Sha256: 228072334296183890e007d9c4399eba064daa24d86bcffa7eb01be7ef61ec4d

Contents?: true

Size: 1.98 KB

Versions: 1

Compression:

Stored size: 1.98 KB

Contents

require 'rspec'
require 'cantango'
require 'fixtures/models'
require 'cantango/api/current_user_accounts'
# require 'cantango/configuration/engines/store_engine_shared'

class User
  include_and_extend SimpleRoles
end
CanTango.configure do |config|
  config.users.register     :user, :admin
  config.user_accounts.register  :user, :admin
  config.cache.set :off
  config.permits.set :on
end

class UserRolePermit < CanTango::RolePermit
  def permit_rules
    can :edit, Article
    cannot :edit, User
  end
end

class AdminRolePermit < CanTango::RolePermit
  def permit_rules
    can :edit, Article
    cannot :edit, User 
  end
end

class User
  include CanTango::Users::Masquerade
end

class Context
  include CanTango::Api::UserAccount::Can

  include ::CurrentUserAccounts
  extend ::CurrentUserAccounts
end

describe CanTango::Api::UserAccount::Can do
  subject { Context.new }

  describe 'user_account' do
    # user can edit Article, not Admin
    specify do
      subject.user_account_can?(:edit, Article).should be_true
      subject.user_account_can?(:edit, User).should be_false

      subject.user_account_cannot?(:edit, User).should be_true
      subject.user_account_cannot?(:edit, Article).should be_false
    end
  end

  describe 'admin_account' do
    specify do
      subject.admin_account_can?(:edit, Article).should be_true
      subject.admin_account_can?(:edit, User).should be_false

      subject.admin_account_cannot?(:edit, User).should be_true
      subject.admin_account_cannot?(:edit, Article).should be_false
    end
  end

  describe 'admin masquerades as user' do
    before do
      Context.current_admin.masquerade_as Context.current_user
    end

    # admin masquerading as user can do same as user
    specify do
      subject.admin_account_can?(:edit, Article).should be_true
      subject.admin_account_can?(:edit, User).should be_false

      subject.admin_account_cannot?(:edit, User).should be_true
      subject.admin_account_cannot?(:edit, Article).should be_false
    end
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version Path
cantango-0.8.0 spec/cantango/api/user_account/can_api_spec.rb