From 9e8f099d38029b74d46daa7edbadeaf7057aebfc Mon Sep 17 00:00:00 2001 From: Matt Jankowski Date: Tue, 15 Oct 2024 10:24:12 -0400 Subject: [PATCH] Improve `app/policies` coverage (#32426) --- .../account_moderation_note_policy_spec.rb | 5 +- spec/policies/account_policy_spec.rb | 3 +- spec/policies/account_warning_policy_spec.rb | 42 ++++++++++++++ .../account_warning_preset_policy_spec.rb | 5 +- spec/policies/admin/status_policy_spec.rb | 5 +- spec/policies/announcement_policy_spec.rb | 5 +- spec/policies/appeal_policy_spec.rb | 7 +-- spec/policies/audit_log_policy_spec.rb | 20 +++++++ spec/policies/backup_policy_spec.rb | 1 - .../canonical_email_block_policy_spec.rb | 5 +- spec/policies/custom_emoji_policy_spec.rb | 1 - spec/policies/dashboard_policy_spec.rb | 20 +++++++ spec/policies/delivery_policy_spec.rb | 5 +- spec/policies/domain_allow_policy_spec.rb | 24 ++++++++ spec/policies/domain_block_policy_spec.rb | 3 +- .../email_domain_block_policy_spec.rb | 1 - .../follow_recommendation_policy_spec.rb | 5 +- spec/policies/instance_policy_spec.rb | 1 - spec/policies/invite_policy_spec.rb | 1 - spec/policies/ip_block_policy_spec.rb | 5 +- spec/policies/poll_policy_spec.rb | 36 ++++++++++++ spec/policies/preview_card_policy_spec.rb | 5 +- .../preview_card_provider_policy_spec.rb | 5 +- spec/policies/relay_policy_spec.rb | 1 - spec/policies/report_note_policy_spec.rb | 1 - spec/policies/report_policy_spec.rb | 1 - spec/policies/rule_policy_spec.rb | 5 +- spec/policies/settings_policy_spec.rb | 1 - spec/policies/software_update_policy_spec.rb | 1 - spec/policies/status_policy_spec.rb | 1 - spec/policies/tag_policy_spec.rb | 1 - spec/policies/user_policy_spec.rb | 39 ++++++++++++- spec/policies/user_role_policy_spec.rb | 56 +++++++++++++++++++ spec/policies/webhook_policy_spec.rb | 1 - spec/rails_helper.rb | 1 + 35 files changed, 264 insertions(+), 55 deletions(-) create mode 100644 spec/policies/account_warning_policy_spec.rb create mode 100644 spec/policies/audit_log_policy_spec.rb create mode 100644 spec/policies/dashboard_policy_spec.rb create mode 100644 spec/policies/domain_allow_policy_spec.rb create mode 100644 spec/policies/poll_policy_spec.rb create mode 100644 spec/policies/user_role_policy_spec.rb diff --git a/spec/policies/account_moderation_note_policy_spec.rb b/spec/policies/account_moderation_note_policy_spec.rb index 8c37acc39f..8b33a71012 100644 --- a/spec/policies/account_moderation_note_policy_spec.rb +++ b/spec/policies/account_moderation_note_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe AccountModerationNotePolicy do subject { described_class } @@ -12,13 +11,13 @@ RSpec.describe AccountModerationNotePolicy do permissions :create? do context 'when staff' do it 'grants to create' do - expect(subject).to permit(admin, described_class) + expect(subject).to permit(admin, AccountModerationNote) end end context 'when not staff' do it 'denies to create' do - expect(subject).to_not permit(john, described_class) + expect(subject).to_not permit(john, AccountModerationNote) end end end diff --git a/spec/policies/account_policy_spec.rb b/spec/policies/account_policy_spec.rb index d7a21d8e39..75724e831b 100644 --- a/spec/policies/account_policy_spec.rb +++ b/spec/policies/account_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe AccountPolicy do subject { described_class } @@ -24,7 +23,7 @@ RSpec.describe AccountPolicy do end end - permissions :show?, :unsilence?, :unsensitive?, :remove_avatar?, :remove_header? do + permissions :show?, :unsilence?, :unsensitive?, :remove_avatar?, :remove_header?, :sensitive?, :warn? do context 'when staff' do it 'permits' do expect(subject).to permit(admin, alice) diff --git a/spec/policies/account_warning_policy_spec.rb b/spec/policies/account_warning_policy_spec.rb new file mode 100644 index 0000000000..9abc9d35d6 --- /dev/null +++ b/spec/policies/account_warning_policy_spec.rb @@ -0,0 +1,42 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe AccountWarningPolicy do + subject { described_class } + + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:account) { Fabricate(:account) } + + permissions :show? do + context 'with an admin' do + it { is_expected.to permit(admin, AccountWarning.new) } + end + + context 'with a non-admin' do + context 'when account is not target' do + it { is_expected.to_not permit(account, AccountWarning.new) } + end + + context 'when account is target' do + it { is_expected.to permit(account, AccountWarning.new(target_account_id: account.id)) } + end + end + end + + permissions :appeal? do + context 'when account is not target' do + it { is_expected.to_not permit(account, AccountWarning.new) } + end + + context 'when account is target' do + context 'when record is appealable' do + it { is_expected.to permit(account, AccountWarning.new(target_account_id: account.id, created_at: Appeal::MAX_STRIKE_AGE.ago + 1.hour)) } + end + + context 'when record is not appealable' do + it { is_expected.to_not permit(account, AccountWarning.new(target_account_id: account.id, created_at: Appeal::MAX_STRIKE_AGE.ago - 1.hour)) } + end + end + end +end diff --git a/spec/policies/account_warning_preset_policy_spec.rb b/spec/policies/account_warning_preset_policy_spec.rb index 53e224f19f..33f2fb1187 100644 --- a/spec/policies/account_warning_preset_policy_spec.rb +++ b/spec/policies/account_warning_preset_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe AccountWarningPresetPolicy do let(:policy) { described_class } @@ -11,13 +10,13 @@ RSpec.describe AccountWarningPresetPolicy do permissions :index?, :create?, :update?, :destroy? do context 'with an admin' do it 'permits' do - expect(policy).to permit(admin, Tag) + expect(policy).to permit(admin, AccountWarningPreset) end end context 'with a non-admin' do it 'denies' do - expect(policy).to_not permit(john, Tag) + expect(policy).to_not permit(john, AccountWarningPreset) end end end diff --git a/spec/policies/admin/status_policy_spec.rb b/spec/policies/admin/status_policy_spec.rb index 07af425516..4df29393e3 100644 --- a/spec/policies/admin/status_policy_spec.rb +++ b/spec/policies/admin/status_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe Admin::StatusPolicy do let(:policy) { described_class } @@ -13,13 +12,13 @@ RSpec.describe Admin::StatusPolicy do permissions :index?, :update?, :review?, :destroy? do context 'with an admin' do it 'permits' do - expect(policy).to permit(admin, Tag) + expect(policy).to permit(admin, Status) end end context 'with a non-admin' do it 'denies' do - expect(policy).to_not permit(john, Tag) + expect(policy).to_not permit(john, Status) end end end diff --git a/spec/policies/announcement_policy_spec.rb b/spec/policies/announcement_policy_spec.rb index 503ffca6dc..ab0c1dbaf5 100644 --- a/spec/policies/announcement_policy_spec.rb +++ b/spec/policies/announcement_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe AnnouncementPolicy do let(:policy) { described_class } @@ -11,13 +10,13 @@ RSpec.describe AnnouncementPolicy do permissions :index?, :create?, :update?, :destroy? do context 'with an admin' do it 'permits' do - expect(policy).to permit(admin, Tag) + expect(policy).to permit(admin, Announcement) end end context 'with a non-admin' do it 'denies' do - expect(policy).to_not permit(john, Tag) + expect(policy).to_not permit(john, Announcement) end end end diff --git a/spec/policies/appeal_policy_spec.rb b/spec/policies/appeal_policy_spec.rb index 1bf8ce0a0d..cdb93bf56c 100644 --- a/spec/policies/appeal_policy_spec.rb +++ b/spec/policies/appeal_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe AppealPolicy do let(:policy) { described_class } @@ -12,18 +11,18 @@ RSpec.describe AppealPolicy do permissions :index? do context 'with an admin' do it 'permits' do - expect(policy).to permit(admin, Tag) + expect(policy).to permit(admin, Appeal) end end context 'with a non-admin' do it 'denies' do - expect(policy).to_not permit(john, Tag) + expect(policy).to_not permit(john, Appeal) end end end - permissions :reject? do + permissions :reject?, :approve? do context 'with an admin' do context 'with a pending appeal' do before { allow(appeal).to receive(:pending?).and_return(true) } diff --git a/spec/policies/audit_log_policy_spec.rb b/spec/policies/audit_log_policy_spec.rb new file mode 100644 index 0000000000..d9d9359433 --- /dev/null +++ b/spec/policies/audit_log_policy_spec.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe AuditLogPolicy do + subject { described_class } + + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:account) { Fabricate(:account) } + + permissions :index? do + context 'with an admin' do + it { is_expected.to permit(admin, nil) } + end + + context 'with a non-admin' do + it { is_expected.to_not permit(account, nil) } + end + end +end diff --git a/spec/policies/backup_policy_spec.rb b/spec/policies/backup_policy_spec.rb index 28cb65d789..031021d91d 100644 --- a/spec/policies/backup_policy_spec.rb +++ b/spec/policies/backup_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe BackupPolicy do subject { described_class } diff --git a/spec/policies/canonical_email_block_policy_spec.rb b/spec/policies/canonical_email_block_policy_spec.rb index f5029d9e6b..b253b439a6 100644 --- a/spec/policies/canonical_email_block_policy_spec.rb +++ b/spec/policies/canonical_email_block_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe CanonicalEmailBlockPolicy do let(:policy) { described_class } @@ -11,13 +10,13 @@ RSpec.describe CanonicalEmailBlockPolicy do permissions :index?, :show?, :test?, :create?, :destroy? do context 'with an admin' do it 'permits' do - expect(policy).to permit(admin, Tag) + expect(policy).to permit(admin, CanonicalEmailBlock) end end context 'with a non-admin' do it 'denies' do - expect(policy).to_not permit(john, Tag) + expect(policy).to_not permit(john, CanonicalEmailBlock) end end end diff --git a/spec/policies/custom_emoji_policy_spec.rb b/spec/policies/custom_emoji_policy_spec.rb index cb869c7d9a..189885938c 100644 --- a/spec/policies/custom_emoji_policy_spec.rb +++ b/spec/policies/custom_emoji_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe CustomEmojiPolicy do subject { described_class } diff --git a/spec/policies/dashboard_policy_spec.rb b/spec/policies/dashboard_policy_spec.rb new file mode 100644 index 0000000000..90c71db381 --- /dev/null +++ b/spec/policies/dashboard_policy_spec.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe DashboardPolicy do + subject { described_class } + + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:account) { Fabricate(:account) } + + permissions :index? do + context 'with an admin' do + it { is_expected.to permit(admin, nil) } + end + + context 'with a non-admin' do + it { is_expected.to_not permit(account, nil) } + end + end +end diff --git a/spec/policies/delivery_policy_spec.rb b/spec/policies/delivery_policy_spec.rb index bb82389eec..8bc200159a 100644 --- a/spec/policies/delivery_policy_spec.rb +++ b/spec/policies/delivery_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe DeliveryPolicy do let(:policy) { described_class } @@ -11,13 +10,13 @@ RSpec.describe DeliveryPolicy do permissions :clear_delivery_errors?, :restart_delivery?, :stop_delivery? do context 'with an admin' do it 'permits' do - expect(policy).to permit(admin, Tag) + expect(policy).to permit(admin, nil) end end context 'with a non-admin' do it 'denies' do - expect(policy).to_not permit(john, Tag) + expect(policy).to_not permit(john, nil) end end end diff --git a/spec/policies/domain_allow_policy_spec.rb b/spec/policies/domain_allow_policy_spec.rb new file mode 100644 index 0000000000..1d285065b8 --- /dev/null +++ b/spec/policies/domain_allow_policy_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe DomainAllowPolicy do + subject { described_class } + + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:john) { Fabricate(:account) } + + permissions :index?, :show?, :create?, :destroy? do + context 'when admin' do + it 'permits' do + expect(subject).to permit(admin, DomainAllow) + end + end + + context 'when not admin' do + it 'denies' do + expect(subject).to_not permit(john, DomainAllow) + end + end + end +end diff --git a/spec/policies/domain_block_policy_spec.rb