aiden
/
mastodon
mirror of https://github.com/mastodon/mastodon
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Convert `admin/roles` controller spec to request/sytem specs (#33947)

Browse Source
pull/33955/head
Matt Jankowski 1 week ago committed by GitHub
parent 93bc48d649
commit 2a15bf4ede
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 211 additions and 240 deletions
Show Stats Download Patch File Download Diff File

235
spec/controllers/admin/roles_controller_spec.rb
Unescape Escape View File

@ -1,235 +0,0 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe Admin::RolesController do
render_views
let(:permissions) { UserRole::Flags::NONE }
let(:current_role) { UserRole.create(name: 'Foo', permissions: permissions, position: 10) }
let(:current_user) { Fabricate(:user, role: current_role) }
before do
sign_in current_user, scope: :user
end
describe 'GET #index' do
before do
get :index
end
context 'when user does not have permission to manage roles' do
it 'returns http forbidden' do
expect(response).to have_http_status(403)
end
end
context 'when user has permission to manage roles' do
let(:permissions) { UserRole::FLAGS[:manage_roles] }
it 'returns http success' do
expect(response).to have_http_status(:success)
end
end
end
describe 'GET #new' do
before do
get :new
end
context 'when user does not have permission to manage roles' do
it 'returns http forbidden' do
expect(response).to have_http_status(403)
end
end
context 'when user has permission to manage roles' do
let(:permissions) { UserRole::FLAGS[:manage_roles] }
it 'returns http success' do
expect(response).to have_http_status(:success)
end
end
end
describe 'POST #create' do
let(:selected_position) { 1 }
let(:selected_permissions_as_keys) { %w(manage_roles) }
before do
post :create, params: { user_role: { name: 'Bar', position: selected_position, permissions_as_keys: selected_permissions_as_keys } }
end
context 'when user has permission to manage roles' do
let(:permissions) { UserRole::FLAGS[:manage_roles] }
context 'when new role\'s does not elevate above the user\'s role' do
let(:selected_position) { 1 }
let(:selected_permissions_as_keys) { %w(manage_roles) }
it 'redirects to roles page and creates role' do
expect(response).to redirect_to(admin_roles_path)
expect(UserRole.find_by(name: 'Bar')).to_not be_nil
end
end
context 'when new role\'s position is higher than user\'s role' do
let(:selected_position) { 100 }
let(:selected_permissions_as_keys) { %w(manage_roles) }
it 'renders new template and does not create role' do
expect(response).to render_template(:new)
expect(UserRole.find_by(name: 'Bar')).to be_nil
end
end
context 'when new role has permissions the user does not have' do
let(:selected_position) { 1 }
let(:selected_permissions_as_keys) { %w(manage_roles manage_users manage_reports) }
it 'renders new template and does not create role' do
expect(response).to render_template(:new)
expect(UserRole.find_by(name: 'Bar')).to be_nil
end
end
context 'when user has administrator permission' do
let(:permissions) { UserRole::FLAGS[:administrator] }
let(:selected_position) { 1 }
let(:selected_permissions_as_keys) { %w(manage_roles manage_users manage_reports) }
it 'redirects to roles page and creates new role' do
expect(response).to redirect_to(admin_roles_path)
expect(UserRole.find_by(name: 'Bar')).to_not be_nil
end
end
end
end
describe 'GET #edit' do
let(:role_position) { 8 }
let(:role) { UserRole.create(name: 'Bar', permissions: UserRole::FLAGS[:manage_users], position: role_position) }
before do
get :edit, params: { id: role.id }
end
context 'when user does not have permission to manage roles' do
it 'returns http forbidden' do
expect(response).to have_http_status(403)
end
end
context 'when user has permission to manage roles' do
let(:permissions) { UserRole::FLAGS[:manage_roles] }
context 'when user outranks the role' do
it 'returns http success' do
expect(response).to have_http_status(:success)
end
end
context 'when role outranks user' do
let(:role_position) { current_role.position + 1 }
it 'returns http forbidden' do
expect(response).to have_http_status(403)
end
end
end
end
describe 'PUT #update' do
let(:role_position) { 8 }
let(:role_permissions) { UserRole::FLAGS[:manage_users] }
let(:role) { UserRole.create(name: 'Bar', permissions: role_permissions, position: role_position) }
let(:selected_position) { 8 }
let(:selected_permissions_as_keys) { %w(manage_users) }
before do
put :update, params: { id: role.id, user_role: { name: 'Baz', position: selected_position, permissions_as_keys: selected_permissions_as_keys } }
end
context 'when user does not have permission to manage roles' do
it 'returns http forbidden and does not update role' do
expect(response).to have_http_status(403)
expect(role.reload.name).to eq 'Bar'
end
end
context 'when user has permission to manage roles' do
let(:permissions) { UserRole::FLAGS[:manage_roles] }
context 'when role has permissions the user doesn\'t' do
it 'renders edit template and does not update role' do
expect(response).to render_template(:edit)
expect(role.reload.name).to eq 'Bar'
end
end
context 'when user has all permissions of the role' do
let(:permissions) { UserRole::FLAGS[:manage_roles] | UserRole::FLAGS[:manage_users] }
context 'when user outranks the role' do
it 'redirects to roles page and updates role' do
expect(response).to redirect_to(admin_roles_path)
expect(role.reload.name).to eq 'Baz'
end
end
context 'when role outranks user' do
let(:role_position) { current_role.position + 1 }
it 'returns http forbidden and does not update role' do
expect(response).to have_http_status(403)
expect(role.reload.name).to eq 'Bar'
end
end
end
end
end
describe 'DELETE #destroy' do
let(:role_position) { 8 }
let(:role) { UserRole.create(name: 'Bar', permissions: UserRole::FLAGS[:manage_users], position: role_position) }
before do
delete :destroy, params: { id: role.id }
end
context 'when user does not have permission to manage roles' do
it 'returns http forbidden' do
expect(response).to have_http_status(403)
end
end
context 'when user has permission to manage roles' do
let(:permissions) { UserRole::FLAGS[:manage_roles] }
context 'when user outranks the role' do
it 'redirects to roles page' do
expect(response).to redirect_to(admin_roles_path)
end
end
context 'when role outranks user' do
let(:role_position) { current_role.position + 1 }
it 'returns http forbidden' do
expect(response).to have_http_status(403)
end
end
end
end
end

