Use CanCanCan for notes authorization

[rails.git] / test / abilities / capability_test.rb

diff --git a/test/abilities/capability_test.rb b/test/abilities/capability_test.rb
index 8e77537a45c2f4eca02d22895d7cfa6b906f6cbc..ed42ef01a029937339a0042b24c8d69c2f03bee8 100644 (file)
--- a/test/abilities/capability_test.rb
+++ b/test/abilities/capability_test.rb
@@ -54,6 +54,48 @@ class ChangesetCommentCapabilityTest < CapabilityTest
   end
 end
 
   end
 end
 

+class NoteCapabilityTest < CapabilityTest
+  test "as a normal user with permissionless token" do
+    token = create(:access_token)
+    capability = Capability.new token
+
+    [:create, :comment, :close, :reopen, :destroy].each do |action|
+      assert capability.cannot? action, Note
+    end
+  end
+
+  test "as a normal user with allow_write_notes token" do
+    token = create(:access_token, :allow_write_notes => true)
+    capability = Capability.new token
+
+    [:destroy].each do |action|
+      assert capability.cannot? action, Note
+    end
+
+    [:create, :comment, :close, :reopen].each do |action|
+      assert capability.can? action, Note
+    end
+  end
+
+  test "as a moderator with permissionless token" do
+    token = create(:access_token, :user => create(:moderator_user))
+    capability = Capability.new token
+
+    [:destroy].each do |action|
+      assert capability.cannot? action, Note
+    end
+  end
+
+  test "as a moderator with allow_write_notes token" do
+    token = create(:access_token, :user => create(:moderator_user), :allow_write_notes => true)
+    capability = Capability.new token
+
+    [:destroy].each do |action|
+      assert capability.can? action, Note
+    end
+  end
+end
+

 class UserCapabilityTest < CapabilityTest
   test "user preferences" do
     # a user with no tokens
 class UserCapabilityTest < CapabilityTest
   test "user preferences" do
     # a user with no tokens