You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

81 lines
2.4 KiB

require 'spec_helper'
# needs "rake db:test:clone" for the "hosts" part
describe UserAbility do
include_context "data"
let(:crud){UserAbility::CRUD}
context "basic" do
it "allows me to manage my domains and their records, and my hosts" do
user.should be_able_to(crud, domain)
user.should be_able_to(crud, a_record)
user.should be_able_to(crud, soa_record)
user.should_not be_able_to(:delete, soa_record) # SOA deleted only via parent
user.should be_able_to(crud, host_a_record)
end
it "denies other user to manage my domains and their records, and my hosts" do
user2.should_not be_able_to(crud, domain)
user2.should_not be_able_to(crud, a_record)
user2.should_not be_able_to(crud, soa_record)
user2.should_not be_able_to(crud, host_a_record)
end
it "allows admin to manage other user's hosts" do
admin.should be_able_to(crud, host_a_record)
end
end
context "permitted" do
before do
User.do_as(user) do
domain
subdomain
subsubdomain
permission # ensure permission to domain
end
end
it "allows other user to manage user's domains and records, if permitted" do
User.do_as(user2) do
user2.should be_able_to(crud, domain)
user2.should be_able_to(crud, a_record)
user2.should be_able_to(crud, soa_record)
end
end
it "denies third user to manage user's permitted domains and records" do
User.do_as(user3) do
user3.should_not be_able_to(crud, domain)
user3.should_not be_able_to(crud, a_record)
user3.should_not be_able_to(crud, soa_record)
end
end
it "allows other user to manage user's permitted subdomains" do
User.do_as(user2) do
user2.should be_able_to(crud, subdomain)
user2.should be_able_to(crud, subsubdomain)
end
end
it "denies third user to manage other user's permitted subdomains" do
User.do_as(user3) do
user3.should_not be_able_to(crud, subdomain)
user3.should_not be_able_to(crud, subsubdomain)
end
end
end
context "permission" do
it "allows me to manage my domain's permissions" do
user.should be_able_to(crud, permission)
end
it "denies other user to manage my domain's permissions" do
user2.should_not be_able_to(crud, permission)
end
end
end