2013-02-05 14:16:51 -05:00
require 'spec_helper'
require 'guardian'
2013-03-18 17:52:29 -04:00
require_dependency 'post_destroyer'
2013-02-05 14:16:51 -05:00
describe Guardian do
2013-05-21 16:39:51 +10:00
let ( :user ) { build ( :user ) }
let ( :moderator ) { build ( :moderator ) }
let ( :admin ) { build ( :admin ) }
let ( :another_admin ) { build ( :another_admin ) }
let ( :coding_horror ) { build ( :coding_horror ) }
2013-02-05 14:16:51 -05:00
2013-05-21 16:39:51 +10:00
let ( :topic ) { build ( :topic , user : user ) }
let ( :post ) { build ( :post , topic : topic , user : topic . user ) }
2013-02-05 14:16:51 -05:00
it 'can be created without a user (not logged in)' do
lambda { Guardian . new } . should_not raise_error
end
it 'can be instantiaed with a user instance' do
lambda { Guardian . new ( user ) } . should_not raise_error
end
describe 'post_can_act?' do
2013-05-21 16:39:51 +10:00
let ( :post ) { build ( :post ) }
let ( :user ) { build ( :user ) }
2013-02-05 14:16:51 -05:00
it " returns false when the user is nil " do
Guardian . new ( nil ) . post_can_act? ( post , :like ) . should be_false
end
it " returns false when the post is nil " do
Guardian . new ( user ) . post_can_act? ( nil , :like ) . should be_false
end
it " returns false when the topic is archived " do
post . topic . archived = true
Guardian . new ( user ) . post_can_act? ( post , :like ) . should be_false
end
2013-05-19 23:04:53 -07:00
it " always allows flagging " do
post . topic . archived = true
Guardian . new ( user ) . post_can_act? ( post , :spam ) . should be_true
end
2013-02-05 14:16:51 -05:00
it " returns false when liking yourself " do
Guardian . new ( post . user ) . post_can_act? ( post , :like ) . should be_false
end
it " returns false when you've already done it " do
2013-03-01 15:07:44 +03:00
Guardian . new ( user ) . post_can_act? ( post , :like , taken_actions : { PostActionType . types [ :like ] = > 1 } ) . should be_false
2013-02-05 14:16:51 -05:00
end
2013-02-25 19:42:20 +03:00
it " returns false when you already flagged a post " do
2013-03-01 15:07:44 +03:00
Guardian . new ( user ) . post_can_act? ( post , :off_topic , taken_actions : { PostActionType . types [ :spam ] = > 1 } ) . should be_false
2013-02-05 14:16:51 -05:00
end
describe " trust levels " do
it " returns true for a new user liking something " do
2013-03-01 15:07:44 +03:00
user . trust_level = TrustLevel . levels [ :new ]
2013-02-05 14:16:51 -05:00
Guardian . new ( user ) . post_can_act? ( post , :like ) . should be_true
end
it " returns false for a new user flagging something as spam " do
2013-03-01 15:07:44 +03:00
user . trust_level = TrustLevel . levels [ :new ]
2013-02-05 14:16:51 -05:00
Guardian . new ( user ) . post_can_act? ( post , :spam ) . should be_false
end
it " returns false for a new user flagging something as off topic " do
2013-03-01 15:07:44 +03:00
user . trust_level = TrustLevel . levels [ :new ]
2013-02-05 14:16:51 -05:00
Guardian . new ( user ) . post_can_act? ( post , :off_topic ) . should be_false
end
end
end
2013-02-25 19:42:20 +03:00
describe " can_clear_flags " do
2013-02-08 19:04:14 -05:00
let ( :post ) { Fabricate ( :post ) }
let ( :user ) { post . user }
let ( :moderator ) { Fabricate ( :moderator ) }
it " returns false when the user is nil " do
Guardian . new ( nil ) . can_clear_flags? ( post ) . should be_false
end
it " returns false when the post is nil " do
Guardian . new ( moderator ) . can_clear_flags? ( nil ) . should be_false
end
it " returns false when the user is not a moderator " do
