# frozen_string_literal: true RSpec.describe SolidusSubscriptions::PermissionSets::DefaultCustomer do context 'when the user is authenticated' do it 'is allowed to display and update their subscriptions' do user = create(:user) subscription = create(:subscription, user: user) ability = Spree::Ability.new(user) permission_set = described_class.new(ability) permission_set.activate! expect(ability).to be_able_to([:show, :display, :update], subscription) end it "is not allowed to display or update someone else's subscriptions" do user = create(:user) subscription = create(:subscription) ability = Spree::Ability.new(user) permission_set = described_class.new(ability) permission_set.activate! expect(ability).not_to be_able_to([:show, :display, :update], subscription) end it 'is allowed to display and update line items on their subscriptions' do user = create(:user) subscription = create(:subscription, user: user) line_item = create(:subscription_line_item, subscription: subscription) ability = Spree::Ability.new(user) permission_set = described_class.new(ability) permission_set.activate! expect(ability).to be_able_to([:show, :display, :update], line_item) end it "is not allowed to display or update line items on someone else's subscriptions" do user = create(:user) subscription = create(:subscription) line_item = create(:subscription_line_item, subscription: subscription) ability = Spree::Ability.new(user) permission_set = described_class.new(ability) permission_set.activate! expect(ability).not_to be_able_to([:show, :display, :update], line_item) end end context 'when the user provides a guest token' do it 'is allowed to display and update their subscriptions' do subscription = create(:subscription) ability = Spree::Ability.new(nil) permission_set = described_class.new(ability) permission_set.activate! expect(ability).to be_able_to([:show, :display, :update], subscription, subscription.guest_token) end it "is not allowed to display or update someone else's subscriptions" do subscription = create(:subscription) ability = Spree::Ability.new(nil) permission_set = described_class.new(ability) permission_set.activate! expect(ability).not_to be_able_to([:show, :display, :update], subscription, 'invalid') end it 'is allowed to display and update line items on their subscriptions' do subscription = create(:subscription) line_item = create(:subscription_line_item, subscription: subscription) ability = Spree::Ability.new(nil) permission_set = described_class.new(ability) permission_set.activate! expect(ability).to be_able_to([:show, :display, :update], line_item, subscription.guest_token) end it "is not allowed to display or update line items on someone else's subscriptions" do subscription = create(:subscription) line_item = create(:subscription_line_item, subscription: subscription) ability = Spree::Ability.new(nil) permission_set = described_class.new(ability) permission_set.activate! expect(ability).not_to be_able_to([:show, :display, :update], line_item, 'invalid') end end end