require 'cancan/matchers'

describe User do
  describe 'abilities' do
    subject(:ability){ Ability.new(user) }
    let(:user) { nil}

    # Admin
    describe 'as admin' do
      let(:user) { create :admin }

      it{ should be_able_to(:manage, Order.new) }
      it{ should be_able_to(:manage, OrderItem.new) }
      it{ should be_able_to(:manage, Product.new) }
      it{ should be_able_to(:manage, Stock.new) }
      it{ should be_able_to(:manage, User.new) }
    end

    # Normal User
    describe 'as normal user' do
      let(:user) { create :user }

      it{ should be_able_to(:create, Order.new(user: user)) }
      it{ should be_able_to(:destroy, Order.new(user: user, created_at: (Rails.application.config.call_api_after - 1.minutes).ago)) }
      it{ should_not be_able_to(:destroy, Order.new(user: user, created_at: 10.minutes.ago)) }
      it{ should_not be_able_to(:create, Order.new) }
      it{ should_not be_able_to(:update, Order.new) }

      it{ should be_able_to(:read, Product.new) }
      it{ should_not be_able_to(:destroy, Product.new) }
      it{ should_not be_able_to(:update, Product.new) }

      it{ should_not be_able_to(:create, Stock.new) }

      it{ should be_able_to(:manage, user) }
      it{ should_not be_able_to(:create, User.new) }
      it{ should_not be_able_to(:update, User.new) }
    end

    describe 'as koelkast' do
      let(:user) { create :koelkast }

      it{ should_not be_able_to(:manage, Product.new) }
      it{ should be_able_to(:manage, Order.new, user: create(:user)) }
      it{ should_not be_able_to(:create, build(:order, user: create(:user, private: true))) }
      it{ should_not be_able_to(:manage, Stock.new) }
      it{ should_not be_able_to(:manage, User.new) }
    end
  end
end