consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
7070b0915b20c43bb7b5ba3ff910a0147f30d47d
nairobi/spec/models/abilities/administrator_spec.rb
taitus fd5fa2da79 Refactoring: Move 'vote' action to Votes Controllers 
As far as possible I think the code is clearer if we use CRUD actions
rather than custom actions. This will make it easier to add the action
to remove votes in the next commit.

Note that we are adding this line as we need to validate it that a vote
can be created on a debate by the current user:

```authorize! :create, Vote.new(voter: current_user, votable: @debate)```

We have done it this way and not with the following code as you might
expect, as this way two votes are created instead of one.

```load_and_authorize_resource through: :debate, through_association: :votes_for```

This line tries to load the resource @debate and through the association
"votes_for" it tries to create a new vote associated to that debate.
Therefore a vote is created when trying to authorise the resource and
then another one in the create action, when calling @debate.vote_by (which
is called by @debate.register_vote).
2023-10-09 07:21:49 +02:00

207 lines
9.3 KiB
Ruby
Raw Blame History

require "rails_helper"
require "cancan/matchers"
describe Abilities::Administrator do
subject(:ability) { Ability.new(user) }
let(:user) { administrator.user }
let(:administrator) { create(:administrator) }
let(:other_user) { create(:user) }
let(:hidden_user) { create(:user, :hidden) }
let(:debate) { create(:debate) }
let(:comment) { create(:comment) }
let(:proposal) { create(:proposal, author: user) }
let(:budget_investment) { create(:budget_investment) }
let(:finished_investment) { create(:budget_investment, budget: create(:budget, :finished)) }
let(:legislation_question) { create(:legislation_question) }
let(:current_poll) { create(:poll) }
let(:future_poll) { create(:poll, :future) }
let(:current_poll_question) { create(:poll_question) }
let(:future_poll_question) { create(:poll_question, poll: future_poll) }
let(:current_poll_question_answer) { create(:poll_question_answer) }
let(:future_poll_question_answer) { create(:poll_question_answer, poll: future_poll) }
let(:current_poll_answer_video) { create(:poll_answer_video, answer: current_poll_question_answer) }
let(:future_poll_answer_video) { create(:poll_answer_video, answer: future_poll_question_answer) }
let(:current_poll_answer_image) { build(:image, imageable: current_poll_question_answer) }
let(:future_poll_answer_image) { build(:image, imageable: future_poll_question_answer) }
let(:current_poll_answer_document) { build(:document, documentable: current_poll_question_answer) }
let(:future_poll_answer_document) { build(:document, documentable: future_poll_question_answer) }
let(:past_process) { create(:legislation_process, :past) }
let(:past_draft_process) { create(:legislation_process, :past, :not_published) }
let(:open_process) { create(:legislation_process, :open) }
let(:proposal_document) { build(:document, documentable: proposal, user: proposal.author) }
let(:budget_investment_document) { build(:document, documentable: budget_investment) }
let(:poll_question_document) { build(:document, documentable: current_poll_question) }
let(:proposal_image) { build(:image, imageable: proposal, user: proposal.author) }
let(:budget_investment_image) { build(:image, imageable: budget_investment) }
let(:hidden_debate) { create(:debate, :hidden) }
let(:hidden_comment) { create(:comment, :hidden) }
let(:hidden_proposal) { create(:proposal, :hidden) }
let(:dashboard_administrator_task) { create(:dashboard_administrator_task) }
it { should be_able_to(:index, Debate) }
it { should be_able_to(:show, debate) }
it { should be_able_to(:index, Proposal) }
it { should be_able_to(:show, proposal) }
it { should_not be_able_to(:restore, comment) }
it { should_not be_able_to(:restore, debate) }
it { should_not be_able_to(:restore, proposal) }
it { should_not be_able_to(:restore, other_user) }
it { should be_able_to(:restore, hidden_comment) }
it { should be_able_to(:restore, hidden_debate) }
it { should be_able_to(:restore, hidden_proposal) }
it { should be_able_to(:restore, hidden_user) }
it { should_not be_able_to(:confirm_hide, comment) }
it { should_not be_able_to(:confirm_hide, debate) }
it { should_not be_able_to(:confirm_hide, proposal) }
it { should_not be_able_to(:confirm_hide, other_user) }
it { should be_able_to(:confirm_hide, hidden_comment) }
it { should be_able_to(:confirm_hide, hidden_debate) }
it { should be_able_to(:confirm_hide, hidden_proposal) }
it { should be_able_to(:confirm_hide, hidden_user) }
it { should be_able_to(:comment_as_administrator, debate) }
it { should_not be_able_to(:comment_as_moderator, debate) }
it { should be_able_to(:comment_as_administrator, proposal) }
it { should_not be_able_to(:comment_as_moderator, proposal) }
it { should be_able_to(:comment_as_administrator, legislation_question) }
it { should_not be_able_to(:comment_as_moderator, legislation_question) }
it { should be_able_to(:comment_as_administrator, current_poll) }
it { should_not be_able_to(:comment_as_moderator, current_poll) }
