255e430abd
now managers and reviewers can only see quizzes and completed results for those quizzes they have been assigned to.
48 lines
1.3 KiB
Ruby
48 lines
1.3 KiB
Ruby
# frozen_string_literal: true
|
|
require 'test_helper'
|
|
|
|
class QuizPolicyTest < PolicyAssertions::Test
|
|
test 'should require current_user' do
|
|
assert_raise Pundit::NotAuthorizedError do
|
|
QuizPolicy.new(nil, Quiz.first).view?
|
|
end
|
|
end
|
|
|
|
test 'should allow admin to scope' do
|
|
scope = QuizPolicy::Scope.new(users(:admin), Quiz).resolve
|
|
assert_equal Quiz.count, scope.count
|
|
end
|
|
|
|
test 'should allow manager to scope' do
|
|
scope = QuizPolicy::Scope.new(users(:manager), Quiz).resolve
|
|
assert_equal users(:manager).quizzes.count, scope.count
|
|
end
|
|
|
|
test 'should allow reviewer to scope' do
|
|
scope = QuizPolicy::Scope.new(users(:reviewer), Quiz).resolve
|
|
assert_equal users(:reviewer).quizzes.count, scope.count
|
|
end
|
|
|
|
test 'should allow recruiter to scope' do
|
|
scope = QuizPolicy::Scope.new(users(:recruiter), Quiz).resolve
|
|
assert_equal Quiz.count, scope.count
|
|
end
|
|
|
|
def test_view
|
|
assert_permit users(:admin), quizzes(:fed)
|
|
assert_permit users(:manager), quizzes(:fed)
|
|
assert_permit users(:reviewer), quizzes(:fed)
|
|
|
|
refute_permit users(:reviewer), quizzes(:admin)
|
|
refute_permit users(:recruiter), quizzes(:fed)
|
|
end
|
|
|
|
def test_create_and_update
|
|
assert_permit users(:admin), Quiz
|
|
assert_permit users(:manager), Quiz
|
|
|
|
refute_permit users(:recruiter), Quiz
|
|
refute_permit users(:reviewer), Quiz
|
|
end
|
|
end
|