From 40d79b5503fcc5fdda1cd06fed48f45e93760089 Mon Sep 17 00:00:00 2001 From: Vokhmin Alexey V Date: Mon, 13 Apr 2015 21:16:30 +0300 Subject: [PATCH] #465: Added specs for PlatformPolicy --- app/policies/platform_policy.rb | 5 +- spec/policies/platform_policy_spec.rb | 264 ++++++++++++++++++++++++++ 2 files changed, 265 insertions(+), 4 deletions(-) create mode 100644 spec/policies/platform_policy_spec.rb diff --git a/app/policies/platform_policy.rb b/app/policies/platform_policy.rb index d0fd6e2d6..56c3a949b 100644 --- a/app/policies/platform_policy.rb +++ b/app/policies/platform_policy.rb @@ -7,6 +7,7 @@ class PlatformPolicy < ApplicationPolicy def allowed? true end + alias_method :platforms_for_build?, :allowed? def show? return true if is_admin? @@ -26,10 +27,6 @@ class PlatformPolicy < ApplicationPolicy owner? || local_reader? end - def platforms_for_build? - true - end - def create? is_admin? end diff --git a/spec/policies/platform_policy_spec.rb b/spec/policies/platform_policy_spec.rb new file mode 100644 index 000000000..2ee3cacd8 --- /dev/null +++ b/spec/policies/platform_policy_spec.rb @@ -0,0 +1,264 @@ +require 'spec_helper' + +RSpec.describe PlatformPolicy, type: :policy do + let(:platform) { FactoryGirl.build(:platform) } + subject { described_class } + + permissions :index? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, :platform) + end + + it "grants access to user" do + expect(subject).to permit(FactoryGirl.create(:user), :platform) + end + end + + + %i(allowed? platforms_for_build?).each do |perm| + permissions perm do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, :platform) + end + end + end + + %i(show? advisories? owned? read? related?).each do |perm| + permissions perm do + context 'open platform' do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, platform) + end + end + + context 'hidden platform' do + before do + platform.visibility = Platform::VISIBILITY_HIDDEN + end + + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for reader of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:local_reader?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for reader of repository" do + allow_any_instance_of(PlatformPolicy).to receive(:user_platform_ids).and_return([platform.id]) + expect(subject).to permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + end + end + end + + permissions :members? do + context 'open platform' do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, platform) + end + end + + context 'hidden platform' do + before do + platform.visibility = Platform::VISIBILITY_HIDDEN + end + + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for reader of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:local_reader?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + end + end + + permissions :create? do + it "denies access to user" do + expect(subject).to_not permit(User.new, :platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), :platform) + end + end + + permissions :update? do + it "denies access to user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + end + + permissions :destroy? do + it "denies access to user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + + context 'personal platform' do + let(:platform) { FactoryGirl.build(:personal_platform) } + + it "denies access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to_not permit(User.new, platform) + end + + it "denies access for to global admin" do + expect(subject).to_not permit(FactoryGirl.build(:admin), platform) + end + end + end + + %i(local_admin_manage? add_project? remove_file?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for admin of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:local_admin?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + end + end + + %i(clone? make_clone?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + + context 'personal platform' do + let(:platform) { FactoryGirl.build(:personal_platform) } + + it "denies access for to global admin" do + expect(subject).to_not permit(FactoryGirl.build(:admin), platform) + end + end + end + end + + %i(add_member? regenerate_metadata? remove_member? remove_members?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for admin of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:local_admin?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + + context 'personal platform' do + let(:platform) { FactoryGirl.build(:personal_platform) } + + it "denies access for admin of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:local_admin?).and_return(true) + expect(subject).to_not permit(User.new, platform) + end + + it "denies access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to_not permit(User.new, platform) + end + + it "denies access for to global admin" do + expect(subject).to_not permit(FactoryGirl.build(:admin), platform) + end + end + end + end + + permissions :clear? do + it "denies access to user" do + expect(subject).to_not permit(User.new, platform) + end + + it "denies access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to_not permit(User.new, platform) + end + + it "denies access for to global admin" do + expect(subject).to_not permit(FactoryGirl.build(:admin), platform) + end + + context 'personal platform' do + let(:platform) { FactoryGirl.build(:personal_platform) } + + it "denies access to user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + end + end + +end