diff options
Diffstat (limited to 'spec/policies/todo_policy_spec.rb')
-rw-r--r-- | spec/policies/todo_policy_spec.rb | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/spec/policies/todo_policy_spec.rb b/spec/policies/todo_policy_spec.rb new file mode 100644 index 00000000000..be6fecd1045 --- /dev/null +++ b/spec/policies/todo_policy_spec.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe TodoPolicy do + let_it_be(:author) { create(:user) } + + let_it_be(:user1) { create(:user) } + let_it_be(:user2) { create(:user) } + let_it_be(:user3) { create(:user) } + + let_it_be(:todo1) { create(:todo, author: author, user: user1) } + let_it_be(:todo2) { create(:todo, author: author, user: user2) } + let_it_be(:todo3) { create(:todo, author: author, user: user2) } + let_it_be(:todo4) { create(:todo, author: author, user: user3) } + + def permissions(user, todo) + described_class.new(user, todo) + end + + describe 'own_todo' do + it 'allows owners to access their own todos' do + [ + [user1, todo1], + [user2, todo2], + [user2, todo3], + [user3, todo4] + ].each do |user, todo| + expect(permissions(user, todo)).to be_allowed(:read_todo) + end + end + + it 'does not allow users to access todos of other users' do + [ + [user1, todo2], + [user1, todo3], + [user2, todo1], + [user2, todo4], + [user3, todo1], + [user3, todo2], + [user3, todo3] + ].each do |user, todo| + expect(permissions(user, todo)).to be_disallowed(:read_todo) + end + end + end +end |