more tests, small refactor

spec/models/ability_spec.rb

@@ -37,10 +37,21 @@ describe Ability do
       other_user.should be_able_to(:manage, soa_record)
     end
     
+    it "denies third user to manage user's permitted domains and records" do
+      third_user.should_not be_able_to(:manage, domain)
+      third_user.should_not be_able_to(:manage, a_record)
+      third_user.should_not be_able_to(:manage, soa_record)
+    end
+
     it "allows other user to manage user's permitted subdomains" do
       other_user.should be_able_to(:manage, subdomain)
       other_user.should be_able_to(:manage, subsubdomain)
     end
+
+    it "denies third user to manage other user's permitted subdomains" do
+      third_user.should_not be_able_to(:manage, subdomain)
+      third_user.should_not be_able_to(:manage, subsubdomain)
+    end
   end
   
   context "permission" do

spec/models/domain_spec.rb

@@ -67,8 +67,9 @@ describe Domain do
   end
 
   it "queries domains corectly in index" do
-    wheres = Domain.accessible_by(user.ability).where_values
-    joins = Domain.accessible_by(user.ability).joins_values.map{|j| [j._name, j._type]}
+    query = Domain.accessible_by(user.ability)
+    wheres = query.where_values
+    joins = query.joins_values.map{|j| [j._name, j._type]}
     wheres.should == ["(`permissions`.`user_id` = #{user.id}) OR (`domains`.`user_id` = #{user.id})"]
     joins.should == [[:permissions, Arel::Nodes::OuterJoin]]
   end

spec/models/record_spec.rb

@@ -35,8 +35,9 @@ describe Record do
   end
   
   it "queries A records corectly in index" do
-    wheres = A.accessible_by(user.ability).where_values
-    joins = A.accessible_by(user.ability).joins_values
+    query = A.accessible_by(user.ability)
+    wheres = query.where_values
+    joins = query.joins_values
     wheres.size.should == 2
     wheres.second.should == "(`permissions`.`user_id` = #{user.id}) OR ((`records`.`user_id` = #{user.id}) OR (`domains`.`user_id` = #{user.id}))"
     record_joins_expectations(joins)