require 'foreman_tasks_test_helper' module ForemanTasks class DynflowConsoleAuthorizerTest < ActiveSupport::TestCase include Rack::Test::Methods before do User.current = User.where(:login => 'apiadmin').first end let(:own_task) { FactoryGirl.create(:dynflow_task, :set_owner => user) } let(:foreign_task) { FactoryGirl.create(:dynflow_task) } let(:edit_foreman_tasks_permission) do Permission.where(:name => :edit_foreman_tasks).first end def dynflow_console_authorized?(task = nil) dynflow_path = '/' dynflow_path += task.external_id.to_s if task dynflow_rack_env = { 'rack.session' => { 'user' => user.id, 'expires_at' => Time.zone.now + 100 }, 'PATH_INFO' => dynflow_path }.with_indifferent_access ForemanTasks::Dynflow::ConsoleAuthorizer.new(dynflow_rack_env).allow? end describe 'admin user' do let(:user) { FactoryGirl.create(:user, :admin) } it 'can see all tasks' do assert dynflow_console_authorized? assert dynflow_console_authorized?(own_task) assert dynflow_console_authorized?(foreign_task) end end describe 'user with unlimited edit_foreman_tasks permissions' do let(:user) do user_role = FactoryGirl.create(:user_user_role) FactoryGirl.create(:filter, :role => user_role.role, :permissions => [edit_foreman_tasks_permission]) user_role.owner end it 'can see all tasks' do assert dynflow_console_authorized? assert dynflow_console_authorized?(own_task) assert dynflow_console_authorized?(foreign_task) end end describe 'user with limited edit_foreman_tasks permissions' do let(:user) do user_role = FactoryGirl.create(:user_user_role) FactoryGirl.create(:filter, :search => 'owner.id = current_user', :role => user_role.role, :permissions => [edit_foreman_tasks_permission]) user_role.owner end it 'can see only the tasks he has permissions on' do refute dynflow_console_authorized? assert dynflow_console_authorized?(own_task) refute dynflow_console_authorized?(foreign_task) end end describe 'user without edit_foreman_tasks permissions' do let(:user) { FactoryGirl.create(:user) } it 'can not see any tasks' do refute dynflow_console_authorized? refute dynflow_console_authorized?(own_task) refute dynflow_console_authorized?(foreign_task) end end end end