138
spec/requests/admin/roles_spec.rb
Unescape Escape View File

@ -3,14 +3,142 @@
require 'rails_helper'
RSpec.describe 'Admin Roles' do
describe 'POST /admin/roles' do
context 'when signed in as lower permissions user' do
let(:user_role) { Fabricate(:user_role, permissions: UserRole::Flags::NONE) }
before { sign_in Fabricate(:user, role: user_role) }
describe 'GET /admin/roles' do
it 'returns http forbidden' do
get admin_roles_path
expect(response)
.to have_http_status(403)
end
end
describe 'GET /admin/roles/new' do
it 'returns http forbidden' do
get new_admin_role_path
expect(response)
.to have_http_status(403)
end
end
describe 'GET /admin/roles/:id/edit' do
let(:role) { Fabricate(:user_role) }
it 'returns http forbidden' do
get edit_admin_role_path(role)
expect(response)
.to have_http_status(403)
end
end
describe 'PUT /admin/roles/:id' do
let(:role) { Fabricate(:user_role) }
it 'returns http forbidden' do
put admin_role_path(role)
expect(response)
.to have_http_status(403)
end
end
describe 'DELETE /admin/roles/:id' do
let(:role) { Fabricate(:user_role) }
it 'returns http forbidden' do
delete admin_role_path(role)
expect(response)
.to have_http_status(403)
end
end
end
context 'when user has permissions to manage roles' do
let(:user_role) { Fabricate(:user_role, permissions: UserRole::FLAGS[:manage_users]) }
before { sign_in Fabricate(:user, role: user_role) }
context 'when target role permission outranks user' do
let(:role) { Fabricate(:user_role, position: user_role.position + 1) }
describe 'GET /admin/roles/:id/edit' do
it 'returns http forbidden' do
get edit_admin_role_path(role)
expect(response)
.to have_http_status(403)
end
end
describe 'PUT /admin/roles/:id' do
it 'returns http forbidden' do
put admin_role_path(role)
expect(response)
.to have_http_status(403)
end
end
describe 'DELETE /admin/roles/:id' do
it 'returns http forbidden' do
delete admin_role_path(role)
expect(response)
.to have_http_status(403)
end
end
end
end
context 'when attempting to add permissions the user does not have' do
let(:user_role) { Fabricate(:user_role, permissions: UserRole::FLAGS[:manage_roles], position: 5) }
before { sign_in Fabricate(:user, role: user_role) }
describe 'POST /admin/roles' do
subject { post admin_roles_path, params: { user_role: { name: 'Bar', position: 2, permissions_as_keys: %w(manage_roles manage_users manage_reports) } } }
it 'does not create role' do
expect { subject }
.to_not change(UserRole, :count)
expect(response.body)
.to include(I18n.t('admin.roles.add_new'))
end
end
describe 'PUT /admin/roles/:id' do
subject { put admin_role_path(role), params: { user_role: { position: 2, permissions_as_keys: %w(manage_roles manage_users manage_reports) } } }
let(:role) { Fabricate(:user_role, name: 'Bar') }
it 'does not create role' do
expect { subject }
.to_not(change { role.reload.permissions })
expect(response.parsed_body.title)
.to match(I18n.t('admin.roles.edit', name: 'Bar'))
end
end
end
context 'when signed in as admin' do
before { sign_in Fabricate(:admin_user) }
it 'gracefully handles invalid nested params' do
post admin_roles_path(user_role: 'invalid')
describe 'POST /admin/roles' do
it 'gracefully handles invalid nested params' do
post admin_roles_path(user_role: 'invalid')
expect(response)
.to have_http_status(400)
expect(response)
.to have_http_status(400)
end
end
end
end

