_lines.destroy', archived: true + end + permissions :edit? do + it_behaves_like 'always forbidden', 'group_of_lines.update', archived: true + end + permissions :new? do + it_behaves_like 'always forbidden', 'group_of_lines.create', archived: true + end + permissions :update? do + it_behaves_like 'always forbidden', 'group_of_lines.update', archived: true + end + end +end diff --git a/spec/policies/journey_pattern_policy_spec.rb b/spec/policies/journey_pattern_policy_spec.rb new file mode 100644 index 000000000..39f849277 --- /dev/null +++ b/spec/policies/journey_pattern_policy_spec.rb @@ -0,0 +1,20 @@ +RSpec.describe JourneyPatternPolicy, type: :policy do + + let( :record ){ build_stubbed :journey_pattern } + + permissions :create? do + it_behaves_like 'permitted policy and same organisation', "journey_patterns.create", archived: true + end + permissions :destroy? do + it_behaves_like 'permitted policy and same organisation', "journey_patterns.destroy", archived: true + end + permissions :edit? do + it_behaves_like 'permitted policy and same organisation', "journey_patterns.update", archived: true + end + permissions :new? do + it_behaves_like 'permitted policy and same organisation', "journey_patterns.create", archived: true + end + permissions :update? do + it_behaves_like 'permitted policy and same organisation', "journey_patterns.update", archived: true + end +end diff --git a/spec/policies/line_policy_spec.rb b/spec/policies/line_policy_spec.rb index e720b2bc7..334073506 100644 --- a/spec/policies/line_policy_spec.rb +++ b/spec/policies/line_policy_spec.rb @@ -1,21 +1,59 @@ RSpec.describe LinePolicy, type: :policy do let( :record ){ build_stubbed :line } + before { stub_policy_scope(record) } - %w{create destroy edit}.each do | permission | - footnote_permission = "#{permission}_footnote" - permissions "#{footnote_permission}?".to_sym do - it_behaves_like 'permitted policy', "footnotes.#{permission}", archived: true + # + # Non Destructive + # --------------- + + context 'Non Destructive actions →' do + permissions :index? do + it_behaves_like 'always allowed', 'anything', archived: true + end + permissions :show? do + it_behaves_like 'always allowed', 'anything', archived: true + end + end + + + # + # Destructive + # ----------- + + context 'Destructive actions →' do + permissions :create? do + it_behaves_like 'always forbidden', 'lines.create', archived: true + end + permissions :destroy? do + it_behaves_like 'always forbidden', 'lines.destroy', archived: true end + permissions :edit? do + it_behaves_like 'always forbidden', 'lines.update', archived: true + end + permissions :new? do + it_behaves_like 'always forbidden', 'lines.create', archived: true + end + permissions :update? do + it_behaves_like 'always forbidden', 'lines.update', archived: true + end + end + + + # + # Custom Footnote Permissions + # --------------------------- + + permissions :create_footnote? do + it_behaves_like 'permitted policy and same organisation', 'footnotes.create', archived: true end - permissions :new_footnote? do - it_behaves_like 'permitted policy', 'footnotes.create', archived: true + permissions :destroy_footnote? do + it_behaves_like 'permitted policy and same organisation', 'footnotes.destroy', archived: true end permissions :update_footnote? do - it_behaves_like 'permitted policy', 'footnotes.edit', archived: true + it_behaves_like 'permitted policy and same organisation', 'footnotes.update', archived: true end - end diff --git a/spec/policies/network_policy_spec.rb b/spec/policies/network_policy_spec.rb new file mode 100644 index 000000000..ae4ffa03a --- /dev/null +++ b/spec/policies/network_policy_spec.rb @@ -0,0 +1,42 @@ +RSpec.describe NetworkPolicy, type: :policy do + + let( :record ){ build_stubbed :network } + before { stub_policy_scope(record) } + + + # + # Non Destructive + # --------------- + + context 'Non Destructive actions →' do + permissions :index? do + it_behaves_like 'always allowed', 'anything', archived: true + end + permissions :show? do + it_behaves_like 'always allowed', 'anything', archived: true + end + end + + + # + # Destructive + # ----------- + + context 'Destructive actions →' do + permissions :create? do + it_behaves_like 'always forbidden', 'networks.create', archived: true + end + permissions :destroy? do + it_behaves_like 'always forbidden', 'networks.destroy', archived: true + end + permissions :edit? do + it_behaves_like 