spec/policies/referential_policy_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161

RSpec.describe ReferentialPolicy, type: :policy do

  let( :record ){ build_stubbed :referential }


  #
  # Collection Based Permissions differ from standard as there is no referential yet
  # --------------------------------------------------------------------------------

  permissions :create? do
    it 'permissions present → allowed' do
      add_permissions('referentials.create', for_user: user)
      expect_it.to permit(user_context, record)
    end
    it 'permissions absent → forbidden' do
      expect_it.not_to permit(user_context, record)
    end
  end

  permissions :new? do
    it 'permissions present → allowed' do
      add_permissions('referentials.create', for_user: user)
      expect_it.to permit(user_context, record)
    end
    it 'permissions absent → forbidden' do
      expect_it.not_to permit(user_context, record)
    end
  end

  #
  # Standard Destructive Action Permissions
  # ---------------------------------------

  permissions :destroy? do
    it_behaves_like 'permitted policy and same organisation', 'referentials.destroy', archived: true
  end
  permissions :edit? do
    it_behaves_like 'permitted policy and same organisation', 'referentials.update', archived: true
  end
  permissions :update? do
    it_behaves_like 'permitted policy and same organisation', 'referentials.update', archived: true
  end

  #
  # Custom Permissions
  # ------------------

  permissions :clone? do
    it_behaves_like 'permitted policy', 'referentials.create', archived: true
  end

  permissions :archive? do

    context 'permission present →' do
      before do
        add_permissions('referentials.update', for_user: user)
      end

      context 'same organisation →' do
        before do
          user.organisation_id = referential.organisation_id
        end
        it "allows a user with the same organisation" do
          expect_it.to permit(user_context, record)
        end
        describe "archived" do
          let( :record ){ build_stubbed :referential, archived_at: 2.minutes.ago  }
          it 'does remove permission for archived referentials' do
            expect_it.not_to permit(user_context, record)
          end
        end
      end

      context 'different organisations →' do
        it "forbids a user with a different organisation" do
          expect_it.not_to permit(user_context, record)
        end

        describe "archived" do
          let( :record ){ build_stubbed :referential, archived_at: 2.minutes.ago  }
          it 'forbids for archived referentials' do
            expect_it.not_to permit(user_context, record)
          end
        end

      end
    end

    context 'permission absent →' do
      context 'same organisation →' do
        before do
          user.organisation_id = referential.organisation_id
        end
        it "forbids a user with the same organisation" do
          expect_it.not_to permit(user_context, record)
        end
        describe "archived" do
          let( :record ){ build_stubbed :referential, archived_at: 2.minutes.ago  }
          it 'forbids for archived referentials' do
            expect_it.not_to permit(user_context, record)
          end
        end
      end
    end
  end

  permissions :unarchive? do

    context 'permission present →' do
      before do
        add_permissions('referentials.update', for_user: user)
      end

      context 'same organisation →' do
        before do
          user.organisation_id = referential.organisation_id
        end
        it "forbids a user with the same organisation" do
          expect_it.not_to permit(user_context, record)
        end
        describe "archived" do
          let( :record ){ build_stubbed :referential, archived_at: 2.minutes.ago  }
          it 'adds permission for archived referentials' do
            expect_it.to permit(user_context, record)
          end
        end
      end

      context 'different organisations →' do
        it "forbids a user with a different organisation" do
          expect_it.not_to permit(user_context, record)
        end

        describe "archived" do
          let( :record ){ build_stubbed :referential, archived_at: 2.minutes.ago  }
          it 'still forbids for archived referentials' do
            expect_it.not_to permit(user_context, record)
          end
        end

      end
    end

    context 'permission absent →' do
      context 'same organisation →' do
        before do
          user.organisation_id = referential.organisation_id
        end
        it "forbids a user with a different rganisation" do
          expect_it.not_to permit(user_context, record)
        end
        describe "archived" do
          let( :record ){ build_stubbed :referential, archived_at: 2.minutes.ago  }
          it 'still forbids for archived referentials' do
            expect_it.not_to permit(user_context, record)
          end
        end
      end
    end
  end
end