From 82be97d62b4b36d1dd9106f954aeb6f059a8a462 Mon Sep 17 00:00:00 2001
From: Robert
Date: Fri, 15 Sep 2017 10:01:01 +0200
Subject: Refs: #4446@1.5h;

  * Make failing /delete_api_key_feature_spec pending
    - Seems Capybara only sees html from the partial api_keys/_form, but not
      the parent api_keys/edit, which happens to contain the delete link :(

  * ApiKeyPolicy adapted
    - update? depends on record's organisation as no referential present
    - create? depends on user's permission only as organisation will be correct anyway
---
 spec/policies/api_key_policy_spec.rb | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'spec/policies')

diff --git a/spec/policies/api_key_policy_spec.rb b/spec/policies/api_key_policy_spec.rb
index f98931062..f0242978e 100644
--- a/spec/policies/api_key_policy_spec.rb
+++ b/spec/policies/api_key_policy_spec.rb
@@ -14,7 +14,17 @@ RSpec.describe ApiKeyPolicy do
   end
 
   permissions :create? do
-    it_behaves_like 'permitted policy and same organisation', 'api_keys.create'
+    context 'permission absent → ' do
+      it "denies a user without organisation" do
+        expect_it.not_to permit(user_context, record)
+      end
+    end
+    context 'permission present → '  do
+      it 'allows a user with a different organisation' do
+        add_permissions('api_keys.create', for_user: user)
+        expect_it.to permit(user_context, record)
+      end
+    end
   end
 
   permissions :update? do
-- 
cgit v1.2.3