spec/unit/ability_spec.rb in hydra-access-controls-6.0.0.pre4 vs spec/unit/ability_spec.rb in hydra-access-controls-6.0.0.pre5
- old
+ new
@@ -18,10 +18,18 @@
:embargo_release_date => "inheritable_embargo_release_date_dtsi"
}
}})
end
+ describe "class methods" do
+ subject { Ability }
+ its(:read_group_field) { should == 'read_access_group_tsim'}
+ its(:read_person_field) { should == 'read_access_person_tsim'}
+ its(:edit_group_field) { should == 'edit_access_group_tsim'}
+ its(:edit_person_field) { should == 'edit_access_person_tsim'}
+ end
+
context "for a not-signed in user" do
before do
User.any_instance.stub(:email).and_return(nil)
User.any_instance.stub(:new_record?).and_return(true)
end
@@ -164,14 +172,13 @@
end
end
describe "Given an asset with collaborator" do
before do
- @asset = FactoryGirl.build(:org_read_access_asset)
- @asset.save
+ @asset = FactoryGirl.create(:group_edit_asset)
end
- context "Then a collaborator with edit access" do
+ context "Then a collaborator with edit access (user permision)" do
before do
@user = FactoryGirl.build(:calvin_collaborator)
end
subject { Ability.new(@user) }
@@ -185,10 +192,21 @@
end
it "should not be able to see the admin view of the asset" do
subject.can?(:admin, @asset).should be_false
end
end
+ context "Then a collaborator with edit access (group permision)" do
+ before do
+ @user = FactoryGirl.build(:martia_morocco)
+ RoleMapper.stub(:roles).with(@user.user_key).and_return(@user.roles)
+ end
+ subject { Ability.new(@user) }
+
+ it "should be able to view the asset" do
+ subject.can?(:read, @asset).should be_true
+ end
+ end
end
describe "Given an asset where dept can read & registered users can discover" do
before do
@asset = FactoryGirl.build(:dept_access_asset)
@@ -267,122 +285,20 @@
subject.can?(:accept, ActiveFedora::Base).should be_true
end
end
- #
- # Policy-based Access Controls
- #
- describe "When accessing assets with Policies associated" do
+ describe "calling ability on two separate objects" do
before do
- @user = FactoryGirl.build(:martia_morocco)
- RoleMapper.stub(:roles).with(@user.user_key).and_return(@user.roles)
+ @asset1 = FactoryGirl.create(:org_read_access_asset)
+ @asset2 = FactoryGirl.create(:asset)
+ @user = FactoryGirl.build(:calvin_collaborator) # has access to @asset1, but not @asset2
end
subject { Ability.new(@user) }
- context "Given a policy grants read access to a group I belong to" do
- before do
- @policy = Hydra::AdminPolicy.new
- @policy.default_permissions = [{:type=>"group", :access=>"read", :name=>"africana-faculty"}]
- @policy.save
- end
- after { @policy.delete }
- context "And a subscribing asset does not grant access" do
- before do
- @asset = ModsAsset.new()
- @asset.admin_policy = @policy
- @asset.save
- end
- after { @asset.delete }
- it "Then I should be able to view the asset" do
- subject.can?(:read, @asset).should be_true
- end
- it "Then I should not be able to edit, update and destroy the asset" do
- subject.can?(:edit, @asset).should be_false
- subject.can?(:update, @asset).should be_false
- subject.can?(:destroy, @asset).should be_false
- end
- end
+ it "should be readable in the first instance and not in the second instance" do
+ # We had a bug around this where it keeps returning the access for the first object queried
+ subject.can?(:edit, @asset1).should be_true
+ subject.can?(:edit, @asset2).should be_false
end
- context "Given a policy grants edit access to a group I belong to" do
- before do
- @policy = Hydra::AdminPolicy.new
- @policy.default_permissions = [{:type=>"group", :access=>"edit", :name=>"africana-faculty"}]
- @policy.save
- end
- after { @policy.delete }
- context "And a subscribing asset does not grant access" do
- before do
- @asset = ModsAsset.new()
- @asset.admin_policy = @policy
- @asset.save
- end
- after { @asset.delete }
- it "Then I should be able to view the asset" do
- subject.can?(:read, @asset).should be_true
- end
- it "Then I should be able to edit/update/destroy the asset" do
- subject.can?(:edit, @asset).should be_true
- subject.can?(:update, @asset).should be_true
- subject.can?(:destroy, @asset).should be_true
- end
- end
- context "And a subscribing asset grants read access to me as an individual" do
- before do
- @asset = ModsAsset.new()
- @asset.read_users = [@user.uid]
- @asset.admin_policy = @policy
- @asset.save
- end
- after { @asset.delete }
- it "Then I should be able to view the asset" do
- subject.can?(:read, @asset).should be_true
- end
- it "Then I should be able to edit/update/destroy the asset" do
- subject.can?(:edit, @asset).should be_true
- subject.can?(:update, @asset).should be_true
- subject.can?(:destroy, @asset).should be_true
- end
- end
- end
-
- context "Given a policy does not grant access to any group I belong to" do
- before do
- @policy = Hydra::AdminPolicy.new
- @policy.save
- end
- after { @policy.delete }
- context "And a subscribing asset does not grant access" do
- before do
- @asset = ModsAsset.new()
- @asset.admin_policy = @policy
- @asset.save
- end
- after { @asset.delete }
- it "Then I should not be able to view the asset" do
- subject.can?(:read, @asset).should be_false
- end
- it "Then I should not be able to edit/update/destroy the asset" do
- subject.can?(:edit, @asset).should be_false
- subject.can?(:update, @asset).should be_false
- subject.can?(:destroy, @asset).should be_false
- end
- end
- context "And a subscribing asset grants read access to me as an individual" do
- before do
- @asset = ModsAsset.new()
- @asset.read_users = [@user.uid]
- @asset.admin_policy = @policy
- @asset.save
- end
- after { @asset.delete }
- it "Then I should be able to view the asset" do
- subject.can?(:read, @asset).should be_true
- end
- it "Then I should not be able to edit/update/destroy the asset" do
- subject.can?(:edit, @asset).should be_false
- subject.can?(:update, @asset).should be_false
- subject.can?(:destroy, @asset).should be_false
- end
- end
- end
end
+
end