Guardian . new ( user ) . can_clear_flags? ( post ) . should be_false
end
it " returns true when the user is a moderator " do
Guardian . new ( moderator ) . can_clear_flags? ( post ) . should be_true
end
end
2013-02-05 14:16:51 -05:00
describe 'can_send_private_message' do
let ( :user ) { Fabricate ( :user ) }
let ( :another_user ) { Fabricate ( :user ) }
it " returns false when the user is nil " do
Guardian . new ( nil ) . can_send_private_message? ( user ) . should be_false
2013-02-25 19:42:20 +03:00
end
2013-02-05 14:16:51 -05:00
it " returns false when the target user is nil " do
Guardian . new ( user ) . can_send_private_message? ( nil ) . should be_false
end
it " returns false when the target is the same as the user " do
Guardian . new ( user ) . can_send_private_message? ( user ) . should be_false
end
it " returns false when you are untrusted " do
2013-03-01 15:07:44 +03:00
user . trust_level = TrustLevel . levels [ :new ]
2013-02-05 14:16:51 -05:00
Guardian . new ( user ) . can_send_private_message? ( another_user ) . should be_false
end
it " returns true to another user " do
Guardian . new ( user ) . can_send_private_message? ( another_user ) . should be_true
end
end
describe 'can_reply_as_new_topic' do
let ( :user ) { Fabricate ( :user ) }
let ( :topic ) { Fabricate ( :topic ) }
it " returns false for a non logged in user " do
Guardian . new ( nil ) . can_reply_as_new_topic? ( topic ) . should be_false
end
it " returns false for a nil topic " do
Guardian . new ( user ) . can_reply_as_new_topic? ( nil ) . should be_false
end
it " returns false for an untrusted user " do
2013-03-01 15:07:44 +03:00
user . trust_level = TrustLevel . levels [ :new ]
2013-02-05 14:16:51 -05:00
Guardian . new ( user ) . can_reply_as_new_topic? ( topic ) . should be_false
end
it " returns true for a trusted user " do
Guardian . new ( user ) . can_reply_as_new_topic? ( topic ) . should be_true
end
end
describe 'can_see_post_actors?' do
let ( :topic ) { Fabricate ( :topic , user : coding_horror ) }
2013-04-29 16:33:24 +10:00
it 'displays visibility correctly' do
guardian = Guardian . new ( user )
guardian . can_see_post_actors? ( nil , PostActionType . types [ :like ] ) . should be_false
guardian . can_see_post_actors? ( topic , PostActionType . types [ :like ] ) . should be_true
guardian . can_see_post_actors? ( topic , PostActionType . types [ :bookmark ] ) . should be_false
guardian . can_see_post_actors? ( topic , PostActionType . types [ :off_topic ] ) . should be_false
guardian . can_see_post_actors? ( topic , PostActionType . types [ :spam ] ) . should be_false
guardian . can_see_post_actors? ( topic , PostActionType . types [ :vote ] ) . should be_true
2013-02-05 14:16:51 -05:00
end
it 'returns false for private votes' do
topic . expects ( :has_meta_data_boolean? ) . with ( :private_poll ) . returns ( true )
2013-03-01 15:07:44 +03:00
Guardian . new ( user ) . can_see_post_actors? ( topic , PostActionType . types [ :vote ] ) . should be_false
2013-02-05 14:16:51 -05:00
end
end
describe 'can_impersonate?' do
2013-04-29 16:33:24 +10:00
it 'allows impersonation correctly' do
2013-02-05 14:16:51 -05:00
Guardian . new ( admin ) . can_impersonate? ( nil ) . should be_false
Guardian . new . can_impersonate? ( user ) . should be_false
Guardian . new ( coding_horror ) . can_impersonate? ( user ) . should be_false
Guardian . new ( admin ) . can_impersonate? ( admin ) . should be_false
Guardian . new ( admin ) . can_impersonate? ( another_admin ) . should be_false
Guardian . new ( admin ) . can_impersonate? ( user ) . should be_true