it { should be_able_to(:summary, past_process) }
it { should_not be_able_to(:summary, past_draft_process) }
it { should_not be_able_to(:summary, open_process) }
it { should be_able_to(:create, Budget) }
it { should be_able_to(:update, Budget) }
it { should be_able_to(:read_results, create(:budget, :reviewing_ballots, :with_winner)) }
it { should be_able_to(:read_results, create(:budget, :finished, :with_winner)) }
it { should be_able_to(:read_results, create(:budget, :finished, results_enabled: true)) }
it do
should_not be_able_to(:read_results, create(:budget, :balloting, :with_winner, results_enabled: true))
end
it { should_not be_able_to(:read_results, create(:budget, :reviewing_ballots, results_enabled: true)) }
it { should_not be_able_to(:read_results, create(:budget, :finished, results_enabled: false)) }
it { should be_able_to(:calculate_winners, create(:budget, :reviewing_ballots)) }
it { should_not be_able_to(:calculate_winners, create(:budget, :balloting)) }
it { should_not be_able_to(:calculate_winners, create(:budget, :finished)) }
it { should be_able_to(:create, Budget::ValuatorAssignment) }
it { should be_able_to(:admin_update, Budget::Investment) }
it { should be_able_to(:hide, Budget::Investment) }
it { should be_able_to(:valuate, create(:budget_investment, budget: create(:budget, :valuating))) }
it { should_not be_able_to(:admin_update, finished_investment) }
it { should_not be_able_to(:valuate, finished_investment) }
it { should_not be_able_to(:comment_valuation, finished_investment) }
it { should_not be_able_to(:toggle_selection, finished_investment) }
it { should be_able_to(:destroy, proposal_image) }
it { should be_able_to(:destroy, proposal_document) }
it { should_not be_able_to(:destroy, budget_investment_image) }
it { should_not be_able_to(:destroy, budget_investment_document) }
it { should be_able_to(:manage, Dashboard::Action) }
it { should be_able_to(:read, Poll::Question) }
it { should be_able_to(:create, future_poll_question) }
it { should be_able_to(:update, future_poll_question) }
it { should be_able_to(:destroy, future_poll_question) }
it { should_not be_able_to(:create, current_poll_question) }
it { should_not be_able_to(:update, current_poll_question) }
it { should_not be_able_to(:destroy, current_poll_question) }
it { should be_able_to(:read, Poll::Question::Answer) }
it { should be_able_to(:order_answers, Poll::Question::Answer) }
it { should be_able_to(:create, future_poll_question_answer) }
it { should be_able_to(:update, future_poll_question_answer) }
it { should be_able_to(:destroy, future_poll_question_answer) }
it { should_not be_able_to(:create, current_poll_question_answer) }
it { should_not be_able_to(:update, current_poll_question_answer) }
it { should_not be_able_to(:destroy, current_poll_question_answer) }
it { should be_able_to(:create, future_poll_answer_video) }
it { should be_able_to(:update, future_poll_answer_video) }
it { should be_able_to(:destroy, future_poll_answer_video) }
it { should_not be_able_to(:create, current_poll_answer_video) }
it { should_not be_able_to(:update, current_poll_answer_video) }
it { should_not be_able_to(:destroy, current_poll_answer_video) }
it { should be_able_to(:destroy, future_poll_answer_image) }
it { should_not be_able_to(:destroy, current_poll_answer_image) }
it { should be_able_to(:destroy, future_poll_answer_document) }
it { should_not be_able_to(:destroy, current_poll_answer_document) }
it { is_expected.to be_able_to :manage, Dashboard::AdministratorTask }
it { is_expected.to be_able_to :manage, dashboard_administrator_task }
it { should be_able_to(:manage, LocalCensusRecord) }
it { should be_able_to(:create, LocalCensusRecords::Import) }
it { should be_able_to(:show, LocalCensusRecords::Import) }
it { should be_able_to(:read, SDG::Target) }
it { should be_able_to(:read, SDG::Manager) }
it { should be_able_to(:create, SDG::Manager) }
it { should be_able_to(:destroy, SDG::Manager) }
it { should be_able_to(:manage, Widget::Card) }
describe "tenants" do
context "with multitenancy disabled" do
before { allow(Rails.application.config).to receive(:multitenancy).and_return(false) }
it { should_not be_able_to :create, Tenant }
it { should_not be_able_to :read, Tenant }
it { should_not be_able_to :update, Tenant }
it { should_not be_able_to :destroy, Tenant }
end
context "with multitenancy enabled" do
before { allow(Rails.application.config).to receive(:multitenancy).and_return(true) }
it { should be_able_to :create, Tenant }
it { should be_able_to :read, Tenant }
it { should be_able_to :update, Tenant }
it { should be_able_to :hide, Tenant }
it { should be_able_to :restore, Tenant }
it { should_not be_able_to :destroy, Tenant }
context "administrators from other tenants" do
before do
insert(:tenant, schema: "subsidiary")
allow(Tenant).to receive(:current_schema).and_return("subsidiary")
end
it { should_not be_able_to :create, Tenant }
it { should_not be_able_to :read, Tenant }
it { should_not be_able_to :update, Tenant }
it { should_not be_able_to :destroy, Tenant }
it { should_not be_able_to :hide, Tenant }
it { should_not be_able_to :restore, Tenant }
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink