spec/unit/ability_spec.rb in hydra-access-controls-10.3.4 vs spec/unit/ability_spec.rb in hydra-access-controls-10.4.0.rc1
- old
+ new
@@ -13,28 +13,27 @@
its(:edit_user_field) { should == 'edit_access_person_ssim'}
its(:discover_group_field) { should == 'discover_access_group_ssim'}
its(:discover_user_field) { should == 'discover_access_person_ssim'}
end
+ subject { Ability.new(user) }
+
context "for a not-signed in user" do
before do
allow_any_instance_of(User).to receive(:email).and_return(nil)
allow_any_instance_of(User).to receive(:new_record?).and_return(true)
end
- subject { Ability.new(nil) }
- it "should call custom_permissions" do
+ let(:user) { nil }
+ it "calls custom_permissions" do
expect_any_instance_of(Ability).to receive(:custom_permissions)
subject.can?(:delete, 7)
end
it { should_not be_able_to(:create, ActiveFedora::Base) }
end
context "for a signed in user" do
- before do
- @user = FactoryGirl.build(:registered_user)
- end
- subject { Ability.new(@user) }
+ let(:user) { FactoryGirl.build(:registered_user) }
it { should_not be_able_to(:create, ActiveFedora::Base) }
end
@@ -48,23 +47,20 @@
asset.permissions_attributes = [{ name: "public", access: "discover", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
asset.save
end
context "Then a not-signed-in user" do
- subject { Ability.new(nil) }
+ let(:user) { nil }
it { should be_able_to(:discover, asset) }
it { should_not be_able_to(:read, asset) }
it { should_not be_able_to(:edit, asset) }
it { should_not be_able_to(:update, asset) }
it { should_not be_able_to(:destroy, asset) }
end
context "Then a registered user" do
- before do
- @user = FactoryGirl.build(:registered_user)
- end
- subject { Ability.new(@user) }
+ let(:user) { FactoryGirl.build(:registered_user) }
it { should be_able_to(:discover, asset) }
it { should_not be_able_to(:read, asset) }
it { should_not be_able_to(:edit, asset) }
it { should_not be_able_to(:update, asset) }
it { should_not be_able_to(:destroy, asset) }
@@ -78,58 +74,53 @@
asset.permissions_attributes = [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
asset.save
end
context "Then a not-signed-in user" do
- subject { Ability.new(nil) }
+ let(:user) { nil }
it { should be_able_to(:discover, asset) }
it { should be_able_to(:read, asset) }
it { should_not be_able_to(:edit, asset) }
it { should_not be_able_to(:update, asset) }
it { should_not be_able_to(:destroy, asset) }
end
context "Then a registered user" do
- before do
- @user = FactoryGirl.build(:registered_user)
- end
- subject { Ability.new(@user) }
+ let(:user) { FactoryGirl.build(:registered_user) }
it { should be_able_to(:discover, asset) }
it { should be_able_to(:read, asset) }
it { should_not be_able_to(:edit, asset) }
it { should_not be_able_to(:update, asset) }
it { should_not be_able_to(:destroy, asset) }
end
end
describe "Given an asset with no custom access set" do
- #let(:asset) { FactoryGirl.create(:default_access_asset) }
let(:asset) { FactoryGirl.create(:asset) }
before do
asset.permissions_attributes = [{ name: "joe_creator", access: "edit", type: "person" }]
asset.save
end
let(:solr_doc) { SolrDocument.new(asset.to_solr.merge(id: asset.id)) }
context "Then a not-signed-in user" do
- let(:user) { User.new.tap {|u| u.new_record = true } }
- subject { Ability.new(user) }
+ let(:user) { User.new }
it { should_not be_able_to(:discover, asset) }
it { should_not be_able_to(:read, asset) }
it { should_not be_able_to(:edit, asset) }
it { should_not be_able_to(:update, asset) }
it { should_not be_able_to(:destroy, asset) }
end
context "Then a registered user" do
- subject { Ability.new(FactoryGirl.build(:registered_user)) }
+ let(:user) { FactoryGirl.build(:registered_user) }
it { should_not be_able_to(:discover, asset) }
it { should_not be_able_to(:read, asset) }
it { should_not be_able_to(:edit, asset) }
it { should_not be_able_to(:update, asset) }
it { should_not be_able_to(:destroy, asset) }
end
context "Then the Creator" do
- subject { Ability.new(FactoryGirl.build(:joe_creator)) }
+ let(:user) { FactoryGirl.build(:joe_creator) }
it { should be_able_to(:discover, asset) }
it { should be_able_to(:read, asset) }
it { should be_able_to(:edit, asset) }
it { should be_able_to(:edit, solr_doc) }
it { should be_able_to(:update, asset) }
@@ -146,14 +137,14 @@
before do
asset.permissions_attributes = [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
asset.save
end
context "The a registered user" do
