summaryrefslogtreecommitdiff
path: root/spec/policies/user_policy_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/policies/user_policy_spec.rb')
-rw-r--r--spec/policies/user_policy_spec.rb58
1 files changed, 58 insertions, 0 deletions
diff --git a/spec/policies/user_policy_spec.rb b/spec/policies/user_policy_spec.rb
index 38641558b6b..17ac7d0e44d 100644
--- a/spec/policies/user_policy_spec.rb
+++ b/spec/policies/user_policy_spec.rb
@@ -40,6 +40,46 @@ RSpec.describe UserPolicy do
end
end
+ describe "creating a different user's Personal Access Tokens" do
+ context 'when current_user is admin' do
+ let(:current_user) { create(:user, :admin) }
+
+ context 'when admin mode is enabled and current_user is not blocked', :enable_admin_mode do
+ it { is_expected.to be_allowed(:create_user_personal_access_token) }
+ end
+
+ context 'when admin mode is enabled and current_user is blocked', :enable_admin_mode do
+ let(:current_user) { create(:admin, :blocked) }
+
+ it { is_expected.not_to be_allowed(:create_user_personal_access_token) }
+ end
+
+ context 'when admin mode is disabled' do
+ it { is_expected.not_to be_allowed(:create_user_personal_access_token) }
+ end
+ end
+
+ context 'when current_user is not an admin' do
+ context 'creating their own personal access tokens' do
+ subject { described_class.new(current_user, current_user) }
+
+ context 'when current_user is not blocked' do
+ it { is_expected.to be_allowed(:create_user_personal_access_token) }
+ end
+
+ context 'when current_user is blocked' do
+ let(:current_user) { create(:user, :blocked) }
+
+ it { is_expected.not_to be_allowed(:create_user_personal_access_token) }
+ end
+ end
+
+ context "creating a different user's personal access tokens" do
+ it { is_expected.not_to be_allowed(:create_user_personal_access_token) }
+ end
+ end
+ end
+
shared_examples 'changing a user' do |ability|
context "when a regular user tries to destroy another regular user" do
it { is_expected.not_to be_allowed(ability) }
@@ -102,4 +142,22 @@ RSpec.describe UserPolicy do
end
end
end
+
+ describe "reading a user's group count" do
+ context "when current_user is an admin", :enable_admin_mode do
+ let(:current_user) { create(:user, :admin) }
+
+ it { is_expected.to be_allowed(:read_group_count) }
+ end
+
+ context "for self users" do
+ let(:user) { current_user }
+
+ it { is_expected.to be_allowed(:read_group_count) }
+ end
+
+ context "when accessing a different user's group count" do
+ it { is_expected.not_to be_allowed(:read_group_count) }
+ end
+ end
end
View Lorry Controller Status