diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb index ed79045..ebca5c5 100644 --- a/spec/models/ability_spec.rb +++ b/spec/models/ability_spec.rb @@ -37,10 +37,21 @@ describe Ability do other_user.should be_able_to(:manage, soa_record) end + it "denies third user to manage user's permitted domains and records" do + third_user.should_not be_able_to(:manage, domain) + third_user.should_not be_able_to(:manage, a_record) + third_user.should_not be_able_to(:manage, soa_record) + end + it "allows other user to manage user's permitted subdomains" do other_user.should be_able_to(:manage, subdomain) other_user.should be_able_to(:manage, subsubdomain) end + + it "denies third user to manage other user's permitted subdomains" do + third_user.should_not be_able_to(:manage, subdomain) + third_user.should_not be_able_to(:manage, subsubdomain) + end end context "permission" do diff --git a/spec/models/domain_spec.rb b/spec/models/domain_spec.rb index 072fd3e..6cf13c1 100644 --- a/spec/models/domain_spec.rb +++ b/spec/models/domain_spec.rb @@ -67,8 +67,9 @@ describe Domain do end it "queries domains corectly in index" do - wheres = Domain.accessible_by(user.ability).where_values - joins = Domain.accessible_by(user.ability).joins_values.map{|j| [j._name, j._type]} + query = Domain.accessible_by(user.ability) + wheres = query.where_values + joins = query.joins_values.map{|j| [j._name, j._type]} wheres.should == ["(`permissions`.`user_id` = #{user.id}) OR (`domains`.`user_id` = #{user.id})"] joins.should == [[:permissions, Arel::Nodes::OuterJoin]] end diff --git a/spec/models/record_spec.rb b/spec/models/record_spec.rb index 9737e95..7bc4ccb 100644 --- a/spec/models/record_spec.rb +++ b/spec/models/record_spec.rb @@ -35,8 +35,9 @@ describe Record do end it "queries A records corectly in index" do - wheres = A.accessible_by(user.ability).where_values - joins = A.accessible_by(user.ability).joins_values + query = A.accessible_by(user.ability) + wheres = query.where_values + joins = query.joins_values wheres.size.should == 2 wheres.second.should == "(`permissions`.`user_id` = #{user.id}) OR ((`records`.`user_id` = #{user.id}) OR (`domains`.`user_id` = #{user.id}))" record_joins_expectations(joins)