145 lines
3.7 KiB
Ruby
145 lines
3.7 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'rails_helper'
|
|
|
|
RSpec.describe 'Admin Roles' do
|
|
context 'when signed in as lower permissions user' do
|
|
let(:user_role) { Fabricate(:user_role, permissions: UserRole::Flags::NONE) }
|
|
|
|
before { sign_in Fabricate(:user, role: user_role) }
|
|
|
|
describe 'GET /admin/roles' do
|
|
it 'returns http forbidden' do
|
|
get admin_roles_path
|
|
|
|
expect(response)
|
|
.to have_http_status(403)
|
|
end
|
|
end
|
|
|
|
describe 'GET /admin/roles/new' do
|
|
it 'returns http forbidden' do
|
|
get new_admin_role_path
|
|
|
|
expect(response)
|
|
.to have_http_status(403)
|
|
end
|
|
end
|
|
|
|
describe 'GET /admin/roles/:id/edit' do
|
|
let(:role) { Fabricate(:user_role) }
|
|
|
|
it 'returns http forbidden' do
|
|
get edit_admin_role_path(role)
|
|
|
|
expect(response)
|
|
.to have_http_status(403)
|
|
end
|
|
end
|
|
|
|
describe 'PUT /admin/roles/:id' do
|
|
let(:role) { Fabricate(:user_role) }
|
|
|
|
it 'returns http forbidden' do
|
|
put admin_role_path(role)
|
|
|
|
expect(response)
|
|
.to have_http_status(403)
|
|
end
|
|
end
|
|
|
|
describe 'DELETE /admin/roles/:id' do
|
|
let(:role) { Fabricate(:user_role) }
|
|
|
|
it 'returns http forbidden' do
|
|
delete admin_role_path(role)
|
|
|
|
expect(response)
|
|
.to have_http_status(403)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'when user has permissions to manage roles' do
|
|
let(:user_role) { Fabricate(:user_role, permissions: UserRole::FLAGS[:manage_users]) }
|
|
|
|
before { sign_in Fabricate(:user, role: user_role) }
|
|
|
|
context 'when target role permission outranks user' do
|
|
let(:role) { Fabricate(:user_role, position: user_role.position + 1) }
|
|
|
|
describe 'GET /admin/roles/:id/edit' do
|
|
it 'returns http forbidden' do
|
|
get edit_admin_role_path(role)
|
|
|
|
expect(response)
|
|
.to have_http_status(403)
|
|
end
|
|
end
|
|
|
|
describe 'PUT /admin/roles/:id' do
|
|
it 'returns http forbidden' do
|
|
put admin_role_path(role)
|
|
|
|
expect(response)
|
|
.to have_http_status(403)
|
|
end
|
|
end
|
|
|
|
describe 'DELETE /admin/roles/:id' do
|
|
it 'returns http forbidden' do
|
|
delete admin_role_path(role)
|
|
|
|
expect(response)
|
|
.to have_http_status(403)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'when attempting to add permissions the user does not have' do
|
|
let(:user_role) { Fabricate(:user_role, permissions: UserRole::FLAGS[:manage_roles], position: 5) }
|
|
|
|
before { sign_in Fabricate(:user, role: user_role) }
|
|
|
|
describe 'POST /admin/roles' do
|
|
subject { post admin_roles_path, params: { user_role: { name: 'Bar', position: 2, permissions_as_keys: %w(manage_roles manage_users manage_reports) } } }
|
|
|
|
it 'does not create role' do
|
|
expect { subject }
|
|
.to_not change(UserRole, :count)
|
|
|
|
expect(response.body)
|
|
.to include(I18n.t('admin.roles.add_new'))
|
|
end
|
|
end
|
|
|
|
describe 'PUT /admin/roles/:id' do
|
|
subject { put admin_role_path(role), params: { user_role: { position: 2, permissions_as_keys: %w(manage_roles manage_users manage_reports) } } }
|
|
|
|
let(:role) { Fabricate(:user_role, name: 'Bar') }
|
|
|
|
it 'does not create role' do
|
|
expect { subject }
|
|
.to_not(change { role.reload.permissions })
|
|
|
|
expect(response.parsed_body.title)
|
|
.to match(I18n.t('admin.roles.edit', name: 'Bar'))
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'when signed in as admin' do
|
|
before { sign_in Fabricate(:admin_user) }
|
|
|
|
describe 'POST /admin/roles' do
|
|
it 'gracefully handles invalid nested params' do
|
|
post admin_roles_path(user_role: 'invalid')
|
|
|
|
expect(response)
|
|
.to have_http_status(400)
|
|
end
|
|
end
|
|
end
|
|
end
|