Revision acfbc458
Added by Marek Hulán about 10 years ago
| test/unit/user_test.rb | ||
|---|---|---|
|
end
|
||
|
|
||
|
def setup_user operation
|
||
|
@one = users(:one)
|
||
|
as_admin do
|
||
|
role = Role.find_or_create_by_name :name => "#{operation}_users"
|
||
|
role.permissions = ["#{operation}_users".to_sym]
|
||
|
@one.roles = [role]
|
||
|
@one.save!
|
||
|
end
|
||
|
User.current = @one
|
||
|
super operation, "users"
|
||
|
end
|
||
|
|
||
|
test "user with create permissions should be able to create" do
|
||
| ... | ... | |
|
end
|
||
|
end
|
||
|
|
||
|
test "user with view permissions should not be able to create" do
|
||
|
setup_user "view"
|
||
|
record = User.new :login => "dummy", :mail => "j@j.com", :auth_source_id => AuthSourceInternal.first.id
|
||
|
record.password_hash = "asd"
|
||
|
assert !record.save
|
||
|
assert record.valid?
|
||
|
assert record.new_record?
|
||
|
end
|
||
|
|
||
|
test "user with destroy permissions should be able to destroy" do
|
||
|
setup_user "destroy"
|
||
|
record = users(:one)
|
||
|
assert record.destroy
|
||
|
assert record.frozen?
|
||
|
end
|
||
|
|
||
|
test "user with edit permissions should not be able to destroy" do
|
||
|
setup_user "edit"
|
||
|
record = User.first
|
||
|
assert !record.destroy
|
||
|
assert !record.frozen?
|
||
|
end
|
||
|
|
||
|
test "user with edit permissions should be able to edit" do
|
||
|
setup_user "edit"
|
||
|
record = users(:one)
|
||
|
record.login = "renamed"
|
||
|
assert record.save
|
||
|
end
|
||
|
|
||
|
test "user cannot assign role he has not assigned himself" do
|
||
|
setup_user "edit"
|
||
|
extra_role = Role.find_or_create_by_name :name => "foobar"
|
||
| ... | ... | |
|
assert record.save
|
||
|
end
|
||
|
|
||
|
test "user with destroy permissions should not be able to edit" do
|
||
|
setup_user "destroy"
|
||
|
record = users(:two)
|
||
|
record.login = 'renamed'
|
||
|
assert !record.save
|
||
|
assert record.valid?
|
||
|
end
|
||
|
|
||
|
test "should not be able to rename the admin account" do
|
||
|
u = User.find_by_login("admin")
|
||
|
u.login = "root"
|
||
| ... | ... | |
|
assert_equal user.role_ids_was, [foobar.id, barfoo.id]
|
||
|
end
|
||
|
|
||
|
test "admin? detection for user admin flag" do
|
||
|
admin = FactoryGirl.build(:user, :admin => true)
|
||
|
assert admin.admin?, 'user admin flag was missed'
|
||
|
end
|
||
|
|
||
|
test "admin? detection for group admin flag" do
|
||
|
admin = FactoryGirl.build(:user)
|
||
|
g1 = FactoryGirl.build(:usergroup)
|
||
|
g2 = FactoryGirl.build(:usergroup, :admin => true)
|
||
|
admin.cached_usergroups = [g1, g2]
|
||
|
assert admin.admin?, 'group admin flag was missed'
|
||
|
end
|
||
|
|
||
|
test "admin? is false if no flag is enabled" do
|
||
|
admin = FactoryGirl.build(:user)
|
||
|
g1 = FactoryGirl.build(:usergroup)
|
||
|
g2 = FactoryGirl.build(:usergroup)
|
||
|
admin.cached_usergroups = [g1, g2]
|
||
|
refute admin.admin?
|
||
|
end
|
||
|
|
||
|
test ".find_or_create_external_user" do
|
||
|
count = User.count
|
||
|
# existing user
|
||
| ... | ... | |
|
assert_not User.current.editing_self?(options)
|
||
|
end
|
||
|
|
||
|
test "#can? for admin" do
|
||
|
Authorizer.any_instance.stubs(:can?).returns(false)
|
||
|
u = FactoryGirl.build(:user, :admin => true)
|
||
|
assert u.can?(:view_hosts_or_whatever_you_ask)
|
||
|
end
|
||
|
|
||
|
test "#can? for not admin" do
|
||
|
Authorizer.any_instance.stubs(:can?).returns('authorizer was asked')
|
||
|
u = FactoryGirl.build(:user)
|
||
|
assert_equal 'authorizer was asked', u.can?(:view_hosts_or_whatever_you_ask)
|
||
|
end
|
||
|
|
||
|
end
|
||
Also available in: Unified diff
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity
Contributions from: