Spec: Admins/users can destroy only their authored documentables/imageables (#2375)

2018-01-25 16:31:30 -04:00
parent 6d3359dbbc
commit 88a5e8b1d2
4 changed files with 56 additions and 7 deletions
--- a/spec/shared/features/documentable.rb
+++ b/spec/shared/features/documentable.rb
@@ -60,13 +60,31 @@ shared_examples "documentable" do |documentable_factory_name, documentable_path,
        end
      end

+      scenario "Administrators cannot destroy documentables they have not authored" do
+        login_as(administrator)
+        visit send(documentable_path, arguments)
+
+        within "#tab-documents" do
+          expect(page).not_to have_link("Destroy")
+        end
+      end
+
+      scenario "Users cannot destroy documentables they have not authored" do
+        login_as(create(:user))
+        visit send(documentable_path, arguments)
+
+        within "#tab-documents" do
+          expect(page).not_to have_link("Destroy")
+        end
+      end
+
    end

  end

  context "Destroy" do

-    scenario "Should show success notice after successfull document upload" do
+    scenario "Should show success notice after successful document upload" do
      login_as documentable.author

      visit send(documentable_path, arguments)