Merge pull request #3550 from okriuchykhin/ok_SCI_6058

Update/implement permission checks in the canvas controller [SCI-6058]
This commit is contained in:
Alex Kriuchykhin 2021-09-16 13:32:56 +02:00 committed by GitHub
commit 19a8faaf72
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -0,0 +1,66 @@
# frozen_string_literal: true
require 'rails_helper'
describe CanvasController, type: :controller do
include PermissionExtends
it_behaves_like "a controller with authentication", {
edit: { id: 1 },
full_zoom: { id: 1 },
medium_zoom: { id: 1 },
small_zoom: { id: 1 },
update: { id: 1 }
}, []
login_user
describe 'permissions checking' do
include_context 'reference_project_structure', {
team_role: :normal_user,
my_modules: 3
}
it_behaves_like "a controller action with permissions checking", :get, :edit do
let(:testable) { project }
let(:permissions) { [ExperimentPermissions::MANAGE] }
let(:action_params) { { id: experiment.id } }
end
it_behaves_like "a controller action with permissions checking", :get, :full_zoom do
let(:testable) { experiment }
let(:permissions) { [ExperimentPermissions::READ] }
let(:action_params) { { id: experiment.id } }
end
it_behaves_like "a controller action with permissions checking", :get, :medium_zoom do
let(:testable) { experiment }
let(:permissions) { [ExperimentPermissions::READ] }
let(:action_params) { { id: experiment.id } }
end
it_behaves_like "a controller action with permissions checking", :get, :small_zoom do
let(:testable) { experiment }
let(:permissions) { [ExperimentPermissions::READ] }
let(:action_params) { { id: experiment.id } }
end
it_behaves_like "a controller action with permissions checking", :post, :update do
let(:testable) { experiment }
let(:permissions) { [ExperimentPermissions::MANAGE] }
let(:action_params) { { id: experiment.id } }
end
it_behaves_like "a controller action with permissions checking", :post, :update do
let(:testable) { my_modules.first }
let(:permissions) { [MyModulePermissions::ARCHIVE] }
let(:action_params) { { id: experiment.id, remove: "#{my_modules.first.id},#{my_modules.second.id}" } }
end
it_behaves_like "a controller action with permissions checking", :post, :update do
let(:testable) { my_modules.first }
let(:permissions) { [MyModulePermissions::MANAGE] }
let(:action_params) { { id: experiment.id, rename: "{\"#{my_modules.first.id}\": \"Test\"}" } }
end
end
end