166 lines
6.1 KiB
Ruby
166 lines
6.1 KiB
Ruby
require "spec_helper"
|
|
|
|
describe Admin::SettingsController do
|
|
include LoginMacros
|
|
include RedirectExpectationHelper
|
|
|
|
describe "GET #index" do
|
|
it "denies access to guest users" do
|
|
get :index
|
|
it_redirects_to_with_notice(root_url, "I'm sorry, only an admin can look at that area")
|
|
end
|
|
|
|
context "when logged in as admin" do
|
|
let(:admin) { create(:admin, roles: []) }
|
|
|
|
before { fake_login_admin(admin) }
|
|
|
|
it "denies access to admins without correct roles" do
|
|
get :index
|
|
it_redirects_to_with_error(root_url, "Sorry, only an authorized admin can access the page you were trying to reach.")
|
|
end
|
|
|
|
it "allows access to admins with correct roles" do
|
|
admin.update!(roles: ["policy_and_abuse"])
|
|
get :index
|
|
expect(response).to have_http_status(:success)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "PUT #update" do
|
|
let(:admin) { create(:admin, roles: []) }
|
|
let(:setting) { AdminSetting.default }
|
|
|
|
context "when admin does not have correct authorization" do
|
|
it "denies random admin access" do
|
|
fake_login_admin(admin)
|
|
put :update, params: { id: setting.id, admin_setting: { hide_spam: "1" } }
|
|
it_redirects_to_with_error(root_url, "Sorry, only an authorized admin can access the page you were trying to reach.")
|
|
end
|
|
end
|
|
|
|
context "when admin has correct authorization" do
|
|
before { fake_login_admin(admin) }
|
|
|
|
context "when admin has superadmin role" do
|
|
before { admin.update!(roles: ["superadmin"]) }
|
|
|
|
it "allows superadmins to update all settings" do
|
|
put :update, params: {
|
|
id: setting.id,
|
|
admin_setting: {
|
|
account_creation_enabled: "1",
|
|
creation_requires_invite: "1",
|
|
request_invite_enabled: "0",
|
|
invite_from_queue_enabled: "1",
|
|
invite_from_queue_number: "10",
|
|
invite_from_queue_frequency: "7",
|
|
days_to_purge_unactivated: "7",
|
|
disable_support_form: "1",
|
|
disabled_support_form_text: "Disable support",
|
|
suspend_filter_counts: "0",
|
|
tag_wrangling_off: "0",
|
|
downloads_enabled: "1",
|
|
enable_test_caching: "0",
|
|
cache_expiration: "10",
|
|
hide_spam: "1",
|
|
guest_comments_off: "1",
|
|
account_age_threshold_for_comment_spam_check: "7"
|
|
}
|
|
}
|
|
|
|
it_redirects_to_with_notice(admin_settings_path, "Archive settings were successfully updated.")
|
|
end
|
|
end
|
|
|
|
context "when admin has policy_and_abuse role" do
|
|
before { admin.update!(roles: ["policy_and_abuse"]) }
|
|
|
|
{
|
|
disable_support_form: true,
|
|
downloads_enabled: false,
|
|
tag_wrangling_off: true
|
|
}.each_pair do |field, value|
|
|
it "prevents admins with policy_and_abuse role from updating #{field}" do
|
|
expect do
|
|
put :update, params: { id: setting.id, admin_setting: { field => value } }
|
|
end.to raise_exception(ActionController::UnpermittedParameters)
|
|
expect(setting.reload.send(field)).not_to eq(value)
|
|
end
|
|
end
|
|
|
|
{
|
|
account_age_threshold_for_comment_spam_check: 10,
|
|
hide_spam: 1,
|
|
invite_from_queue_enabled: 0,
|
|
invite_from_queue_number: 11,
|
|
request_invite_enabled: 1
|
|
}.each_pair do |field, value|
|
|
it "allows admins with policy_and_abuse role to update #{field}" do
|
|
put :update, params: { id: setting.id, admin_setting: { field => value } }
|
|
expect(setting.reload.read_attribute_before_type_cast(field)).to eq(value)
|
|
it_redirects_to_with_notice(admin_settings_path, "Archive settings were successfully updated.")
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when admin has support role" do
|
|
before { admin.update!(roles: ["support"]) }
|
|
|
|
{
|
|
downloads_enabled: false,
|
|
hide_spam: true,
|
|
guest_comments_off: true,
|
|
tag_wrangling_off: true,
|
|
account_age_threshold_for_comment_spam_check: 10
|
|
}.each_pair do |field, value|
|
|
it "prevents admins with support role from updating #{field}" do
|
|
expect do
|
|
put :update, params: { id: setting.id, admin_setting: { field => value } }
|
|
end.to raise_exception(ActionController::UnpermittedParameters)
|
|
expect(setting.reload.send(field)).not_to eq(value)
|
|
end
|
|
end
|
|
|
|
it "allows admins with support role to update support form settings" do
|
|
put :update, params: {
|
|
id: setting.id,
|
|
admin_setting: {
|
|
disable_support_form: true,
|
|
disabled_support_form_text: "Disable support"
|
|
}
|
|
}
|
|
expect(setting.reload.disable_support_form?).to be_truthy
|
|
expect(setting.reload.disabled_support_form_text).to include("Disable support")
|
|
it_redirects_to_with_notice(admin_settings_path, "Archive settings were successfully updated.")
|
|
end
|
|
end
|
|
|
|
context "when admin has tag_wrangling role" do
|
|
before { admin.update!(roles: ["tag_wrangling"]) }
|
|
|
|
{
|
|
disable_support_form: true,
|
|
downloads_enabled: false,
|
|
hide_spam: true,
|
|
guest_comments_off: true,
|
|
account_age_threshold_for_comment_spam_check: 10
|
|
}.each_pair do |field, value|
|
|
it "prevents admins with tag_wrangling role from updating #{field}" do
|
|
expect do
|
|
put :update, params: { id: setting.id, admin_setting: { field => value } }
|
|
end.to raise_exception(ActionController::UnpermittedParameters)
|
|
expect(setting.reload.send(field)).not_to eq(value)
|
|
end
|
|
end
|
|
|
|
it "allows admins with tag_wrangling role to turn wrangling off" do
|
|
put :update, params: { id: setting.id, admin_setting: { tag_wrangling_off: "1" } }
|
|
expect(setting.reload.tag_wrangling_off?).to be_truthy
|
|
it_redirects_to_with_notice(admin_settings_path, "Archive settings were successfully updated.")
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|