demarches-normaliennes/spec/controllers/super_admins/release_notes_controller_spec.rb

require 'rails_helper'

describe SuperAdmins::ReleaseNotesController, type: :controller do
  let(:super_admin) { create(:super_admin) }

  before do
    sign_in super_admin if super_admin.present?
  end

  describe "acl" do
    context 'when user is not signed as super admin' do
      let(:super_admin) { nil }
      let!(:release_note) { create(:release_note, published: false) }

      it 'is not allowed to post' do
        expect { post :create, params: { release_note: { released_on: Date.current, published: "0", body: "bam" } } }.not_to change(ReleaseNote, :count)
        expect(response.status).to eq(302)
        expect(flash[:alert]).to be_present
      end

      it 'is not allowed to put' do
        expect {
          put :update, params: {
            id: release_note.id,
            release_note: {
              released_on: Date.current,
              published: "1",
              categories: release_note.categories,
              body: "hacked body"
            }
          }
        }.not_to change { release_note.reload.body }
        expect(response.status).to eq(302)
        expect(flash[:alert]).to be_present
      end

      it 'is not allowed to index' do
        get :index
        expect(response.status).to eq(302)
        expect(flash[:alert]).to be_present
      end

      it 'is not allowed to destroy' do
        delete :destroy, params: { id: release_note.id }
        expect(response.status).to eq(302)
        expect(flash[:alert]).to be_present
        expect(release_note.reload).to be_persisted
      end
    end

    context 'when user is signed as super admin' do
      let(:release_note) { create(:release_note, published: false) }

      it 'is allowed to post' do
        expect { post :create, params: { release_note: { categories: ['api'], released_on: Date.current, published: "0", body: "bam" } } }.to change(ReleaseNote, :count).by(1)
        expect(flash[:notice]).to be_present
      end

      it 'is allowed to put' do
        put :update, params: {
          id: release_note.id,
          release_note: {
            released_on: Date.current,
            published: "1",
            categories: release_note.categories,
            body: "new body"
          }
        }

        release_note.reload
        expect(release_note.body.to_plain_text).to eq("new body")
        expect(release_note.published).to be_truthy
      end

      it 'is allowed to destroy' do
        delete :destroy, params: { id: release_note.id }
        expect(flash[:notice]).to be_present
        expect { release_note.reload }.to raise_error(ActiveRecord::RecordNotFound)
      end
    end
  end
end