b/spec/policies/domain_block_policy_spec.rb index 4c89f3f374..7c77d1870d 100644 --- a/spec/policies/domain_block_policy_spec.rb +++ b/spec/policies/domain_block_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe DomainBlockPolicy do subject { described_class } @@ -9,7 +8,7 @@ RSpec.describe DomainBlockPolicy do let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } let(:john) { Fabricate(:account) } - permissions :index?, :show?, :create?, :destroy? do + permissions :index?, :show?, :create?, :destroy?, :update? do context 'when admin' do it 'permits' do expect(subject).to permit(admin, DomainBlock) diff --git a/spec/policies/email_domain_block_policy_spec.rb b/spec/policies/email_domain_block_policy_spec.rb index 7ecff4be49..e98d65a3c7 100644 --- a/spec/policies/email_domain_block_policy_spec.rb +++ b/spec/policies/email_domain_block_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe EmailDomainBlockPolicy do subject { described_class } diff --git a/spec/policies/follow_recommendation_policy_spec.rb b/spec/policies/follow_recommendation_policy_spec.rb index ae74d5c3a8..665ed9b059 100644 --- a/spec/policies/follow_recommendation_policy_spec.rb +++ b/spec/policies/follow_recommendation_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe FollowRecommendationPolicy do let(:policy) { described_class } @@ -11,13 +10,13 @@ RSpec.describe FollowRecommendationPolicy do permissions :show?, :suppress?, :unsuppress? do context 'with an admin' do it 'permits' do - expect(policy).to permit(admin, Tag) + expect(policy).to permit(admin, FollowRecommendation) end end context 'with a non-admin' do it 'denies' do - expect(policy).to_not permit(john, Tag) + expect(policy).to_not permit(john, FollowRecommendation) end end end diff --git a/spec/policies/instance_policy_spec.rb b/spec/policies/instance_policy_spec.rb index a0d9a008b7..6cdc738022 100644 --- a/spec/policies/instance_policy_spec.rb +++ b/spec/policies/instance_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe InstancePolicy do subject { described_class } diff --git a/spec/policies/invite_policy_spec.rb b/spec/policies/invite_policy_spec.rb index cbe3735d80..3717a44999 100644 --- a/spec/policies/invite_policy_spec.rb +++ b/spec/policies/invite_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe InvitePolicy do subject { described_class } diff --git a/spec/policies/ip_block_policy_spec.rb b/spec/policies/ip_block_policy_spec.rb index 97bc239e9a..33ea342c10 100644 --- a/spec/policies/ip_block_policy_spec.rb +++ b/spec/policies/ip_block_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe IpBlockPolicy do let(:policy) { described_class } @@ -11,13 +10,13 @@ RSpec.describe IpBlockPolicy do permissions :index?, :show?, :create?, :update?, :destroy? do context 'with an admin' do it 'permits' do - expect(policy).to permit(admin, Tag) + expect(policy).to permit(admin, IpBlock) end end context 'with a non-admin' do it 'denies' do - expect(policy).to_not permit(john, Tag) + expect(policy).to_not permit(john, IpBlock) end end end diff --git a/spec/policies/poll_policy_spec.rb b/spec/policies/poll_policy_spec.rb new file mode 100644 index 0000000000..aa1701cb06 --- /dev/null +++ b/spec/policies/poll_policy_spec.rb @@ -0,0 +1,36 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe PollPolicy do + subject { described_class } + + let(:account) { Fabricate(:account) } + let(:poll) { Fabricate :poll } + + permissions :vote? do + context 'when account cannot view status' do + before { poll.status.update(visibility: :private) } + + it { is_expected.to_not permit(account, poll) } + end + + context 'when account can view status' do + context 'when accounts do not block each other' do + it { is_expected.to permit(account, poll) } + end + + context 'when view blocks poll creator' do + before { Fabricate :block, account: account, target_account: poll.account } + + it { is_expected.to_not permit(account, poll) } + end + + context 'when poll creator blocks viewer' do + before { Fabricate :block, account: poll.account, target_account: account } + + it { is_expected.to_not permit(account, poll) } + end + end + end +end diff --git a/spec/policies/preview_card_policy_spec.rb b/spec/policies/preview_card_policy_spec.rb index a1944303e1..d02a6016cd 100644 --- a/spec/policies/preview_card_policy_spec.rb +++ b/spec/policies/preview_card_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe PreviewCardPolicy do let(:policy) { described_class } @@ -11,13 +10,13 @@ RSpec.describe PreviewCardPolicy do permissions :index?, :review? do context 'with an admin' do it 'permits' do - expect(policy).to permit(admin, Tag) + expect(policy).to permit(admin, PreviewCard) end end context 'with a non-admin' do it 'denies' do - expect(policy).to_not permit(john, Tag) + expect(policy).to_not permit(john, PreviewCard) end end end diff --git a/spec/policies/preview_card_provider_policy_spec.rb b/spec/policies/preview_card_provider_policy_spec.rb index 676039a1b7..5e25b364a4 100644 --- a/spec/policies/preview_card_provider_policy_spec.rb +++ b/spec/policies/preview_card_provider_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe PreviewCardProviderPolicy do let(:policy) { described_class } @@ -11,13 +10,13 @@ RSpec.describe PreviewCardProviderPolicy do permissions :index?, :review? do context 'with an admin' do it 'permits' do - expect(policy).to permit(admin, Tag) + expect(policy).to permit(admin, PreviewCardProvider) end end context 'with a non-admin' do it 'denies' do - expect(policy).to_not permit(john, Tag) + expect(policy).to_not permit(john, PreviewCardProvider) end end end diff --git a/spec/policies/relay_policy_spec.rb b/spec/policies/relay_policy_spec.rb index 29ba02c26a..5983b2d2ff 100644 --- a/spec/policies/relay_policy_spec.rb +++ b/spec/policies/relay_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe RelayPolicy do subject { described_class } diff --git a/spec/policies/report_note_policy_spec.rb b/spec/policies/report_note_policy_spec.rb index b40a878887..02317f763a 100644 --- a/spec/policies/report_note_policy_spec.rb +++ b/spec/policies/report_note_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe ReportNotePolicy do subject { described_class } diff --git a/spec/policies/report_policy_spec.rb b/spec/policies/report_policy_spec.rb index 4fc4178075..67f40b5188 100644 --- a/spec/policies/report_policy_spec.rb +++ b/spec/policies/report_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe ReportPolicy do subject { described_class } diff --git a/spec/policies/rule_policy_spec.rb b/spec/policies/rule_policy_spec.rb index 5d435e38c1..3086f30446 100644 --- a/spec/policies/rule_policy_spec.rb +++ b/spec/policies/rule_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe RulePolicy do let(:policy) { described_class } @@ -11,13 +10,13 @@ RSpec.describe RulePolicy do permissions :index?, :create?, :update?, :destroy? do context 'with an admin' do it 'permits' do - expect(policy).to permit(admin, Tag) + expect(policy).to permit(admin, Rule) end end context 'with a non-admin' do it 'denies' do - expect(policy).to_not permit(john, Tag) + expect(policy).to_not permit(john, Rule) end end end diff --git a/spec/policies/settings_policy_spec.rb b/spec/policies/settings_policy_spec.rb index 4a99314905..48821c706a 100644 --- a/spec/policies/settings_policy_spec.rb +++ b/spec/policies/settings_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe SettingsPolicy do subject { described_class } diff --git a/spec/policies/software_update_policy_spec.rb b/spec/policies/software_update_policy_spec.rb index e19ba61612..2bda84cce9 100644 --- a/spec/policies/software_update_policy_spec.rb +++ b/spec/policies/software_update_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe SoftwareUpdatePolicy do subject { described_class } diff --git a/spec/policies/status_policy_spec.rb b/spec/policies/status_policy_spec.rb index 36ac8d8027..538742610c 100644 --- a/spec/policies/status_policy_spec.rb +++ b/spec/policies/status_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe StatusPolicy, type: :model do subject { described_class } diff --git a/spec/policies/tag_policy_spec.rb