2019-06-27 16:26:07 +02:00
|
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
|
|
|
|
describe ChampPolicy do
|
2019-10-08 14:28:26 +02:00
|
|
|
|
let(:champ) { create(:champ_text, private: private, dossier: dossier) }
|
|
|
|
|
|
let(:dossier) { create(:dossier, user: dossier_owner) }
|
|
|
|
|
|
let(:dossier_owner) { create(:user) }
|
2019-06-27 16:26:07 +02:00
|
|
|
|
|
2019-10-08 14:28:26 +02:00
|
|
|
|
let(:signed_in_user) { create(:user) }
|
|
|
|
|
|
let(:account) { { user: signed_in_user } }
|
2019-08-01 15:48:27 +02:00
|
|
|
|
|
|
|
|
|
|
subject { Pundit.policy_scope(account, Champ) }
|
2019-06-27 16:26:07 +02:00
|
|
|
|
|
2019-10-08 14:28:26 +02:00
|
|
|
|
shared_examples_for 'they can access a public champ' do
|
|
|
|
|
|
let(:private) { false }
|
|
|
|
|
|
it { expect(subject.find_by(id: champ.id)).to eq(champ) }
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
shared_examples_for 'they can’t access a public champ' do
|
|
|
|
|
|
let(:private) { false }
|
|
|
|
|
|
it { expect(subject.find_by(id: champ.id)).to eq(nil) }
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
shared_examples_for 'they can access a private champ' do
|
|
|
|
|
|
let(:private) { true }
|
|
|
|
|
|
it { expect(subject.find_by(id: champ.id)).to eq(champ) }
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
shared_examples_for 'they can’t access a private champ' do
|
|
|
|
|
|
let(:private) { true }
|
|
|
|
|
|
it { expect(subject.find_by(id: champ.id)).to eq(nil) }
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
context 'when an user only has user rights' do
|
|
|
|
|
|
context 'as the dossier owner' do
|
|
|
|
|
|
let(:signed_in_user) { dossier_owner }
|
|
|
|
|
|
|
|
|
|
|
|
it_behaves_like 'they can access a public champ'
|
|
|
|
|
|
it_behaves_like 'they can’t access a private champ'
|
|
|
|
|
|
end
|
2019-06-27 16:26:07 +02:00
|
|
|
|
|
2019-10-08 14:28:26 +02:00
|
|
|
|
context 'as another user' do
|
|
|
|
|
|
let(:signed_in_user) { create(:user) }
|
|
|
|
|
|
|
|
|
|
|
|
it_behaves_like 'they can’t access a public champ'
|
|
|
|
|
|
it_behaves_like 'they can’t access a private champ'
|
|
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
context 'when the user also has instruction rights' do
|
|
|
|
|
|
let(:instructeur) { create(:instructeur, email: signed_in_user.email, password: signed_in_user.password) }
|
|
|
|
|
|
let(:account) { { user: signed_in_user, instructeur: instructeur } }
|
|
|
|
|
|
|
|
|
|
|
|
context 'as the dossier instructeur and owner' do
|
|
|
|
|
|
let(:signed_in_user) { dossier_owner }
|
|
|
|
|
|
before { instructeur.assign_to_procedure(dossier.procedure) }
|
|
|
|
|
|
|
|
|
|
|
|
it_behaves_like 'they can access a public champ'
|
|
|
|
|
|
it_behaves_like 'they can access a private champ'
|
2019-06-27 16:26:07 +02:00
|
|
|
|
end
|
|
|
|
|
|
|
2019-10-08 14:28:26 +02:00
|
|
|
|
context 'as the dossier instructeur (but not owner)' do
|
|
|
|
|
|
let(:signed_in_user) { create(:user) }
|
|
|
|
|
|
before { instructeur.assign_to_procedure(dossier.procedure) }
|
|
|
|
|
|
|
|
|
|
|
|
it_behaves_like 'they can’t access a public champ'
|
|
|
|
|
|
it_behaves_like 'they can access a private champ'
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
context 'as an instructeur not assigned to the procedure' do
|
|
|
|
|
|
let(:signed_in_user) { create(:user) }
|
|
|
|
|
|
|
|
|
|
|
|
it_behaves_like 'they can’t access a public champ'
|
|
|
|
|
|
it_behaves_like 'they can’t access a private champ'
|
2019-06-27 16:26:07 +02:00
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
end
|
