roles_controller_spec.rb 7.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250
  1. require 'rails_helper'
  2. describe Admin::RolesController do
  3. render_views
  4. let(:permissions) { UserRole::Flags::NONE }
  5. let(:current_role) { UserRole.create(name: 'Foo', permissions: permissions, position: 10) }
  6. let(:current_user) { Fabricate(:user, role: current_role) }
  7. before do
  8. sign_in current_user, scope: :user
  9. end
  10. describe 'GET #index' do
  11. before do
  12. get :index
  13. end
  14. context 'when user does not have permission to manage roles' do
  15. it 'returns http forbidden' do
  16. expect(response).to have_http_status(:forbidden)
  17. end
  18. end
  19. context 'when user has permission to manage roles' do
  20. let(:permissions) { UserRole::FLAGS[:manage_roles] }
  21. it 'returns http success' do
  22. expect(response).to have_http_status(:success)
  23. end
  24. end
  25. end
  26. describe 'GET #new' do
  27. before do
  28. get :new
  29. end
  30. context 'when user does not have permission to manage roles' do
  31. it 'returns http forbidden' do
  32. expect(response).to have_http_status(:forbidden)
  33. end
  34. end
  35. context 'when user has permission to manage roles' do
  36. let(:permissions) { UserRole::FLAGS[:manage_roles] }
  37. it 'returns http success' do
  38. expect(response).to have_http_status(:success)
  39. end
  40. end
  41. end
  42. describe 'POST #create' do
  43. let(:selected_position) { 1 }
  44. let(:selected_permissions_as_keys) { %w(manage_roles) }
  45. before do
  46. post :create, params: { user_role: { name: 'Bar', position: selected_position, permissions_as_keys: selected_permissions_as_keys } }
  47. end
  48. context 'when user has permission to manage roles' do
  49. let(:permissions) { UserRole::FLAGS[:manage_roles] }
  50. context 'when new role\'s does not elevate above the user\'s role' do
  51. let(:selected_position) { 1 }
  52. let(:selected_permissions_as_keys) { %w(manage_roles) }
  53. it 'redirects to roles page' do
  54. expect(response).to redirect_to(admin_roles_path)
  55. end
  56. it 'creates new role' do
  57. expect(UserRole.find_by(name: 'Bar')).to_not be_nil
  58. end
  59. end
  60. context 'when new role\'s position is higher than user\'s role' do
  61. let(:selected_position) { 100 }
  62. let(:selected_permissions_as_keys) { %w(manage_roles) }
  63. it 'renders new template' do
  64. expect(response).to render_template(:new)
  65. end
  66. it 'does not create new role' do
  67. expect(UserRole.find_by(name: 'Bar')).to be_nil
  68. end
  69. end
  70. context 'when new role has permissions the user does not have' do
  71. let(:selected_position) { 1 }
  72. let(:selected_permissions_as_keys) { %w(manage_roles manage_users manage_reports) }
  73. it 'renders new template' do
  74. expect(response).to render_template(:new)
  75. end
  76. it 'does not create new role' do
  77. expect(UserRole.find_by(name: 'Bar')).to be_nil
  78. end
  79. end
  80. context 'when user has administrator permission' do
  81. let(:permissions) { UserRole::FLAGS[:administrator] }
  82. let(:selected_position) { 1 }
  83. let(:selected_permissions_as_keys) { %w(manage_roles manage_users manage_reports) }
  84. it 'redirects to roles page' do
  85. expect(response).to redirect_to(admin_roles_path)
  86. end
  87. it 'creates new role' do
  88. expect(UserRole.find_by(name: 'Bar')).to_not be_nil
  89. end
  90. end
  91. end
  92. end
  93. describe 'GET #edit' do
  94. let(:role_position) { 8 }
  95. let(:role) { UserRole.create(name: 'Bar', permissions: UserRole::FLAGS[:manage_users], position: role_position) }
  96. before do
  97. get :edit, params: { id: role.id }
  98. end
  99. context 'when user does not have permission to manage roles' do
  100. it 'returns http forbidden' do
  101. expect(response).to have_http_status(:forbidden)
  102. end
  103. end
  104. context 'when user has permission to manage roles' do
  105. let(:permissions) { UserRole::FLAGS[:manage_roles] }
  106. context 'when user outranks the role' do
  107. it 'returns http success' do
  108. expect(response).to have_http_status(:success)
  109. end
  110. end
  111. context 'when role outranks user' do
  112. let(:role_position) { current_role.position + 1 }
  113. it 'returns http forbidden' do
  114. expect(response).to have_http_status(:forbidden)
  115. end
  116. end
  117. end
  118. end
  119. describe 'PUT #update' do
  120. let(:role_position) { 8 }
  121. let(:role_permissions) { UserRole::FLAGS[:manage_users] }
  122. let(:role) { UserRole.create(name: 'Bar', permissions: role_permissions, position: role_position) }
  123. let(:selected_position) { 8 }
  124. let(:selected_permissions_as_keys) { %w(manage_users) }
  125. before do
  126. put :update, params: { id: role.id, user_role: { name: 'Baz', position: selected_position, permissions_as_keys: selected_permissions_as_keys } }
  127. end
  128. context 'when user does not have permission to manage roles' do
  129. it 'returns http forbidden' do
  130. expect(response).to have_http_status(:forbidden)
  131. end
  132. it 'does not update the role' do
  133. expect(role.reload.name).to eq 'Bar'
  134. end
  135. end
  136. context 'when user has permission to manage roles' do
  137. let(:permissions) { UserRole::FLAGS[:manage_roles] }
  138. context 'when role has permissions the user doesn\'t' do
  139. it 'renders edit template' do
  140. expect(response).to render_template(:edit)
  141. end
  142. it 'does not update the role' do
  143. expect(role.reload.name).to eq 'Bar'
  144. end
  145. end
  146. context 'when user has all permissions of the role' do
  147. let(:permissions) { UserRole::FLAGS[:manage_roles] | UserRole::FLAGS[:manage_users] }
  148. context 'when user outranks the role' do
  149. it 'redirects to roles page' do
  150. expect(response).to redirect_to(admin_roles_path)
  151. end
  152. it 'updates the role' do
  153. expect(role.reload.name).to eq 'Baz'
  154. end
  155. end
  156. context 'when role outranks user' do
  157. let(:role_position) { current_role.position + 1 }
  158. it 'returns http forbidden' do
  159. expect(response).to have_http_status(:forbidden)
  160. end
  161. it 'does not update the role' do
  162. expect(role.reload.name).to eq 'Bar'
  163. end
  164. end
  165. end
  166. end
  167. end
  168. describe 'DELETE #destroy' do
  169. let(:role_position) { 8 }
  170. let(:role) { UserRole.create(name: 'Bar', permissions: UserRole::FLAGS[:manage_users], position: role_position) }
  171. before do
  172. delete :destroy, params: { id: role.id }
  173. end
  174. context 'when user does not have permission to manage roles' do
  175. it 'returns http forbidden' do
  176. expect(response).to have_http_status(:forbidden)
  177. end
  178. end
  179. context 'when user has permission to manage roles' do
  180. let(:permissions) { UserRole::FLAGS[:manage_roles] }
  181. context 'when user outranks the role' do
  182. it 'redirects to roles page' do
  183. expect(response).to redirect_to(admin_roles_path)
  184. end
  185. end
  186. context 'when role outranks user' do
  187. let(:role_position) { current_role.position + 1 }
  188. it 'returns http forbidden' do
  189. expect(response).to have_http_status(:forbidden)
  190. end
  191. end
  192. end
  193. end
  194. end