Guardian . new ( admin ) . can_impersonate? ( moderator ) . should be_true
end
end
describe 'can_invite_to?' do
let ( :topic ) { Fabricate ( :topic ) }
let ( :user ) { topic . user }
let ( :moderator ) { Fabricate ( :moderator ) }
2013-04-29 16:33:24 +10:00
it 'handles invitation correctly' do
2013-02-05 14:16:51 -05:00
Guardian . new ( nil ) . can_invite_to? ( topic ) . should be_false
Guardian . new ( moderator ) . can_invite_to? ( nil ) . should be_false
Guardian . new ( moderator ) . can_invite_to? ( topic ) . should be_true
2013-04-29 16:33:24 +10:00
Guardian . new ( user ) . can_invite_to? ( topic ) . should be_false
2013-02-05 14:16:51 -05:00
end
it 'returns false when the site requires approving users' do
SiteSetting . expects ( :must_approve_users? ) . returns ( true )
Guardian . new ( moderator ) . can_invite_to? ( topic ) . should be_false
end
end
describe 'can_see?' do
it 'returns false with a nil object' do
Guardian . new . can_see? ( nil ) . should be_false
end
describe 'a Topic' do
it 'allows non logged in users to view topics' do
Guardian . new . can_see? ( topic ) . should be_true
end
2013-04-29 16:33:24 +10:00
it 'correctly handles groups' do
group = Fabricate ( :group )
category = Fabricate ( :category , secure : true )
category . allow ( group )
topic = Fabricate ( :topic , category : category )
Guardian . new ( user ) . can_see? ( topic ) . should be_false
group . add ( user )
group . save
Guardian . new ( user ) . can_see? ( topic ) . should be_true
end
end
describe 'a Post' do
it 'correctly handles post visibility' do
2013-05-21 16:39:51 +10:00
post = Fabricate ( :post )
topic = post . topic
2013-04-29 16:33:24 +10:00
Guardian . new ( user ) . can_see? ( post ) . should be_true
2013-05-07 14:39:01 +10:00
post . trash!
2013-04-29 16:33:24 +10:00
post . reload
Guardian . new ( user ) . can_see? ( post ) . should be_false
Guardian . new ( admin ) . can_see? ( post ) . should be_true
2013-05-07 14:39:01 +10:00
post . recover!
2013-04-29 16:33:24 +10:00
post . reload
2013-05-07 14:39:01 +10:00
topic . trash!
2013-04-29 16:33:24 +10:00
topic . reload
Guardian . new ( user ) . can_see? ( post ) . should be_false
Guardian . new ( admin ) . can_see? ( post ) . should be_true
end
2013-02-05 14:16:51 -05:00
end
end
describe 'can_create?' do
describe 'a Category' do
it 'returns false when not logged in' do
Guardian . new . can_create? ( Category ) . should be_false
end
it 'returns false when a regular user' do
Guardian . new ( user ) . can_create? ( Category ) . should be_false
end
it 'returns true when a moderator' do
Guardian . new ( moderator ) . can_create? ( Category ) . should be_true
end
it 'returns true when an admin' do
Guardian . new ( admin ) . can_create? ( Category ) . should be_true
end
end
describe 'a Post' do
it " is false when not logged in " do
Guardian . new . can_create? ( Post , topic ) . should be_false
end
it 'is true for a regular user' do
Guardian . new ( topic . user ) . can_create? ( Post , topic ) . should be_true
end
it " is false when you can't see the topic " do
Guardian . any_instance . expects ( :can_see? ) . with ( topic ) . returns ( false )
Guardian . new ( topic . user ) . can_create? ( Post , topic ) . should be_false
end
context 'closed topic' do
before do
topic . closed = true
end
it " doesn't allow new posts from regular users " do
Guardian . new ( topic . user ) . can_create? ( Post , topic ) . should be_false
end
it 'allows editing of posts' do
Guardian . new ( topic . user ) . can_edit? ( post ) . should be_true
end
it " allows new posts from moderators " do
Guardian . new ( moderator ) . can_create? ( Post , topic ) . should be_true
end
it " allows new posts from admins " do
Guardian . new ( admin ) . can_create? ( Post , topic ) . should be_true
end
end
context 'archived topic' do
before do
topic . archived = true
end
context 'regular users' do
it " doesn't allow new posts from regular users " do
Guardian . new ( coding_horror ) . can_create? ( Post , topic ) . should be_false
end
it 'allows editing of posts' do
Guardian . new ( coding_horror ) . can_edit? ( post ) . should be_false
end
end
2013-02-25 19:42:20 +03:00
2013-02-05 14:16:51 -05:00
it " allows new posts from moderators " do
Guardian . new ( moderator ) . can_create? ( Post , topic ) . should be_true
end
it " allows new posts from admins " do
Guardian . new ( admin ) . can_create? ( Post , topic ) . should be_true
end
end
end
end
describe 'post_can_act?' do
it " isn't allowed on nil " do
Guardian . new ( user ) . post_can_act? ( nil , nil ) . should be_false
end
describe 'a Post' do
2013-02-25 19:42:20 +03:00
let ( :guardian ) do
2013-02-05 14:16:51 -05:00
Guardian . new ( user )
end
it " isn't allowed when not logged in " do
Guardian . new ( nil ) . post_can_act? ( post , :vote ) . should be_false
end
it " is allowed as a regular user " do
guardian . post_can_act? ( post , :vote ) . should be_true
end
it " doesn't allow voting if the user has an action from voting already " do
2013-03-01 15:07:44 +03:00
guardian . post_can_act? ( post , :vote , taken_actions : { PostActionType . types [ :vote ] = > 1 } ) . should be_false
2013-02-05 14:16:51 -05:00
end
it " allows voting if the user has performed a different action " do
2013-03-01 15:07:44 +03:00
guardian . post_can_act? ( post , :vote , taken_actions : { PostActionType . types [ :like ] = > 1 } ) . should be_true
2013-02-25 19:42:20 +03:00
end
2013-02-05 14:16:51 -05:00
it " isn't allowed on archived topics " do
topic . archived = true
Guardian . new ( user ) . post_can_act? ( post , :like ) . should be_false
end
2013-02-25 19:42:20 +03:00
2013-02-05 14:16:51 -05:00
describe 'multiple voting' do
it " isn't allowed if the user voted and the topic doesn't allow multiple votes " do
Topic . any_instance . expects ( :has_meta_data_boolean? ) . with ( :single_vote ) . returns ( true )
2013-03-23 20:32:59 +05:30
Guardian . new ( user ) . can_vote? ( post , voted_in_topic : true ) . should be_false
2013-02-05 14:16:51 -05:00
end
it " is allowed if the user voted and the topic doesn't allow multiple votes " do
2013-03-23 20:32:59 +05:30
Guardian . new ( user ) . can_vote? ( post , voted_in_topic : false ) . should be_true
2013-02-05 14:16:51 -05:00
end
end
end
end
2013-02-07 15:12:55 -05:00
describe " can_recover_post? " do
it " returns false for a nil user " do
Guardian . new ( nil ) . can_recover_post? ( post ) . should be_false
end
it " returns false for a nil object " do
Guardian . new ( user ) . can_recover_post? ( nil ) . should be_false
end
it " returns false for a regular user " do
Guardian . new ( user ) . can_recover_post? ( post ) . should be_false
end
it " returns true for a moderator " do
Guardian . new ( moderator ) . can_recover_post? ( post ) . should be_true
end
end
2013-02-05 14:16:51 -05:00
describe 'can_edit?' do
it 'returns false with a nil object' do
Guardian . new ( user ) . can_edit? ( nil ) . should be_false
end
describe 'a Post' do
it 'returns false when not logged in' do
Guardian . new . can_edit? ( post ) . should be_false
end
it 'returns true if you want to edit your own post' do
Guardian . new ( post . user ) . can_edit? ( post ) . should be_true
