You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

68 lines
2.2 KiB

require 'spec_helper'
# needs "rake db:test:clone" for the "hosts" part
describe Ability do
include_context "data"
context "basic" do
it "allows me to manage my domains and their records, and my hosts" do
user.should be_able_to(:manage, domain)
user.should be_able_to(:manage, a_record)
user.should be_able_to(:manage, soa_record)
user.should_not be_able_to(:delete, soa_record) # SOA deleted only via parent
user.should be_able_to(:manage, host_a_record)
end
it "denies other user to manage my domains and their records, and my hosts" do
other_user.should_not be_able_to(:manage, domain)
other_user.should_not be_able_to(:manage, a_record)
other_user.should_not be_able_to(:manage, soa_record)
other_user.should_not be_able_to(:manage, host_a_record)
end
it "allows admin to manage other user's hosts" do
admin.should be_able_to(:manage, host_a_record)
end
end
context "permitted" do
before do
permission # ensure permission to domain
end
it "allows other user to manage user's domains and records, if permitted" do
other_user.should be_able_to(:manage, domain)
other_user.should be_able_to(:manage, a_record)
other_user.should be_able_to(:manage, soa_record)
end
it "denies third user to manage user's permitted domains and records" do
third_user.should_not be_able_to(:manage, domain)
third_user.should_not be_able_to(:manage, a_record)
third_user.should_not be_able_to(:manage, soa_record)
end
it "allows other user to manage user's permitted subdomains" do
other_user.should be_able_to(:manage, subdomain)
other_user.should be_able_to(:manage, subsubdomain)
end
it "denies third user to manage other user's permitted subdomains" do
third_user.should_not be_able_to(:manage, subdomain)
third_user.should_not be_able_to(:manage, subsubdomain)
end
end
context "permission" do
it "allows me to manage my domain's permissions" do
user.should be_able_to(:manage, permission)
end
it "denies other user to manage my domain's permissions" do
other_user.should_not be_able_to(:manage, permission)
end
end
end