'always forbidden', 'networks.update', archived: true + end + permissions :new? do + it_behaves_like 'always forbidden', 'networks.create', archived: true + end + permissions :update? do + it_behaves_like 'always forbidden', 'networks.update', archived: true + end + end +end diff --git a/spec/policies/referential_policy_spec.rb b/spec/policies/referential_policy_spec.rb new file mode 100644 index 000000000..d060317f9 --- /dev/null +++ b/spec/policies/referential_policy_spec.rb @@ -0,0 +1,102 @@ +RSpec.describe ReferentialPolicy, type: :policy do + + let( :record ){ build_stubbed :referential } + + + # + # Collection Based Permissions differ from standard as there is no referential yet + # -------------------------------------------------------------------------------- + + permissions :create? do + it 'permissions present → allowed' do + add_permissions('referentials.create', for_user: user) + expect_it.to permit(user_context, record) + end + it 'permissions absent → forbidden' do + expect_it.not_to permit(user_context, record) + end + end + + permissions :new? do + it 'permissions present → allowed' do + add_permissions('referentials.create', for_user: user) + expect_it.to permit(user_context, record) + end + it 'permissions absent → forbidden' do + expect_it.not_to permit(user_context, record) + end + end + + # + # Standard Destructive Action Permissions + # --------------------------------------- + + permissions :destroy? do + it_behaves_like 'permitted policy and same organisation', 'referentials.destroy', archived: true + end + permissions :edit? do + it_behaves_like 'permitted policy and same organisation', 'referentials.update', archived: true + end + permissions :update? do + it_behaves_like 'permitted policy and same organisation', 'referentials.update', archived: true + end + + # + # Custom Permissions + # ------------------ + + permissions :clone? do + it_behaves_like 'permitted policy and same organisation', 'referentials.create', archived: true + end + + permissions :archive? do + + context 'permission present →' do + before do + add_permissions('referentials.update', for_user: user) + end + + it 'allowed for unarchived referentials' do + expect_it.to permit(user_context, record) + end + + it 'forbidden for archived referentials' do + record.archived_at = 1.second.ago + expect_it.not_to permit(user_context, record) + end + end + + context 'permission absent →' do + it 'is forbidden' do + expect_it.not_to permit(user_context, record) + end + end + + end + + permissions :unarchive? do + + context 'permission present →' do + before do + add_permissions('referentials.update', for_user: user) + end + + it 'forbidden for unarchived referentials' do + expect_it.not_to permit(user_context, record) + end + + it 'allowed for archived referentials' do + record.archived_at = 1.second.ago + expect_it.to permit(user_context, record) + end + end + + context 'permission absent →' do + it 'is forbidden' do + record.archived_at = 1.second.ago + expect_it.not_to permit(user_context, record) + end + end + + end +end diff --git a/spec/policies/route_policy_spec.rb b/spec/policies/route_policy_spec.rb index cc949ff45..243d85acb 100644 --- a/spec/policies/route_policy_spec.rb +++ b/spec/policies/route_policy_spec.rb @@ -3,7 +3,7 @@ RSpec.describe RoutePolicy, type: :policy do let( :record ){ build_stubbed :route } permissions :create? do - it_behaves_like 'permitted policy', 'routes.create', archived: true + it_behaves_like 'permitted policy and same organisation', 'routes.create', archived: true end permissions :destroy? do @@ -11,14 +11,14 @@ RSpec.describe RoutePolicy, type: :policy do end permissions :edit? do - it_behaves_like 'permitted policy and same organisation', 'routes.edit', archived: true + it_behaves_like 'permitted policy and same organisation', 'routes.update', archived: true end permissions :new? do - it_behaves_like 'permitted policy', 'routes.create', archived: true + it_behaves_like 'permitted policy and same organisation', 'routes.create', archived: true end permissions :update? do - it_behaves_like 'permitted policy and same organisation', 'routes.edit', archived: true + it_behaves_like 'permitted policy and same organisation', 'routes.update', archived: true end end diff --git a/spec/policies/routing_constraint_zone_policy_spec.rb b/spec/policies/routing_constraint_zone_policy_spec.rb index 2508b49f9..2ef15fa95 100644 --- a/spec/policies/routing_constraint_zone_policy_spec.rb +++ b/spec/policies/routing_constraint_zone_policy_spec.rb @@ -4,7 +4,7 @@ RSpec.describe RoutingConstraintZonePolicy, type: :policy do permissions :create? do - it_behaves_like 'permitted policy', 'routing_constraint_zones.create', archived: true + it_behaves_like 'permitted policy and same organisation', 'routing_constraint_zones.create', archived: true end permissions :destroy? do @@ -12,14 +12,14 @@ RSpec.describe RoutingConstraintZonePolicy, type: :policy do end permissions :edit? do - it_behaves_like 'permitted policy and same organisation', 'routing_constraint_zones.edit', archived: true + it_behaves_like 'permitted policy and same organisation', 'routing_constraint_zones.update', archived: true end permissions :new? do - it_behaves_like 'permitted policy', 'routing_constraint_zones.create', archived: true + it_behaves_like 'permitted policy and same organisation', 'routing_constraint_zones.create', archived: true end permissions :update? do - it_behaves_like 'permitted policy and same organisation', 'routing_constraint_zones.edit', archived: true + it_behaves_like 'permitted policy and same organisation', 'routing_constraint_zones.update', archived: true end end diff --git a/spec/policies/stop_area_policy_spec.rb b/spec/policies/stop_area_policy_spec.rb new file mode 100644 index 000000000..8fe59c8e3 --- /dev/null +++ b/spec/policies/stop_area_policy_spec.rb @@ -0,0 +1,42 @@ +RSpec.describe StopAreaPolicy, type: :policy do + + let( :record ){ build_stubbed :stop_area } + before { stub_policy_scope(record) } + + + # + # Non Destructive + # --------------- + + context 'Non Destructive actions →' do + permissions :index? do + it_behaves_like 'always allowed', 'anything', archived: true + end + permissions :show? do + it_behaves_like 'always allowed', 'anything', archived: true + end + end + + + # + # Destructive + # ----------- + + context 'Destructive actions →' do + permissions :create? do + it_behaves_like 'always forbidden', 'stop_areas.create', archived: true + end + permissions :destroy? do + it_behaves_like 'always forbidden', 'stop_areas.destroy', archived: true + end + permissions :edit? do + it_behaves_like 'always forbidden', 'stop_areas.update', archived: true + end + permissions :new? do + it_behaves_like 'always forbidden', 'stop_areas.create', archived: true + end + permissions :update? do + it_behaves_like 'always forbidden', 'stop_areas.update', archived: true + end + end +end diff --git a/spec/policies/stop_point_policy_spec.rb b/spec/policies/stop_point_policy_spec.rb new file mode 100644 index 000000000..2a8b9b905 --- /dev/null +++ b/spec/policies/stop_point_policy_spec.rb @@ -0,0 +1,5 @@ +RSpec.describe Chouette::StopPoint do + describe "using RoutePolicy" do + it { expect( described_class.policy_class ).to eq(RoutePolicy) } + end +end diff --git a/spec/policies/time_table_policy_spec.rb b/spec/policies/time_table_policy_spec.rb index 90e6600ea..dad3c13bc 100644 --- a/spec/policies/time_table_policy_spec.rb +++ b/spec/policies/time_table_policy_spec.rb @@ -2,20 +2,23 @@ RSpec.describe TimeTablePolicy, type: :policy do let( :record ){ build_stubbed :time_table } - - permissions :duplicate? do + permissions :create? do it_behaves_like 'permitted policy and same organisation', 'time_tables.create', archived: true end - %w{destroy edit}.each do | permission | - permissions "#{permission}?".to_sym do - it_behaves_like 'permitted policy and same organisation', "time_tables.#{permission}", archived: true - end + permissions :destroy? do + it_behaves_like 'permitted policy and same organisation', 'time_tables.destroy', archived: true end - permissions :create? do - it_behaves_like 'permitted policy', 'time_tables.create', archived: true + permissions :edit? do + it_behaves_like 'permitted policy and same organisation', 'time_tables.update', archived: true end + permissions :new? do + it_behaves_like 'permitted policy and same organisation', 'time_tables.create', archived: true + end + permissions :update? do + it_behaves_like 'permitted policy and same organisation', 'time_tables.update', archived: true + end end diff --git a/spec/support/apartment_stubbing.rb b/spec/support/apartment_stubbing.rb new file mode 100644 index 000000000..408d3b878 --- /dev/null +++ b/spec/support/apartment_stubbing.rb @@ -0,0 +1,14 @@ +module Support + # This is needed for referentials that are stubbed with `build_stubbed` + # As one cannot switch to such referentials (obviously the schema does not exist) + # we provide a stub for `scope.where(...