# frozen_string_literal: true require 'test_helper' class UserPolicyTest < PolicyAssertions::Test test 'should require current_user' do assert_raise Pundit::NotAuthorizedError do UserPolicy.new(nil, User.first).view? end end test 'should allow admin to scope' do scope = UserPolicy::Scope.new(users(:admin), User).resolve assert_equal User.count, scope.count end test 'should not allow non_admin to scope' do %i(manager reviewer recruiter).each do |role| assert_raise Pundit::NotAuthorizedError, "Failed to raise auth error for #{role}" do UserPolicy::Scope.new(users(role), User).resolve end end end # view? test 'admin can view any user role' do assert_permit users(:admin), users(:admin), 'view?' assert_permit users(:admin), users(:manager), 'view?' assert_permit users(:admin), users(:reviewer), 'view?' assert_permit users(:admin), users(:recruiter), 'view?' end test 'manager can only view herself' do assert_permit users(:manager), users(:manager), 'view?' refute_permit users(:manager), users(:admin), 'view?' refute_permit users(:manager), users(:reviewer), 'view?' refute_permit users(:manager), users(:recruiter), 'view?' end test 'reviewer can only view herself' do assert_permit users(:reviewer), users(:reviewer), 'view?' refute_permit users(:reviewer), users(:admin), 'view?' refute_permit users(:reviewer), users(:manager), 'view?' refute_permit users(:reviewer), users(:recruiter), 'view?' end test 'recruiter can only view herself' do assert_permit users(:recruiter), users(:recruiter), 'view?' refute_permit users(:recruiter), users(:admin), 'view?' refute_permit users(:recruiter), users(:manager), 'view?' refute_permit users(:recruiter), users(:reviewer), 'view?' end # update? test 'admin can update any user role' do assert_permit users(:admin), users(:admin), 'update?' assert_permit users(:admin), users(:manager), 'update?' assert_permit users(:admin), users(:reviewer), 'update?' assert_permit users(:admin), users(:recruiter), 'update?' end test 'manager can only update herself' do assert_permit users(:manager), users(:manager), 'update?' refute_permit users(:manager), users(:admin), 'update?' refute_permit users(:manager), users(:reviewer), 'update?' refute_permit users(:manager), users(:recruiter), 'update?' end test 'reupdateer can only update herself' do assert_permit users(:reviewer), users(:reviewer), 'update?' refute_permit users(:reviewer), users(:admin), 'update?' refute_permit users(:reviewer), users(:manager), 'update?' refute_permit users(:reviewer), users(:recruiter), 'update?' end test 'recruiter can only update herself' do assert_permit users(:recruiter), users(:recruiter), 'update?' refute_permit users(:recruiter), users(:admin), 'update?' refute_permit users(:recruiter), users(:manager), 'update?' refute_permit users(:recruiter), users(:reviewer), 'update?' end # create test 'only admin can create users' do assert_permit users(:admin), User, 'create?' refute_permit users(:manager), User, 'create?' refute_permit users(:reviewer), User, 'create?' refute_permit users(:recruiter), User, 'create?' end end