tap/spec/models/ability_spec.rb

51 lines
1.7 KiB
Ruby
Raw Normal View History

2015-09-07 14:26:07 +02:00
require 'cancan/matchers'
2015-09-04 18:13:58 +02:00
describe User do
2015-09-07 14:26:07 +02:00
describe 'abilities' do
2015-09-04 18:13:58 +02:00
subject(:ability){ Ability.new(user) }
let(:user) { nil}
2015-09-21 08:23:43 +02:00
# Admin
2015-09-07 14:26:07 +02:00
describe 'as admin' do
2015-09-04 18:13:58 +02:00
let(:user) { create :admin }
it{ should be_able_to(:manage, Order.new) }
2015-09-21 08:23:43 +02:00
it{ should be_able_to(:manage, OrderItem.new) }
it{ should be_able_to(:manage, Product.new) }
2015-09-04 18:13:58 +02:00
it{ should be_able_to(:manage, Stock.new) }
it{ should be_able_to(:manage, User.new) }
end
2015-09-21 08:23:43 +02:00
# Normal User
2015-09-07 14:26:07 +02:00
describe 'as normal user' do
2015-09-04 18:13:58 +02:00
let(:user) { create :user }
2015-09-14 20:55:49 +02:00
it{ should be_able_to(:create, Order.new(user: user)) }
2015-09-18 21:00:58 +02:00
it{ should be_able_to(:delete, Order.new(user: user, created_at: (Rails.application.config.call_api_after - 1.minutes).ago)) }
2015-09-14 20:55:49 +02:00
it{ should_not be_able_to(:delete, Order.new(user: user, created_at: 10.minutes.ago)) }
2015-09-21 08:23:43 +02:00
it{ should_not be_able_to(:create, Order.new) }
it{ should_not be_able_to(:update, Order.new) }
2015-09-04 18:13:58 +02:00
2015-09-21 08:23:43 +02:00
it{ should be_able_to(:read, Product.new) }
it{ should_not be_able_to(:delete, Product.new) }
it{ should_not be_able_to(:update, Product.new) }
it{ should_not be_able_to(:create, Stock.new) }
2015-09-04 18:13:58 +02:00
it{ should be_able_to(:manage, user) }
2015-09-21 08:23:43 +02:00
it{ should_not be_able_to(:create, User.new) }
it{ should_not be_able_to(:update, User.new) }
2015-09-04 18:13:58 +02:00
end
2015-09-07 14:26:07 +02:00
describe 'as koelkast' do
2015-09-04 18:13:58 +02:00
let(:user) { create :koelkast }
it{ should_not be_able_to(:manage, Product.new) }
2015-09-21 08:23:43 +02:00
it{ should be_able_to(:manage, Order.new, user: create(:user)) }
it{ should_not be_able_to(:create, build(:order, user: create(:user, private: true))) }
2015-09-04 18:13:58 +02:00
it{ should_not be_able_to(:manage, Stock.new) }
it{ should_not be_able_to(:manage, User.new) }
end
end
end