` needed in ApplicationPolicy#show + module ApartmentStubbing + def stub_policy_scope(model) + allow(model.class).to receive(:where).with(id: model.id).and_return double("instance of #{model.class}").as_null_object + end + end +end + +RSpec.configure do | conf | + conf.include Support::ApartmentStubbing +end diff --git a/spec/support/devise.rb b/spec/support/devise.rb index d4a279a41..28703c072 100644 --- a/spec/support/devise.rb +++ b/spec/support/devise.rb @@ -4,12 +4,12 @@ module DeviseRequestHelper def login_user organisation = Organisation.where(:code => "first").first_or_create(attributes_for(:organisation)) @user ||= create(:user, :organisation => organisation, - :permissions => ['routes.create', 'routes.edit', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.edit', 'journey_patterns.destroy', - 'vehicle_journeys.create', 'vehicle_journeys.edit', 'vehicle_journeys.destroy', 'time_tables.create', 'time_tables.edit', 'time_tables.destroy', - 'footnotes.edit', 'footnotes.create', 'footnotes.destroy', 'routing_constraint_zones.create', 'routing_constraint_zones.edit', 'routing_constraint_zones.destroy', - 'access_points.create', 'access_points.edit', 'access_points.destroy', 'access_links.create', 'access_links.edit', 'access_links.destroy', - 'connection_links.create', 'connection_links.edit', 'connection_links.destroy', 'route_sections.create', 'route_sections.edit', 'route_sections.destroy', - 'referentials.create', 'referentials.edit', 'referentials.destroy']) + :permissions => ['routes.create', 'routes.update', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.update', 'journey_patterns.destroy', + 'vehicle_journeys.create', 'vehicle_journeys.update', 'vehicle_journeys.destroy', 'time_tables.create', 'time_tables.update', 'time_tables.destroy', + 'footnotes.update', 'footnotes.create', 'footnotes.destroy', 'routing_constraint_zones.create', 'routing_constraint_zones.update', 'routing_constraint_zones.destroy', + 'access_points.create', 'access_points.update', 'access_points.destroy', 'access_links.create', 'access_links.update', 'access_links.destroy', + 'connection_links.create', 'connection_links.update', 'connection_links.destroy', 'route_sections.create', 'route_sections.update', 'route_sections.destroy', + 'referentials.create', 'referentials.update', 'referentials.destroy']) login_as @user, :scope => :user # post_via_redirect user_session_path, 'user[email]' => @user.email, 'user[password]' => @user.password end @@ -36,25 +36,42 @@ module DeviseRequestHelper end module DeviseControllerHelper + def setup_user + _all_actions = %w{create destroy update} + _all_resources = %w{ access_links + access_points + connection_links + footnotes + journey_patterns + referentials + route_sections + routes + routing_constraint_zones + time_tables + vehicle_journeys } + join_with = -> (separator) do + -> (ary) { ary.join(separator) } + end + before do @request.env["devise.mapping"] = Devise.mappings[:user] organisation = Organisation.where(:code => "first").first_or_create(attributes_for(:organisation)) - @user = create(:user, :organisation => organisation, - :permissions => ['routes.create', 'routes.edit', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.edit', 'journey_patterns.destroy', - 'vehicle_journeys.create', 'vehicle_journeys.edit', 'vehicle_journeys.destroy', 'time_tables.create', 'time_tables.edit', 'time_tables.destroy', - 'footnotes.edit', 'footnotes.create', 'footnotes.destroy', 'routing_constraint_zones.create', 'routing_constraint_zones.edit', 'routing_constraint_zones.destroy', - 'access_points.create', 'access_points.edit', 'access_points.destroy', 'access_links.create', 'access_links.edit', 'access_links.destroy', - 'connection_links.create', 'connection_links.edit', 'connection_links.destroy', 'route_sections.create', 'route_sections.edit', 'route_sections.destroy', - 'referentials.create', 'referentials.edit', 'referentials.destroy']) + @user = create(:user, + organisation: organisation, + permissions: _all_resources.product( _all_actions ).map(&join_with.('.'))) end end + def login_user() setup_user before do sign_in @user end end + + private + end RSpec.configure do |config| diff --git a/spec/support/pundit/policies.rb b/spec/support/pundit/policies.rb index 02fea2944..d5bb63243 100644 --- a/spec/support/pundit/policies.rb +++ b/spec/support/pundit/policies.rb @@ -35,10 +35,24 @@ module Support end end end + + module FeaturePermissionMacros + def with_permissions(*permissions, &blk) + perms, options = permissions.partition{|x| String === x} + context "with permissions #{perms.inspect}...", *options do + before do + add_permissions(*permissions, for_user: @user) + end + instance_eval(&blk) + end + end + end end end RSpec.configure do | c | c.include Support::Pundit::Policies, type: :policy c.extend Support::Pundit::PoliciesMacros, type: :policy + c.include Support::Pundit::Policies, type: :feature + c.extend Support::Pundit::FeaturePermissionMacros, type: :feature end diff --git a/spec/support/pundit/shared_examples.rb b/spec/support/pundit/shared_examples.rb index 33ed1ffae..b91caa479 100644 --- a/spec/support/pundit/shared_examples.rb +++ b/spec/support/pundit/shared_examples.rb @@ -1,57 +1,100 @@ -RSpec.shared_examples 'permitted policy and same organisation' do - | permission, archived: false| - context 'permission absent → ' do - it "denies a user with a different organisation" do - expect_it.not_to permit(user_context, record) +RSpec.shared_examples 'always allowed' do + | permission, archived: false| + context 'same organisation →' do + before do + user.organisation_id = referential.organisation_id end - it 'and also a user with the same organisation' do - user.organisation = referential.organisation - expect_it.not_to permit(user_context, record) + it "allows a user with the same organisation" do + expect_it.to permit(user_context, record) + end + if archived + it 'does not remove permission for archived referentials' do + referential.archived_at = 42.seconds.ago + expect_it.to permit(user_context, record) + end end end - - context 'permission present → ' do + + context 'different organisations →' do before do add_permissions(permission, for_user: user) end + it "allows a user with a different organisation" do + expect_it.to permit(user_context, record) + end + if archived + it 'does not remove permission for archived referentials' do + referential.archived_at = 42.seconds.ago + expect_it.to permit(user_context, record) + end + end + end +end - it 'denies a user with a different organisation' do +RSpec.shared_examples 'always forbidden' do + | permission, archived: false| + context 'same organisation →' do + before do + user.organisation_id = referential.organisation_id + end + it "allows a user with the same organisation" do expect_it.not_to permit(user_context, record) end - - it 'but allows it for a user with the same organisation' do - user.organisation = referential.organisation - expect_it.to permit(user_context, record) + if archived + it 'still no permission for archived referentials' do + referential.archived_at = 42.seconds.ago + expect_it.not_to permit(user_context, record) + end end + end + context 'different organisations →' do + before do + add_permissions(permission, for_user: user) + end + it "denies a user with a different organisation" do + expect_it.not_to permit(user_context, record) + end if archived - it 'removes the permission for archived referentials' do - user.organisation = referential.organisation + it 'still no permission for archived referentials' do referential.archived_at = 42.seconds.ago expect_it.not_to permit(user_context, record) end end end end - -RSpec.shared_examples 'permitted policy' do +j +RSpec.shared_examples 'permitted policy and same organisation' do | permission, archived: false| + context 'permission absent → ' do it "denies a user with a different organisation" do expect_it.not_to permit(user_context, record) end + it 'and also a user with the same organisation' do + user.organisation_id = referential.organisation_id + expect_it.not_to permit(user_context, record) + end end + context 'permission present → ' do before do add_permissions(permission, for_user: user) end - it 'allows a user with a different organisation' do + + it 'denies a user with a different organisation' do + expect_it.not_to permit(user_context, record) + end + + it 'but allows it for a user with the same organisation' do + user.organisation_id = referential.organisation_id expect_it.to permit(user_context, record) end if archived it 'removes the permission for archived referentials' do + user.organisation_id = referential.organisation_id referential.archived_at = 42.seconds.ago expect_it.not_to permit(user_context, record) end |