end
it 'returns false if another regular user tries to edit your post' do
Guardian . new ( coding_horror ) . can_edit? ( post ) . should be_false
end
it 'returns true as a moderator' do
Guardian . new ( moderator ) . can_edit? ( post ) . should be_true
end
it 'returns true as an admin' do
Guardian . new ( admin ) . can_edit? ( post ) . should be_true
end
end
describe 'a Topic' do
it 'returns false when not logged in' do
Guardian . new . can_edit? ( topic ) . should be_false
end
it 'returns true for editing your own post' do
Guardian . new ( topic . user ) . can_edit? ( topic ) . should be_true
end
it 'returns false as a regular user' do
Guardian . new ( coding_horror ) . can_edit? ( topic ) . should be_false
end
it 'returns true as a moderator' do
Guardian . new ( moderator ) . can_edit? ( topic ) . should be_true
end
it 'returns true as an admin' do
Guardian . new ( admin ) . can_edit? ( topic ) . should be_true
end
end
describe 'a Category' do
let ( :category ) { Fabricate ( :category ) }
it 'returns false when not logged in' do
Guardian . new . can_edit? ( category ) . should be_false
end
it 'returns false as a regular user' do
Guardian . new ( category . user ) . can_edit? ( category ) . should be_false
end
it 'returns true as a moderator' do
Guardian . new ( moderator ) . can_edit? ( category ) . should be_true
end
it 'returns true as an admin' do
Guardian . new ( admin ) . can_edit? ( category ) . should be_true
end
end
describe 'a User' do
it 'returns false when not logged in' do
Guardian . new . can_edit? ( user ) . should be_false
end
it 'returns false as a different user' do
Guardian . new ( coding_horror ) . can_edit? ( user ) . should be_false
end
it 'returns true when trying to edit yourself' do
Guardian . new ( user ) . can_edit? ( user ) . should be_true
2013-02-25 19:42:20 +03:00
end
2013-02-05 14:16:51 -05:00
2013-05-02 15:15:17 +10:00
it 'returns true as a moderator' do
Guardian . new ( moderator ) . can_edit? ( user ) . should be_true
2013-02-05 14:16:51 -05:00
end
it 'returns true as an admin' do
Guardian . new ( admin ) . can_edit? ( user ) . should be_true
end
end
end
context 'can_moderate?' do
it 'returns false with a nil object' do
Guardian . new ( user ) . can_moderate? ( nil ) . should be_false
end
context 'a Topic' do
it 'returns false when not logged in' do
Guardian . new . can_moderate? ( topic ) . should be_false
end
it 'returns false when not a moderator' do
Guardian . new ( user ) . can_moderate? ( topic ) . should be_false
end
it 'returns true when a moderator' do
Guardian . new ( moderator ) . can_moderate? ( topic ) . should be_true
end
it 'returns true when an admin' do
Guardian . new ( admin ) . can_moderate? ( topic ) . should be_true
end
2013-02-25 19:42:20 +03:00
end
2013-02-05 14:16:51 -05:00
end
context 'can_see_flags?' do
it " returns false when there is no post " do
Guardian . new ( moderator ) . can_see_flags? ( nil ) . should be_false
end
it " returns false when there is no user " do
Guardian . new ( nil ) . can_see_flags? ( post ) . should be_false
end
it " allow regular uses to see flags " do
Guardian . new ( user ) . can_see_flags? ( post ) . should be_false
end
it " allows moderators to see flags " do
Guardian . new ( moderator ) . can_see_flags? ( post ) . should be_true
end
it " allows moderators to see flags " do
Guardian . new ( admin ) . can_see_flags? ( post ) . should be_true
end
end
context 'can_move_posts?' do
it 'returns false with a nil object' do
Guardian . new ( user ) . can_move_posts? ( nil ) . should be_false
end
context 'a Topic' do
