|
|
@ -4,25 +4,26 @@ require 'spec_helper' |
|
|
|
|
|
|
|
|
|
|
|
describe Ability do |
|
|
|
describe Ability do |
|
|
|
include_context "data" |
|
|
|
include_context "data" |
|
|
|
|
|
|
|
let(:crud){Ability::CRUD} |
|
|
|
|
|
|
|
|
|
|
|
context "basic" do |
|
|
|
context "basic" do |
|
|
|
it "allows me to manage my domains and their records, and my hosts" do |
|
|
|
it "allows me to manage my domains and their records, and my hosts" do |
|
|
|
user.should be_able_to(:manage, domain) |
|
|
|
user.should be_able_to(crud, domain) |
|
|
|
user.should be_able_to(:manage, a_record) |
|
|
|
user.should be_able_to(crud, a_record) |
|
|
|
user.should be_able_to(:manage, soa_record) |
|
|
|
user.should be_able_to(crud, soa_record) |
|
|
|
user.should_not be_able_to(:delete, soa_record) # SOA deleted only via parent |
|
|
|
user.should_not be_able_to(:delete, soa_record) # SOA deleted only via parent |
|
|
|
user.should be_able_to(:manage, host_a_record) |
|
|
|
user.should be_able_to(crud, host_a_record) |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
it "denies other user to manage my domains and their records, and my hosts" do |
|
|
|
it "denies other user to manage my domains and their records, and my hosts" do |
|
|
|
user2.should_not be_able_to(:manage, domain) |
|
|
|
user2.should_not be_able_to(crud, domain) |
|
|
|
user2.should_not be_able_to(:manage, a_record) |
|
|
|
user2.should_not be_able_to(crud, a_record) |
|
|
|
user2.should_not be_able_to(:manage, soa_record) |
|
|
|
user2.should_not be_able_to(crud, soa_record) |
|
|
|
user2.should_not be_able_to(:manage, host_a_record) |
|
|
|
user2.should_not be_able_to(crud, host_a_record) |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
it "allows admin to manage other user's hosts" do |
|
|
|
it "allows admin to manage other user's hosts" do |
|
|
|
admin.should be_able_to(:manage, host_a_record) |
|
|
|
admin.should be_able_to(crud, host_a_record) |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
@ -32,35 +33,35 @@ describe Ability do |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
it "allows other user to manage user's domains and records, if permitted" do |
|
|
|
it "allows other user to manage user's domains and records, if permitted" do |
|
|
|
user2.should be_able_to(:manage, domain) |
|
|
|
user2.should be_able_to(crud, domain) |
|
|
|
user2.should be_able_to(:manage, a_record) |
|
|
|
user2.should be_able_to(crud, a_record) |
|
|
|
user2.should be_able_to(:manage, soa_record) |
|
|
|
user2.should be_able_to(crud, soa_record) |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
it "denies third user to manage user's permitted domains and records" do |
|
|
|
it "denies third user to manage user's permitted domains and records" do |
|
|
|
user3.should_not be_able_to(:manage, domain) |
|
|
|
user3.should_not be_able_to(crud, domain) |
|
|
|
user3.should_not be_able_to(:manage, a_record) |
|
|
|
user3.should_not be_able_to(crud, a_record) |
|
|
|
user3.should_not be_able_to(:manage, soa_record) |
|
|
|
user3.should_not be_able_to(crud, soa_record) |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
it "allows other user to manage user's permitted subdomains" do |
|
|
|
it "allows other user to manage user's permitted subdomains" do |
|
|
|
user2.should be_able_to(:manage, subdomain) |
|
|
|
user2.should be_able_to(crud, subdomain) |
|
|
|
user2.should be_able_to(:manage, subsubdomain) |
|
|
|
user2.should be_able_to(crud, subsubdomain) |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
it "denies third user to manage other user's permitted subdomains" do |
|
|
|
it "denies third user to manage other user's permitted subdomains" do |
|
|
|
user3.should_not be_able_to(:manage, subdomain) |
|
|
|
user3.should_not be_able_to(crud, subdomain) |
|
|
|
user3.should_not be_able_to(:manage, subsubdomain) |
|
|
|
user3.should_not be_able_to(crud, subsubdomain) |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
context "permission" do |
|
|
|
context "permission" do |
|
|
|
it "allows me to manage my domain's permissions" do |
|
|
|
it "allows me to manage my domain's permissions" do |
|
|
|
user.should be_able_to(:manage, permission) |
|
|
|
user.should be_able_to(crud, permission) |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
it "denies other user to manage my domain's permissions" do |
|
|
|
it "denies other user to manage my domain's permissions" do |
|
|
|
user2.should_not be_able_to(:manage, permission) |
|
|
|
user2.should_not be_able_to(crud, permission) |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|