entrydns/spec/models/user_ability_spec.rb

require 'spec_helper'

# needs "rake db:test:clone" for the "hosts" part

describe UserAbility do
  include_context "data"
  let(:crud){UserAbility::CRUD}

  context "basic" do
    it "allows me to manage my domains and their records, and my hosts" do
      user.should be_able_to(crud, domain)
      user.should be_able_to(crud, a_record)
      user.should be_able_to(crud, soa_record)
      user.should_not be_able_to(:delete, soa_record) # SOA deleted only via parent
      user.should be_able_to(crud, host_a_record)
    end
  
    it "denies other user to manage my domains and their records, and my hosts" do
      user2.should_not be_able_to(crud, domain)
      user2.should_not be_able_to(crud, a_record)
      user2.should_not be_able_to(crud, soa_record)
      user2.should_not be_able_to(crud, host_a_record)
    end
  
    it "allows admin to manage other user's hosts" do
      admin.should be_able_to(crud, host_a_record)
    end
  end
  
  context "permitted" do
    before do
      User.do_as(user) do
        domain
        subdomain
        subsubdomain
        permission # ensure permission to domain
      end
    end
    
    it "allows other user to manage user's domains and records, if permitted" do
      User.do_as(user2) do
        user2.should be_able_to(crud, domain)
        user2.should be_able_to(crud, a_record)
        user2.should be_able_to(crud, soa_record)
      end
    end
    
    it "denies third user to manage user's permitted domains and records" do
      User.do_as(user3) do
        user3.should_not be_able_to(crud, domain)
        user3.should_not be_able_to(crud, a_record)
        user3.should_not be_able_to(crud, soa_record)
      end
    end

    it "allows other user to manage user's permitted subdomains" do
      User.do_as(user2) do
        user2.should be_able_to(crud, subdomain)
        user2.should be_able_to(crud, subsubdomain)
      end
    end

    it "denies third user to manage other user's permitted subdomains" do
      User.do_as(user3) do
        user3.should_not be_able_to(crud, subdomain)
        user3.should_not be_able_to(crud, subsubdomain)
      end
    end
  end
  
  context "permission" do
    it "allows me to manage my domain's permissions" do
      user.should be_able_to(crud, permission)
    end

    it "denies other user to manage my domain's permissions" do
      user2.should_not be_able_to(crud, permission)
    end
  end

end
ability tests, formatting typo, capybara, matchers 13 years ago			`require 'spec_helper'`

			`# needs "rake db:test:clone" for the "hosts" part`

major refurbish 12 years ago			`describe UserAbility do`
ability tests, formatting typo, capybara, matchers 13 years ago			`include_context "data"`
major refurbish 12 years ago			`let(:crud){UserAbility::CRUD}`
ability tests, formatting typo, capybara, matchers 13 years ago
domain sharing, initial setup 13 years ago			`context "basic" do`
			`it "allows me to manage my domains and their records, and my hosts" do`
ACL things 13 years ago			`user.should be_able_to(crud, domain)`
			`user.should be_able_to(crud, a_record)`
			`user.should be_able_to(crud, soa_record)`
userstamps, subdomains authorization, full Squeel compatibility, tests refactor 13 years ago			`user.should_not be_able_to(:delete, soa_record) # SOA deleted only via parent`
ACL things 13 years ago			`user.should be_able_to(crud, host_a_record)`
domain sharing, initial setup 13 years ago			`end`

			`it "denies other user to manage my domains and their records, and my hosts" do`
ACL things 13 years ago			`user2.should_not be_able_to(crud, domain)`
			`user2.should_not be_able_to(crud, a_record)`
			`user2.should_not be_able_to(crud, soa_record)`
			`user2.should_not be_able_to(crud, host_a_record)`
domain sharing, initial setup 13 years ago			`end`
ability tests, formatting typo, capybara, matchers 13 years ago
domain sharing, initial setup 13 years ago			`it "allows admin to manage other user's hosts" do`
ACL things 13 years ago			`admin.should be_able_to(crud, host_a_record)`
domain sharing, initial setup 13 years ago			`end`
ability tests, formatting typo, capybara, matchers 13 years ago			`end`

userstamps, subdomains authorization, full Squeel compatibility, tests refactor 13 years ago			`context "permitted" do`
			`before do`
domain parent upstream lookup, tests fixes, refactor 13 years ago			`User.do_as(user) do`
			`domain`
			`subdomain`
			`subsubdomain`
			`permission # ensure permission to domain`
			`end`
domain sharing, initial setup 13 years ago			`end`

userstamps, subdomains authorization, full Squeel compatibility, tests refactor 13 years ago			`it "allows other user to manage user's domains and records, if permitted" do`
domain parent upstream lookup, tests fixes, refactor 13 years ago			`User.do_as(user2) do`
			`user2.should be_able_to(crud, domain)`
			`user2.should be_able_to(crud, a_record)`
			`user2.should be_able_to(crud, soa_record)`
			`end`
userstamps, subdomains authorization, full Squeel compatibility, tests refactor 13 years ago			`end`

more tests, small refactor 13 years ago			`it "denies third user to manage user's permitted domains and records" do`
domain parent upstream lookup, tests fixes, refactor 13 years ago			`User.do_as(user3) do`
			`user3.should_not be_able_to(crud, domain)`
			`user3.should_not be_able_to(crud, a_record)`
			`user3.should_not be_able_to(crud, soa_record)`
			`end`
more tests, small refactor 13 years ago			`end`

userstamps, subdomains authorization, full Squeel compatibility, tests refactor 13 years ago			`it "allows other user to manage user's permitted subdomains" do`
domain parent upstream lookup, tests fixes, refactor 13 years ago			`User.do_as(user2) do`
			`user2.should be_able_to(crud, subdomain)`
			`user2.should be_able_to(crud, subsubdomain)`
			`end`
userstamps, subdomains authorization, full Squeel compatibility, tests refactor 13 years ago			`end`
more tests, small refactor 13 years ago
			`it "denies third user to manage other user's permitted subdomains" do`
domain parent upstream lookup, tests fixes, refactor 13 years ago			`User.do_as(user3) do`
			`user3.should_not be_able_to(crud, subdomain)`
			`user3.should_not be_able_to(crud, subsubdomain)`
			`end`
more tests, small refactor 13 years ago			`end`
userstamps, subdomains authorization, full Squeel compatibility, tests refactor 13 years ago			`end`

			`context "permission" do`
domain sharing, initial setup 13 years ago			`it "allows me to manage my domain's permissions" do`
ACL things 13 years ago			`user.should be_able_to(crud, permission)`
domain sharing, initial setup 13 years ago			`end`

			`it "denies other user to manage my domain's permissions" do`
ACL things 13 years ago			`user2.should_not be_able_to(crud, permission)`
domain sharing, initial setup 13 years ago			`end`
ability tests, formatting typo, capybara, matchers 13 years ago			`end`

			`end`