/
attachments_controller_policy_spec.rb
70 lines (51 loc) · 1.82 KB
/
attachments_controller_policy_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
require 'rails_helper'
describe Controllers::AttachmentsControllerPolicy do
subject { described_class.new(user, record) }
include_context 'basic Knowledge Base'
let(:record_class) { AttachmentsController }
let(:object) { create(:knowledge_base_answer, visibility, :with_attachment, category: category) }
let(:params) { { id: object.attachments.first.id } }
let(:record) do
rec = record_class.new
# rec.action_name = action_name
rec.params = params
rec
end
context 'with no user' do
let(:user) { nil }
context 'with published object' do
let(:visibility) { :published }
it { is_expected.to permit_actions :show }
it { is_expected.to forbid_actions :destroy }
end
context 'with private object' do
let(:visibility) { :internal }
it { is_expected.to forbid_actions :show, :destroy }
end
end
context 'with a user' do
context 'with full access' do
let(:user) { create :admin }
let(:visibility) { :published }
it { is_expected.to permit_actions :show, :destroy }
end
context 'with limited access' do
let(:user) { create :agent }
let(:visibility) { :internal }
it { is_expected.to permit_actions :show }
it { is_expected.to forbid_actions :destroy }
end
context 'with no access' do
let(:user) { create :agent }
let(:visibility) { :draft }
it { is_expected.to forbid_actions :show, :destroy }
end
context 'with object that does not have a policy' do
let(:file) { create :store_image, object: 'NonExistingObject' }
let(:params) { { id: file.id } }
let(:user) { create :admin }
it { is_expected.to forbid_actions :show, :destroy }
end
end
end