78
spec/system/admin/roles_spec.rb
Unescape Escape View File

@ -0,0 +1,78 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'Admin::Roles' do
context 'when user has administrator permissions' do
let(:user_role) { Fabricate(:user_role, permissions: UserRole::FLAGS[:administrator], position: 10) }
before { sign_in Fabricate(:user, role: user_role) }
it 'creates new user role' do
visit new_admin_role_path
fill_in 'user_role_name', with: 'Baz'
fill_in 'user_role_position', with: '1'
check 'user_role_permissions_as_keys_manage_reports'
check 'user_role_permissions_as_keys_manage_roles'
expect { click_on I18n.t('admin.roles.add_new') }
.to change(UserRole, :count)
expect(page)
.to have_title(I18n.t('admin.roles.title'))
end
end
context 'when user has permissions to manage roles' do
let(:user_role) { Fabricate(:user_role, permissions: UserRole::FLAGS[:manage_roles], position: 10) }
before { sign_in Fabricate(:user, role: user_role) }
it 'Creates user roles' do
visit admin_roles_path
expect(page)
.to have_title(I18n.t('admin.roles.title'))
click_on I18n.t('admin.roles.add_new')
expect(page)
.to have_title(I18n.t('admin.roles.add_new'))
# Position too high
fill_in 'user_role_name', with: 'Baz'
fill_in 'user_role_position', with: '100'
expect { click_on I18n.t('admin.roles.add_new') }
.to_not change(UserRole, :count)
expect(page)
.to have_content(I18n.t('activerecord.errors.models.user_role.attributes.position.elevated'))
# Valid submission
fill_in 'user_role_name', with: 'Baz'
fill_in 'user_role_position', with: '5' # Lower than user
check 'user_role_permissions_as_keys_manage_roles' # User has permission
expect { click_on I18n.t('admin.roles.add_new') }
.to change(UserRole, :count)
expect(page)
.to have_title(I18n.t('admin.roles.title'))
end
it 'Manages existing user roles' do
role = Fabricate :user_role, name: 'Baz'
visit edit_admin_role_path(role)
expect(page)
.to have_title(I18n.t('admin.roles.edit', name: 'Baz'))
# Update role attribute
fill_in 'user_role_position', with: '5' # Lower than user
expect { click_on submit_button }
.to(change { role.reload.position })
# Destroy the role
visit edit_admin_role_path(role)
expect { click_on I18n.t('admin.roles.delete') }
.to change(UserRole, :count).by(-1)
expect(page)
.to have_title(I18n.t('admin.roles.title'))
end
end
end
Write Preview
Loading…
Cancel
Save