Revision acfbc458
Added by Marek Hulán about 10 years ago
test/functional/users_controller_test.rb | ||
---|---|---|
|
||
test 'user with viewer rights should fail to edit a user' do
|
||
get :edit, {:id => User.first.id}
|
||
assert_response 403
|
||
assert_response 404
|
||
end
|
||
|
||
test 'user with viewer rights should succeed in viewing users' do
|
||
... | ... | |
assert_response :redirect
|
||
end
|
||
|
||
test 'non admin user should not be able to edit another user' do
|
||
test 'user without edit permission should not be able to edit another user' do
|
||
User.current = users(:one)
|
||
get :edit, { :id => users(:two) }
|
||
assert_response 403
|
||
assert_response 404
|
||
end
|
||
|
||
test 'user with edit permission should be able to edit another user' do
|
||
setup_user 'edit', 'users'
|
||
get :edit, { :id => users(:two) }
|
||
assert_response :success
|
||
end
|
||
|
||
test 'non admin user should not be able to update another user' do
|
||
test 'user without edit permission should not be able to update another user' do
|
||
User.current = users(:one)
|
||
put :update, { :id => users(:two).id, :user => { :firstname => 'test' } }
|
||
assert_response 403
|
||
end
|
||
|
||
test 'user with update permission should be able to update another user' do
|
||
setup_user 'edit', 'users'
|
||
put :update, { :id => users(:two).id, :user => { :firstname => 'test' } }
|
||
|
||
assert_response :redirect
|
||
end
|
||
|
||
end
|
Also available in: Unified diff
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity
Contributions from: