diff options
Diffstat (limited to 'spec/policies/application_policy_spec.rb')
| -rw-r--r-- | spec/policies/application_policy_spec.rb | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/spec/policies/application_policy_spec.rb b/spec/policies/application_policy_spec.rb index d7e8e5e27..c6e5b89bf 100644 --- a/spec/policies/application_policy_spec.rb +++ b/spec/policies/application_policy_spec.rb @@ -1,11 +1,12 @@ RSpec.describe ApplicationPolicy, type: :policy do + let( :user_context ) { create_user_context(user: user, referential: referential) } + let( :referentail ) { create :referential } + let( :user ) { create :user } + subject { described_class } permissions :organisation_match? do - let( :user_context ) { create_user_context(user: user, referential: referential) } - let( :referentail ) { create :referential } - let( :user ) { create :user } it "denies a user with a different organisation" do expect_it.not_to permit(user_context, referential) @@ -16,4 +17,30 @@ RSpec.describe ApplicationPolicy, type: :policy do expect_it.to permit(user_context, referential) end end + + permissions :boiv_read_offer? do + + context "user of a different organisation → " do + it "denies a user with a different organisation" do + expect_it.not_to permit(user_context, referential) + end + it "even if she has the permisson" do + add_permissions('boiv:read_offer', for_user: user) + expect_it.not_to permit(user_context, referential) + end + end + + context "user of the same organisation → " do + before do + user.update_attribute :organisation, referential.organisation + end + it "denies if permission absent" do + expect_it.not_to permit(user_context, referential) + end + it "allows if permission present" do + add_permissions('boiv:read_offer', for_user: user) + expect_it.to permit(user_context, referential) + end + end + end end |