From 86faf96365d28b0a81b6f22ae62a82231f5d25bf Mon Sep 17 00:00:00 2001 From: Oleksii Kriuchykhin Date: Thu, 16 Sep 2021 09:54:27 +0200 Subject: [PATCH] Update/implement permission checks in the canvas controller [SCI-6058] --- .../controllers/canvas_controller_spec.rb | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 spec/permissions/controllers/canvas_controller_spec.rb diff --git a/spec/permissions/controllers/canvas_controller_spec.rb b/spec/permissions/controllers/canvas_controller_spec.rb new file mode 100644 index 000000000..3d2aa1490 --- /dev/null +++ b/spec/permissions/controllers/canvas_controller_spec.rb @@ -0,0 +1,66 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe CanvasController, type: :controller do + include PermissionExtends + + it_behaves_like "a controller with authentication", { + edit: { id: 1 }, + full_zoom: { id: 1 }, + medium_zoom: { id: 1 }, + small_zoom: { id: 1 }, + update: { id: 1 } + }, [] + + login_user + + describe 'permissions checking' do + include_context 'reference_project_structure', { + team_role: :normal_user, + my_modules: 3 + } + + it_behaves_like "a controller action with permissions checking", :get, :edit do + let(:testable) { project } + let(:permissions) { [ExperimentPermissions::MANAGE] } + let(:action_params) { { id: experiment.id } } + end + + it_behaves_like "a controller action with permissions checking", :get, :full_zoom do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::READ] } + let(:action_params) { { id: experiment.id } } + end + + it_behaves_like "a controller action with permissions checking", :get, :medium_zoom do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::READ] } + let(:action_params) { { id: experiment.id } } + end + + it_behaves_like "a controller action with permissions checking", :get, :small_zoom do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::READ] } + let(:action_params) { { id: experiment.id } } + end + + it_behaves_like "a controller action with permissions checking", :post, :update do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::MANAGE] } + let(:action_params) { { id: experiment.id } } + end + + it_behaves_like "a controller action with permissions checking", :post, :update do + let(:testable) { my_modules.first } + let(:permissions) { [MyModulePermissions::ARCHIVE] } + let(:action_params) { { id: experiment.id, remove: "#{my_modules.first.id},#{my_modules.second.id}" } } + end + + it_behaves_like "a controller action with permissions checking", :post, :update do + let(:testable) { my_modules.first } + let(:permissions) { [MyModulePermissions::MANAGE] } + let(:action_params) { { id: experiment.id, rename: "{\"#{my_modules.first.id}\": \"Test\"}" } } + end + end +end