2016-09-20 14:22:20 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
require 'test_helper'
|
|
|
|
|
|
|
|
class UserPolicyTest < PolicyAssertions::Test
|
2016-09-20 18:17:27 -05:00
|
|
|
test 'should require current_user' do
|
|
|
|
assert_raise Pundit::NotAuthorizedError do
|
|
|
|
UserPolicy.new(nil, User.first).view?
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-09-20 14:22:20 -05:00
|
|
|
test 'should allow admin to scope' do
|
|
|
|
scope = UserPolicy::Scope.new(users(:admin), User).resolve
|
|
|
|
assert_equal User.count, scope.count
|
|
|
|
end
|
|
|
|
|
2016-09-21 11:03:45 -05:00
|
|
|
test 'should not allow non_admin to scope' do
|
|
|
|
%i(manager reviewer recruiter).each do |role|
|
|
|
|
assert_raise Pundit::NotAuthorizedError, "Failed to raise auth error for #{role}" do
|
|
|
|
UserPolicy::Scope.new(users(role), User).resolve
|
|
|
|
end
|
2016-09-20 14:22:20 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-09-21 11:03:45 -05:00
|
|
|
# view?
|
|
|
|
test 'admin can view any user role' do
|
|
|
|
assert_permit users(:admin), users(:admin), 'view?'
|
|
|
|
assert_permit users(:admin), users(:manager), 'view?'
|
|
|
|
assert_permit users(:admin), users(:reviewer), 'view?'
|
|
|
|
assert_permit users(:admin), users(:recruiter), 'view?'
|
|
|
|
end
|
|
|
|
|
|
|
|
test 'manager can only view herself' do
|
|
|
|
assert_permit users(:manager), users(:manager), 'view?'
|
|
|
|
|
|
|
|
refute_permit users(:manager), users(:admin), 'view?'
|
|
|
|
refute_permit users(:manager), users(:reviewer), 'view?'
|
|
|
|
refute_permit users(:manager), users(:recruiter), 'view?'
|
|
|
|
end
|
|
|
|
|
|
|
|
test 'reviewer can only view herself' do
|
|
|
|
assert_permit users(:reviewer), users(:reviewer), 'view?'
|
|
|
|
|
|
|
|
refute_permit users(:reviewer), users(:admin), 'view?'
|
|
|
|
refute_permit users(:reviewer), users(:manager), 'view?'
|
|
|
|
refute_permit users(:reviewer), users(:recruiter), 'view?'
|
|
|
|
end
|
|
|
|
|
|
|
|
test 'recruiter can only view herself' do
|
|
|
|
assert_permit users(:recruiter), users(:recruiter), 'view?'
|
|
|
|
|
|
|
|
refute_permit users(:recruiter), users(:admin), 'view?'
|
|
|
|
refute_permit users(:recruiter), users(:manager), 'view?'
|
|
|
|
refute_permit users(:recruiter), users(:reviewer), 'view?'
|
|
|
|
end
|
|
|
|
|
|
|
|
# update?
|
|
|
|
test 'admin can update any user role' do
|
|
|
|
assert_permit users(:admin), users(:admin), 'update?'
|
|
|
|
assert_permit users(:admin), users(:manager), 'update?'
|
|
|
|
assert_permit users(:admin), users(:reviewer), 'update?'
|
|
|
|
assert_permit users(:admin), users(:recruiter), 'update?'
|
|
|
|
end
|
|
|
|
|
|
|
|
test 'manager can only update herself' do
|
|
|
|
assert_permit users(:manager), users(:manager), 'update?'
|
|
|
|
|
|
|
|
refute_permit users(:manager), users(:admin), 'update?'
|
|
|
|
refute_permit users(:manager), users(:reviewer), 'update?'
|
|
|
|
refute_permit users(:manager), users(:recruiter), 'update?'
|
|
|
|
end
|
|
|
|
|
|
|
|
test 'reupdateer can only update herself' do
|
|
|
|
assert_permit users(:reviewer), users(:reviewer), 'update?'
|
|
|
|
|
|
|
|
refute_permit users(:reviewer), users(:admin), 'update?'
|
|
|
|
refute_permit users(:reviewer), users(:manager), 'update?'
|
|
|
|
refute_permit users(:reviewer), users(:recruiter), 'update?'
|
|
|
|
end
|
|
|
|
|
|
|
|
test 'recruiter can only update herself' do
|
|
|
|
assert_permit users(:recruiter), users(:recruiter), 'update?'
|
2016-09-20 17:19:11 -05:00
|
|
|
|
2016-09-21 11:03:45 -05:00
|
|
|
refute_permit users(:recruiter), users(:admin), 'update?'
|
|
|
|
refute_permit users(:recruiter), users(:manager), 'update?'
|
|
|
|
refute_permit users(:recruiter), users(:reviewer), 'update?'
|
2016-09-20 14:22:20 -05:00
|
|
|
end
|
|
|
|
|
2016-09-21 11:03:45 -05:00
|
|
|
# create
|
|
|
|
test 'only admin can create users' do
|
|
|
|
assert_permit users(:admin), User, 'create?'
|
2016-09-20 17:19:11 -05:00
|
|
|
|
2016-09-21 11:03:45 -05:00
|
|
|
refute_permit users(:manager), User, 'create?'
|
|
|
|
refute_permit users(:reviewer), User, 'create?'
|
|
|
|
refute_permit users(:recruiter), User, 'create?'
|
2016-09-20 14:22:20 -05:00
|
|
|
end
|
|
|
|
end
|