Revision acfbc458
Added by Marek Hulán about 10 years ago
| test/unit/usergroup_test.rb | ||
|---|---|---|
|
assert_equal @ug1.errors.full_messages[0], "ug1 is used by #{@h1}"
|
||
|
end
|
||
|
|
||
|
test "cannot be destroyed when in use by another usergroup" do
|
||
|
test "can be destroyed when in use by another usergroup, it removes association automatically" do
|
||
|
@ug1 = Usergroup.find_or_create_by_name :name => "ug1"
|
||
|
@ug2 = Usergroup.find_or_create_by_name :name => "ug2"
|
||
|
@ug1.usergroups = [@ug2]
|
||
|
@ug1.destroy
|
||
|
assert @ug1.errors.full_messages[0] == "ug1 is used by ug2"
|
||
|
assert @ug1.destroy
|
||
|
assert @ug2.reload
|
||
|
assert_empty UsergroupMember.where(:member_id => @ug2.id)
|
||
|
end
|
||
|
|
||
|
test "removes user join model records" do
|
||
| ... | ... | |
|
end
|
||
|
end
|
||
|
|
||
|
def setup_user operation
|
||
|
@one = users(:one)
|
||
|
as_admin do
|
||
|
role = Role.find_or_create_by_name :name => "#{operation}_usergroups"
|
||
|
role.permissions = ["#{operation}_usergroups".to_sym]
|
||
|
@one.roles = [role]
|
||
|
@one.save!
|
||
|
end
|
||
|
User.current = @one
|
||
|
end
|
||
|
test "removes all cached_user_roles when roles are disassociated" do
|
||
|
user = FactoryGirl.create(:user)
|
||
|
record = FactoryGirl.create(:usergroup)
|
||
|
record.users = [user]
|
||
|
one = FactoryGirl.create(:role)
|
||
|
two = FactoryGirl.create(:role)
|
||
|
|
||
|
test "user with create permissions should be able to create" do
|
||
|
setup_user "create"
|
||
|
record = Usergroup.create :name => "dummy"
|
||
|
assert record.valid?
|
||
|
assert !record.new_record?
|
||
|
end
|
||
|
record.roles = [one, two]
|
||
|
assert_equal 2, user.reload.cached_user_roles.size
|
||
|
|
||
|
test "user with view permissions should not be able to create" do
|
||
|
setup_user "view"
|
||
|
record = Usergroup.create :name => "dummy"
|
||
|
assert record.valid?
|
||
|
assert record.new_record?
|
||
|
end
|
||
|
assert record.update_attributes(:role_ids => [ two.id ])
|
||
|
assert_equal 1, user.reload.cached_user_roles.size
|
||
|
|
||
|
test "user with destroy permissions should be able to destroy" do
|
||
|
record = FactoryGirl.create(:usergroup)
|
||
|
setup_user "destroy"
|
||
|
assert record.destroy
|
||
|
assert record.frozen?
|
||
|
end
|
||
|
record.role_ids = [ ]
|
||
|
assert_equal 0, user.reload.cached_user_roles.size
|
||
|
|
||
|
test "user with edit permissions should not be able to destroy" do
|
||
|
record = FactoryGirl.create(:usergroup)
|
||
|
setup_user "edit"
|
||
|
assert !record.destroy
|
||
|
assert !record.frozen?
|
||
|
end
|
||
|
assert record.update_attribute(:role_ids, [ one.id ])
|
||
|
assert_equal 1, user.reload.cached_user_roles.size
|
||
|
|
||
|
test "user with edit permissions should be able to edit" do
|
||
|
record = FactoryGirl.create(:usergroup)
|
||
|
setup_user "edit"
|
||
|
record.name = "renamed"
|
||
|
assert record.save
|
||
|
record.roles<< two
|
||
|
assert_equal 2, user.reload.cached_user_roles.size
|
||
|
end
|
||
|
|
||
|
test "user with destroy permissions should not be able to edit" do
|
||
|
record = FactoryGirl.create(:usergroup)
|
||
|
setup_user "destroy"
|
||
|
record.name = "renamed"
|
||
|
assert !record.save
|
||
|
assert record.valid?
|
||
|
end
|
||
|
# TODO test who can modify usergroup roles and who can assign users!!! possible privileges escalation
|
||
|
|
||
|
end
|
||
Also available in: Unified diff
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity
Contributions from: