Revision acfbc458
Added by Marek Hulán about 10 years ago
| test/unit/domain_test.rb | ||
|---|---|---|
|
hosts(:one)
|
||
|
end
|
||
|
|
||
|
def setup_user operation
|
||
|
@one = users(:one)
|
||
|
as_admin do
|
||
|
role = Role.find_or_create_by_name :name => "#{operation}_domains"
|
||
|
role.permissions = ["#{operation}_domains".to_sym]
|
||
|
@one.roles = [role]
|
||
|
@one.domains.destroy_all
|
||
|
@one.save!
|
||
|
end
|
||
|
User.current = @one
|
||
|
end
|
||
|
|
||
|
test "user with edit permissions should be able to edit when permitted" do
|
||
|
setup_user "edit"
|
||
|
as_admin do
|
||
|
@one.domains = [domains(:mydomain)]
|
||
|
end
|
||
|
record = Domain.find_by_name "mydomain.net"
|
||
|
assert record.update_attributes(:name => "testing")
|
||
|
assert record.valid?
|
||
|
end
|
||
|
|
||
|
test "user with edit permissions should not be able to edit when not permitted" do
|
||
|
setup_user "edit"
|
||
|
as_admin do
|
||
|
@one.domains = [domains(:yourdomain)]
|
||
|
end
|
||
|
record = Domain.find_by_name "mydomain.net"
|
||
|
assert !record.update_attributes(:name => "testing")
|
||
|
assert record.valid?
|
||
|
end
|
||
|
|
||
|
test "user with edit permissions should be able to edit when unconstrained" do
|
||
|
setup_user "edit"
|
||
|
record = Domain.first
|
||
|
assert record.update_attributes(:name => "testing")
|
||
|
assert record.valid?
|
||
|
end
|
||
|
|
||
|
test "user with view permissions should not be able to create when not permitted" do
|
||
|
setup_user "view"
|
||
|
record = Domain.create :name => "dummy", :fullname => "dummy.com"
|
||
|
assert record.valid?
|
||
|
assert record.new_record?
|
||
|
end
|
||
|
|
||
|
test "user with destroy permissions should be able to destroy" do
|
||
|
setup_user "destroy"
|
||
|
record = domains(:useless)
|
||
|
record.interfaces.clear
|
||
|
record.hosts.clear
|
||
|
assert record.destroy
|
||
|
assert record.frozen?
|
||
|
end
|
||
|
|
||
|
test "user with edit permissions should not be able to destroy" do
|
||
|
setup_user "edit"
|
||
|
record = Domain.first
|
||
|
record.subnets.clear
|
||
|
assert !record.destroy
|
||
|
assert !record.frozen?
|
||
|
end
|
||
|
|
||
|
test "user with edit permissions should be able to edit" do
|
||
|
setup_user "edit"
|
||
|
record = Domain.first
|
||
|
record.name = "renamed"
|
||
|
assert record.save
|
||
|
end
|
||
|
|
||
|
test "user with destroy permissions should not be able to edit" do
|
||
|
setup_user "destroy"
|
||
|
record = Domain.first
|
||
|
record.name = "renamed"
|
||
|
assert !record.save
|
||
|
end
|
||
|
|
||
|
test "should query local nameservers when enabled" do
|
||
|
Setting['query_local_nameservers'] = true
|
||
|
assert Domain.first.nameservers.empty?
|
||
Also available in: Unified diff
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity
Contributions from: