module Ddr::Auth RSpec.shared_examples "an auth context" do describe "#anonymous?" do describe "when a user is present" do before { allow(subject).to receive(:user) { double } } its(:anonymous?) { should be false } end describe "when no user is present" do before { allow(subject).to receive(:user) { nil } } its(:anonymous?) { should be true } end end describe "#authenticated?" do describe "when a user is present" do before { allow(subject).to receive(:user) { double } } its(:authenticated?) { should be true } end describe "when no user is present" do before { allow(subject).to receive(:user) { nil } } its(:authenticated?) { should be false } end end describe "#duke_agent?" do describe "when the auth context is anonymous" do before { allow(subject).to receive(:user) { nil } } its(:duke_agent?) { should be false } end describe "when the auth context agent is from Duke" do before { allow(subject).to receive(:user) { double(agent: "example@duke.edu") } } its(:duke_agent?) { should be true } end describe "when the auth context agent not is from Duke" do before { allow(subject).to receive(:user) { double(agent: "example@unc.edu") } } its(:duke_agent?) { should be false } end end describe "#agents" do before { allow(subject).to receive(:groups) { [ Groups::PUBLIC, Groups::REGISTERED, Group.new("foo") ] } } its(:agents) { are_expected.to match_array([subject.agent, Groups::PUBLIC.agent, Groups::REGISTERED.agent, "foo"].compact) } end describe "#member_of?" do before { allow(subject).to receive(:groups) { [ Groups::PUBLIC, Groups::REGISTERED, Group.new("foo") ] } } describe "when given a Group" do let(:group1) { Group.new("foo") } let(:group2) { Group.new("bar") } it "should test whether its groups includes the group" do expect(subject.member_of?(group1)).to be true expect(subject.member_of?(group2)).to be false end end describe "when given a String" do let(:group1) { "foo" } let(:group2) { "bar" } it "should test whether its groups includes a group with that id" do expect(subject.member_of?(group1)).to be true expect(subject.member_of?(group2)).to be false end end describe "when given nil" do it "should be false" do expect(subject.member_of?(nil)).to be false end end end describe "#authorized_to_act_as_superuser?" do before do allow(Ddr::Auth).to receive(:superuser_group) { "superusers" } end describe "when a member of the superusers group" do before do allow(subject).to receive(:member_of?).with("superusers") { true } end its(:authorized_to_act_as_superuser?) { should be true } end describe "when not a member of the superusers group" do before do allow(subject).to receive(:member_of?).with("superusers") { false } end its(:authorized_to_act_as_superuser?) { should be false } end end end end