# frozen_string_literal: true require 'rails_helper' describe InvitesController do render_views let(:user) { Fabricate(:user) } before do sign_in user end describe 'GET #index' do before do Fabricate(:invite, user: user) end context 'when everyone can invite' do before do UserRole.everyone.update(permissions: UserRole.everyone.permissions | UserRole::FLAGS[:invite_users]) get :index end it 'returns http success' do expect(response).to have_http_status(:success) end it 'returns private cache control headers' do expect(response.headers['Cache-Control']).to include('private, no-store') end end context 'when not everyone can invite' do before do UserRole.everyone.update(permissions: UserRole.everyone.permissions & ~UserRole::FLAGS[:invite_users]) get :index end it 'returns http forbidden' do expect(response).to have_http_status(403) end end end describe 'POST #create' do subject { post :create, params: { invite: { max_uses: '10', expires_in: 1800 } } } context 'when everyone can invite' do before do UserRole.everyone.update(permissions: UserRole.everyone.permissions | UserRole::FLAGS[:invite_users]) end it 'succeeds to create a invite' do expect { subject }.to change(Invite, :count).by(1) expect(subject).to redirect_to invites_path expect(Invite.last).to have_attributes(user_id: user.id, max_uses: 10) end end context 'when not everyone can invite' do before do UserRole.everyone.update(permissions: UserRole.everyone.permissions & ~UserRole::FLAGS[:invite_users]) end it 'returns http forbidden' do expect(subject).to have_http_status(403) end end end describe 'DELETE #destroy' do subject { delete :destroy, params: { id: invite.id } } let(:invite) { Fabricate(:invite, user: user, expires_at: nil) } it 'expires invite and redirects' do expect { subject } .to(change { invite.reload.expired? }.to(true)) expect(response) .to redirect_to invites_path end end end