demarches-normaliennes/spec/policies/champ_policy_spec.rb
2024-10-04 12:29:50 +02:00

100 lines
3.4 KiB
Ruby
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# frozen_string_literal: true
describe ChampPolicy do
let(:procedure) { create(:procedure, :with_type_de_champ, :with_type_de_champ_private) }
let(:dossier) { create(:dossier, procedure: procedure, user: dossier_owner) }
let(:dossier_owner) { create(:user) }
let(:signed_in_user) { create(:user) }
let(:account) { { user: signed_in_user } }
subject { Pundit.policy_scope(account, Champ) }
let(:champ) { dossier.project_champs_public.first }
let(:champ_private) { dossier.project_champs_private.first }
shared_examples_for 'they can access a public champ' do
it { expect(subject.find_by(id: champ.id)).to eq(champ) }
end
shared_examples_for 'they cant access a public champ' do
it { expect(subject.find_by(id: champ.id)).to eq(nil) }
end
shared_examples_for 'they can access a private champ' do
it { expect(subject.find_by(id: champ_private.id)).to eq(champ_private) }
end
shared_examples_for 'they cant access a private champ' do
it { expect(subject.find_by(id: champ_private.id)).to eq(nil) }
end
context 'when an user only has user rights' do
context 'as the dossier owner' do
let(:signed_in_user) { dossier_owner }
it_behaves_like 'they can access a public champ'
it_behaves_like 'they cant access a private champ'
end
context 'as a person invited on the dossier' do
let(:invite) { create(:invite, :with_user, dossier: dossier) }
let(:signed_in_user) { invite.user }
it_behaves_like 'they can access a public champ'
it_behaves_like 'they cant access a private champ'
end
context 'as another user' do
let(:signed_in_user) { create(:user) }
it_behaves_like 'they cant access a public champ'
it_behaves_like 'they cant access a private champ'
end
end
context 'when the user also has instruction rights' do
let(:instructeur) { create(:instructeur, user: signed_in_user) }
let(:account) { { user: signed_in_user, instructeur: instructeur } }
context 'as the dossier instructeur and owner' do
let(:signed_in_user) { dossier_owner }
before { instructeur.assign_to_procedure(dossier.procedure) }
it_behaves_like 'they can access a public champ'
it_behaves_like 'they can access a private champ'
end
context 'as the dossier instructeur (but not owner)' do
let(:signed_in_user) { create(:user) }
before { instructeur.assign_to_procedure(dossier.procedure) }
it_behaves_like 'they cant access a public champ'
it_behaves_like 'they can access a private champ'
end
context 'as an instructeur not assigned to the procedure' do
let(:signed_in_user) { create(:user) }
it_behaves_like 'they cant access a public champ'
it_behaves_like 'they cant access a private champ'
end
end
context 'when the champ is on a forked dossier' do
let(:signed_in_user) { dossier_owner }
let(:origin) { create(:dossier, procedure: procedure, user: dossier_owner) }
let(:dossier) { origin.find_or_create_editing_fork(dossier_owner) }
it_behaves_like 'they can access a public champ'
it_behaves_like 'they cant access a private champ'
context 'when the user is invited on the origin dossier' do
let(:invite) { create(:invite, :with_user, dossier: origin) }
let(:signed_in_user) { invite.user }
it_behaves_like 'they can access a public champ'
it_behaves_like 'they cant access a private champ'
end
end
end