question policies

2016-09-20 18:17:27 -05:00
parent 13610edcd1
commit 8ad98215c1
6 changed files with 119 additions and 12 deletions
--- a/test/policies/question_policy_test.rb
+++ b/test/policies/question_policy_test.rb
@ -0,0 +1,50 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+class QuestionPolicyTest < PolicyAssertions::Test
+  test 'should require current_user' do
+    assert_raise Pundit::NotAuthorizedError do
+      QuestionPolicy.new(nil, Question.first).view?
+    end
+  end
+
+  test 'should allow admin to scope' do
+    scope = QuestionPolicy::Scope.new(users(:admin), Question).resolve
+    assert_equal Question.count, scope.count
+  end
+
+  test 'should allow manager to scope' do
+    scope = QuestionPolicy::Scope.new(users(:manager), Question).resolve
+    assert_equal Question.count, scope.count
+  end
+
+  test 'should allow reviewer to scope' do
+    quiz_ids = users(:reviewer).quizzes.map(&:id)
+
+    scope = QuestionPolicy::Scope.new(users(:reviewer), Question).resolve
+    assert_equal Question.where(quiz_id: quiz_ids).count, scope.count
+  end
+
+  test 'should NOT allow recruiter to scope' do
+    assert_raise Pundit::NotAuthorizedError do
+      QuestionPolicy::Scope.new(users(:recruiter), Question).resolve
+    end
+  end
+
+  def test_view
+    assert_permit users(:admin), questions(:fed1)
+    assert_permit users(:manager), questions(:fed1)
+    assert_permit users(:reviewer), questions(:fed1)
+
+    refute_permit users(:reviewer), questions(:admin1)
+    refute_permit users(:recruiter), questions(:fed1)
+  end
+
+  def test_create_and_update
+    assert_permit users(:admin), Question
+    assert_permit users(:manager), Question
+
+    refute_permit users(:recruiter), Question
+    refute_permit users(:reviewer), Question
+  end
+end
--- a/test/policies/user_policy_test.rb
+++ b/test/policies/user_policy_test.rb
@ -2,6 +2,12 @@
 require 'test_helper'

 class UserPolicyTest < PolicyAssertions::Test
+  test 'should require current_user' do
+    assert_raise Pundit::NotAuthorizedError do
+      UserPolicy.new(nil, User.first).view?
+    end
+  end
+
  test 'should allow admin to scope' do
    scope = UserPolicy::Scope.new(users(:admin), User).resolve
    assert_equal User.count, scope.count
@ -13,12 +19,6 @@ class UserPolicyTest < PolicyAssertions::Test
    end
  end

-  test 'should require current_user' do
-    assert_raise Pundit::NotAuthorizedError do
-      UserPolicy.new(nil, User.first).view?
-    end
-  end
-
  def test_view
    assert_permit users(:admin), User.first