b/spec/policies/tag_policy_spec.rb index 35da3cc62a..23166e4669 100644 --- a/spec/policies/tag_policy_spec.rb +++ b/spec/policies/tag_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe TagPolicy do subject { described_class } diff --git a/spec/policies/user_policy_spec.rb b/spec/policies/user_policy_spec.rb index 7854547d26..11a166a24e 100644 --- a/spec/policies/user_policy_spec.rb +++ b/spec/policies/user_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe UserPolicy do subject { described_class } @@ -112,4 +111,42 @@ RSpec.describe UserPolicy do end end end + + permissions :approve?, :reject? do + context 'when admin' do + context 'when user is approved' do + it { is_expected.to_not permit(admin, User.new(approved: true)) } + end + + context 'when user is not approved' do + it { is_expected.to permit(admin, User.new(approved: false)) } + end + end + + context 'when not admin' do + it { is_expected.to_not permit(john, User.new) } + end + end + + permissions :change_role? do + context 'when not admin' do + it { is_expected.to_not permit(john, User.new) } + end + + context 'when admin' do + let(:user) { User.new(role: role) } + + context 'when role of admin overrides user role' do + let(:role) { UserRole.new(position: admin.user.role.position - 10, id: 123) } + + it { is_expected.to permit(admin, user) } + end + + context 'when role of admin does not override user role' do + let(:role) { UserRole.new(position: admin.user.role.position + 10, id: 123) } + + it { is_expected.to_not permit(admin, user) } + end + end + end end diff --git a/spec/policies/user_role_policy_spec.rb b/spec/policies/user_role_policy_spec.rb new file mode 100644 index 0000000000..c48b345d68 --- /dev/null +++ b/spec/policies/user_role_policy_spec.rb @@ -0,0 +1,56 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe UserRolePolicy do + subject { described_class } + + let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } + let(:account) { Fabricate(:account) } + + permissions :index?, :create? do + context 'when admin' do + it { is_expected.to permit(admin, UserRole.new) } + end + + context 'when not admin' do + it { is_expected.to_not permit(account, UserRole.new) } + end + end + + permissions :update? do + context 'when admin' do + context 'when role of admin overrides relevant role' do + it { is_expected.to permit(admin, UserRole.new(position: admin.user.role.position - 10, id: 123)) } + end + + context 'when role of admin does not override relevant role' do + it { is_expected.to_not permit(admin, UserRole.new(position: admin.user.role.position + 10, id: 123)) } + end + end + + context 'when not admin' do + it { is_expected.to_not permit(account, UserRole.new) } + end + end + + permissions :destroy? do + context 'when admin' do + context 'when role of admin overrides relevant role' do + it { is_expected.to permit(admin, UserRole.new(position: admin.user.role.position - 10)) } + end + + context 'when role of admin does not override relevant role' do + it { is_expected.to_not permit(admin, UserRole.new(position: admin.user.role.position + 10)) } + end + + context 'when everyone role' do + it { is_expected.to_not permit(admin, UserRole.everyone) } + end + end + + context 'when not admin' do + it { is_expected.to_not permit(account, UserRole.new) } + end + end +end diff --git a/spec/policies/webhook_policy_spec.rb b/spec/policies/webhook_policy_spec.rb index 96aaae2c30..9899235d83 100644 --- a/spec/policies/webhook_policy_spec.rb +++ b/spec/policies/webhook_policy_spec.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require 'rails_helper' -require 'pundit/rspec' RSpec.describe WebhookPolicy do let(:policy) { described_class } diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb index 84cee0974f..91a2e21bbb 100644 --- a/spec/rails_helper.rb +++ b/spec/rails_helper.rb @@ -43,6 +43,7 @@ require 'paperclip/matchers' require 'capybara/rspec' require 'chewy/rspec' require 'email_spec/rspec' +require 'pundit/rspec' require 'test_prof/recipes/rspec/before_all' Rails.root.glob('spec/support/**/*.rb').each { |f| require f }