1 # frozen_string_literal: true
5 class AbilityTest < ActiveSupport::TestCase
8 AccessToken.new do |token|
10 token.public_send("#{t}=", true)
17 class GuestAbilityTest < AbilityTest
19 test "diary permissions for a guest" do
20 ability = Ability.new nil, tokens
21 [:list, :rss, :view, :comments].each do |action|
22 assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
25 [:create, :edit, :comment, :subscribe, :unsubscribe, :hide, :hidecomment].each do |action|
26 assert ability.cannot?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
27 assert ability.cannot?(action, DiaryComment), "should be able to #{action} DiaryEntries"
33 class UserAbilityTest < AbilityTest
35 test "Diary permissions" do
36 ability = Ability.new create(:user), tokens
38 [:list, :rss, :view, :comments, :create, :edit, :comment, :subscribe, :unsubscribe].each do |action|
39 assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
42 [:hide, :hidecomment].each do |action|
43 assert ability.cannot?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
44 assert ability.cannot?(action, DiaryComment), "should be able to #{action} DiaryEntries"
48 test "user preferences" do
51 # a user with no tokens
52 ability = Ability.new create(:user), nil
53 [:read, :read_one, :update, :update_one, :delete_one].each do |act|
54 assert ability.can? act, UserPreference
57 # A user with empty tokens
58 ability = Ability.new create(:user), tokens
60 [:read, :read_one, :update, :update_one, :delete_one].each do |act|
61 assert ability.cannot? act, UserPreference
64 ability = Ability.new user, tokens(:allow_read_prefs)
66 [:update, :update_one, :delete_one].each do |act|
67 assert ability.cannot? act, UserPreference
70 [:read, :read_one].each do |act|
71 assert ability.can? act, UserPreference
74 ability = Ability.new user, tokens(:allow_write_prefs)
75 [:read, :read_one].each do |act|
76 assert ability.cannot? act, UserPreference
79 [:update, :update_one, :delete_one].each do |act|
80 assert ability.can? act, UserPreference
85 class AdministratorAbilityTest < AbilityTest
87 test "Diary for an administrator" do
88 ability = Ability.new create(:administrator_user), tokens
89 [:list, :rss, :view, :comments, :create, :edit, :comment, :subscribe, :unsubscribe, :hide, :hidecomment].each do |action|
90 assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
93 [:hide, :hidecomment].each do |action|
94 assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComment"
98 test "administrator does not auto-grant user preferences" do
99 ability = Ability.new create(:administrator_user), tokens
101 [:read, :read_one, :update, :update_one, :delete_one].each do |act|
102 assert ability.cannot? act, UserPreference