OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
openproject/spec/policies/work_package_policy_spec.rb

121 lines
4.3 KiB

#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) 2012-2021 the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See docs/COPYRIGHT.rdoc for more details.
#++
require 'spec_helper'
describe WorkPackagePolicy, type: :controller do
let(:user) { FactoryBot.build_stubbed(:user) }
let(:project) { FactoryBot.build_stubbed(:project) }
let(:work_package) { FactoryBot.build_stubbed(:work_package, project: project) }
describe '#allowed?' do
let(:subject) { described_class.new(user) }
before do
allow(user).to receive(:allowed_to?).and_return false
end
context 'for edit' do
subject { described_class.new(user).allowed?(work_package, :edit) }
it 'is false if the user has no permission in the project' do
expect(subject).to be_falsey
end
it 'is true if the user has the edit_work_package permission in the project' do
allow(user).to receive(:allowed_to?).with(:edit_work_packages, project)
.and_return true
expect(subject).to be_truthy
end
# used to be truthy
it 'is false if the user has only the add_work_package_notes permission in the project' do
allow(user).to receive(:allowed_to?).with(:add_work_package_notes, project)
.and_return true
expect(subject).to be_falsey
end
it 'is false if the user has the edit_work_package permission in the project' do
allow(user).to receive(:allowed_to?).with(:edit_work_packages, project)
.and_return true
expect(subject).to be_truthy
end
it 'is false if the user has the permissions but the work package is unpersisted' do
allow(user).to receive(:allowed_to?).with(:edit_work_packages, project)
.and_return true
allow(user).to receive(:allowed_to?).with(:add_work_package_notes, project)
.and_return true
allow(work_package).to receive(:persisted?).and_return false
expect(subject).to be_falsey
end
end
context 'for manage_subtasks' do
it 'is true if the user has the manage_subtasks permission in the project' do
allow(user)
.to receive(:allowed_to?).with(:manage_subtasks, project, global: false)
.and_return true
expect(subject.allowed?(work_package, :manage_subtasks)).to be_truthy
end
end
context 'for comment' do
subject { described_class.new(user).allowed?(work_package, :comment) }
it 'is false if the user lacks permission' do
expect(subject).to be_falsey
end
it 'is true if the user has the add_work_package_notes permission' do
allow(user).to receive(:allowed_to?).with(:add_work_package_notes, project)
.and_return true
expect(subject).to be_truthy
end
it 'is true if the user has the edit_work_package permission' do
allow(user).to receive(:allowed_to?).with(:edit_work_packages, project)
.and_return true
expect(subject).to be_truthy
end
it 'is false if the user has the edit_work_package permission
but the work_package is unpersisted' do
allow(user).to receive(:allowed_to?).with(:edit_work_packages, project)
.and_return true
allow(work_package).to receive(:persisted?).and_return false
expect(subject).to be_falsey
end
end
end
end