82 lines
2.3 KiB
Ruby
82 lines
2.3 KiB
Ruby
shared_examples "an action only authorized admins can access" do |authorized_roles:|
|
|
before { fake_login_admin(admin) }
|
|
|
|
context "with no role" do
|
|
let(:admin) { create(:admin, roles: []) }
|
|
|
|
it "redirects with an error" do
|
|
subject
|
|
it_redirects_to_with_error(root_url, "Sorry, only an authorized admin can access the page you were trying to reach.")
|
|
end
|
|
end
|
|
|
|
(Admin::VALID_ROLES - authorized_roles).each do |role|
|
|
context "with role #{role}" do
|
|
let(:admin) { create(:admin, roles: [role]) }
|
|
|
|
it "redirects with an error" do
|
|
subject
|
|
it_redirects_to_with_error(root_url, "Sorry, only an authorized admin can access the page you were trying to reach.")
|
|
end
|
|
end
|
|
end
|
|
|
|
authorized_roles.each do |role|
|
|
context "with role #{role}" do
|
|
let(:admin) { create(:admin, roles: [role]) }
|
|
|
|
it "succeeds" do
|
|
subject
|
|
success
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
shared_examples "denies access for work that isn't visible to user" do
|
|
shared_examples "denies access to random user" do
|
|
it "allows access for work creator" do
|
|
fake_login_known_user(creator)
|
|
subject
|
|
success
|
|
end
|
|
|
|
it "redirects other user" do
|
|
fake_login
|
|
subject
|
|
it_redirects_to_with_error(root_path, "Sorry, you don't have permission to access the page you were trying to reach.")
|
|
end
|
|
|
|
it "allows access for admin" do
|
|
fake_login_admin(create(:admin))
|
|
subject
|
|
success_admin
|
|
end
|
|
end
|
|
|
|
let(:creator) { create(:user) }
|
|
|
|
context "hidden work" do
|
|
let(:work) { create(:work, authors: [creator.default_pseud], hidden_by_admin: true) }
|
|
|
|
include_examples "denies access to random user"
|
|
end
|
|
|
|
context "unrevealed work" do
|
|
let(:work) { create(:work, authors: [creator.default_pseud], collections: [create(:unrevealed_collection)]) }
|
|
|
|
include_examples "denies access to random user"
|
|
end
|
|
|
|
context "hidden and unrevealed work" do
|
|
let(:work) { create(:work, authors: [creator.default_pseud], collections: [create(:unrevealed_collection)], hidden_by_admin: true) }
|
|
|
|
include_examples "denies access to random user"
|
|
end
|
|
|
|
context "draft work" do
|
|
let(:work) { create(:draft, authors: [creator.default_pseud]) }
|
|
|
|
include_examples "denies access to random user"
|
|
end
|
|
end
|