+ let(:user) { FactoryGirl.build(:registered_user) }
before do
- @user = FactoryGirl.build(:registered_user)
+ allow(user).to receive(:new_record?).and_return(false)
end
- subject { Ability.new(@user) }
it { should be_able_to(:discover, asset) }
it { should be_able_to(:read, asset) }
it { should_not be_able_to(:edit, asset) }
it { should_not be_able_to(:update, asset) }
@@ -161,39 +152,35 @@
it { should_not be_able_to(:admin, asset) }
end
end
describe "Given an asset with collaborator" do
- # let(:asset) { FactoryGirl.create(:group_edit_asset) }
let(:asset) { FactoryGirl.create(:asset) }
before do
asset.permissions_attributes = [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}]
asset.save
end
after { asset.destroy }
+
context "Then a collaborator with edit access (user permision)" do
- before do
- @user = FactoryGirl.build(:calvin_collaborator)
- end
- subject { Ability.new(@user) }
+ let(:user) { FactoryGirl.build(:calvin_collaborator) }
it { should be_able_to(:discover, asset) }
it { should be_able_to(:read, asset) }
it { should be_able_to(:edit, asset) }
it { should be_able_to(:update, asset) }
it { should be_able_to(:destroy, asset) }
it { should_not be_able_to(:admin, asset) }
end
context "Then a collaborator with edit access (group permision)" do
+ let(:user) { FactoryGirl.build(:martia_morocco) }
before do
- @user = FactoryGirl.build(:martia_morocco)
- allow(RoleMapper).to receive(:roles).with(@user).and_return(@user.roles)
+ allow(user).to receive(:groups).and_return(["faculty", "africana-faculty"])
end
- subject { Ability.new(@user) }
- it { should be_able_to(:read, asset) }
+ it { should be_able_to(:read, asset) }
end
end
describe "Given an asset where dept can read & registered users can discover" do
# let(:asset) { FactoryGirl.create(:dept_access_asset) }
@@ -201,29 +188,25 @@
before do
asset.permissions_attributes = [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }]
asset.save
end
context "Then a registered user" do
- before do
- @user = FactoryGirl.build(:registered_user)
- end
- subject { Ability.new(@user) }
+ let(:user) { FactoryGirl.build(:registered_user) }
it { should_not be_able_to(:discover, asset) }
it { should_not be_able_to(:read, asset) }
it { should_not be_able_to(:edit, asset) }
it { should_not be_able_to(:update, asset) }
it { should_not be_able_to(:destroy, asset) }
it { should_not be_able_to(:admin, asset) }
end
context "Then someone whose role/group has read access" do
+ let(:user) { FactoryGirl.build(:martia_morocco) }
before do
- @user = FactoryGirl.build(:martia_morocco)
- allow(RoleMapper).to receive(:roles).with(@user).and_return(@user.roles)
+ allow(user).to receive(:groups).and_return(["faculty", "africana-faculty"])
end
- subject { Ability.new(@user) }
it { should be_able_to(:discover, asset) }
it { should be_able_to(:read, asset) }
it { should_not be_able_to(:edit, asset) }
it { should_not be_able_to(:update, asset) }
@@ -242,45 +225,43 @@
def setup_my_permissions
can :accept, ActiveFedora::Base
end
end
- @user = FactoryGirl.create(:staff)
end
+ let(:user) { FactoryGirl.build(:staff) }
after do
Object.send(:remove_const, :MyAbility)
end
- subject { MyAbility.new(@user) }
+ subject { MyAbility.new(user) }
it { should be_able_to(:accept, ActiveFedora::Base) }
end
describe "calling ability on two separate objects" do
- #asset1 = FactoryGirl.create(:org_read_access_asset)
let(:asset1) { FactoryGirl.create(:asset) }
let(:asset2) { FactoryGirl.create(:asset) }
before do
asset1.permissions_attributes = [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
asset1.save
- @user = FactoryGirl.build(:calvin_collaborator) # has access to @asset1, but not @asset2
end
+ let(:user) { FactoryGirl.build(:calvin_collaborator) } # has access to @asset1, but not @asset2
after do
asset1.destroy
asset2.destroy
end
- subject { Ability.new(@user) }
- it "should be readable in the first instance and not in the second instance" do
+
+ it "is readable in the first instance and not in the second instance" do
# We had a bug around this where it keeps returning the access for the first object queried
expect(subject).to be_able_to(:edit, asset1)
expect(subject).to_not be_able_to(:edit, asset2)
end
end
describe "download permissions" do
- subject { Ability.new(user) }
let(:asset) { FactoryGirl.create(:asset) }
let(:user) { FactoryGirl.build(:user) }
let(:file) { ActiveFedora::File.new() }
before { allow(file).to receive(:uri).and_return(uri) }