it 'returns false when not logged in' do
Guardian . new . can_move_posts? ( topic ) . should be_false
end
it 'returns false when not a moderator' do
Guardian . new ( user ) . can_move_posts? ( topic ) . should be_false
end
it 'returns true when a moderator' do
Guardian . new ( moderator ) . can_move_posts? ( topic ) . should be_true
end
it 'returns true when an admin' do
Guardian . new ( admin ) . can_move_posts? ( topic ) . should be_true
end
2013-02-25 19:42:20 +03:00
end
2013-02-05 14:16:51 -05:00
end
context 'can_delete?' do
it 'returns false with a nil object' do
Guardian . new ( user ) . can_delete? ( nil ) . should be_false
end
context 'a Topic' do
it 'returns false when not logged in' do
Guardian . new . can_delete? ( topic ) . should be_false
end
it 'returns false when not a moderator' do
Guardian . new ( user ) . can_delete? ( topic ) . should be_false
end
it 'returns true when a moderator' do
Guardian . new ( moderator ) . can_delete? ( topic ) . should be_true
end
it 'returns true when an admin' do
Guardian . new ( admin ) . can_delete? ( topic ) . should be_true
end
end
context 'a Post' do
before do
post . post_number = 2
end
it 'returns false when not logged in' do
Guardian . new . can_delete? ( post ) . should be_false
end
2013-02-07 15:12:55 -05:00
it " returns false when trying to delete your own post that has already been deleted " do
2013-05-21 16:39:51 +10:00
post = Fabricate ( :post )
2013-03-18 17:52:29 -04:00
PostDestroyer . new ( user , post ) . destroy
2013-02-07 15:12:55 -05:00
post . reload
2013-02-05 14:16:51 -05:00
Guardian . new ( user ) . can_delete? ( post ) . should be_false
end
2013-02-07 15:12:55 -05:00
it 'returns true when trying to delete your own post' do
Guardian . new ( user ) . can_delete? ( post ) . should be_true
end
it " returns false when trying to delete another user's own post " do
Guardian . new ( Fabricate ( :user ) ) . can_delete? ( post ) . should be_false
end
2013-02-05 14:16:51 -05:00
it " returns false when it's the OP, even as a moderator " do
post . update_attribute :post_number , 1
Guardian . new ( moderator ) . can_delete? ( post ) . should be_false
end
it 'returns true when a moderator' do
Guardian . new ( moderator ) . can_delete? ( post ) . should be_true
end
it 'returns true when an admin' do
Guardian . new ( admin ) . can_delete? ( post ) . should be_true
end
end
context 'a Category' do
2013-05-21 16:39:51 +10:00
let ( :category ) { build ( :category , user : moderator ) }
2013-02-05 14:16:51 -05:00
it 'returns false when not logged in' do
Guardian . new . can_delete? ( category ) . should be_false
end
it 'returns false when a regular user' do
Guardian . new ( user ) . can_delete? ( category ) . should be_false
end
it 'returns true when a moderator' do
Guardian . new ( moderator ) . can_delete? ( category ) . should be_true
end
it 'returns true when an admin' do
Guardian . new ( admin ) . can_delete? ( category ) . should be_true
end
it " can't be deleted if it has a forum topic " do
category . topic_count = 10
Guardian . new ( moderator ) . can_delete? ( category ) . should be_false
end
end
2013-05-21 16:39:51 +10:00
context 'can_ban?' do
it 'returns false when a user tries to ban another user' do
Guardian . new ( user ) . can_ban? ( coding_horror ) . should be_false
end
it 'returns true when an admin tries to ban another user' do
Guardian . new ( admin ) . can_ban? ( coding_horror ) . should be_true
end
it 'returns true when a moderator tries to ban another user' do
Guardian . new ( moderator ) . can_ban? ( coding_horror ) . should be_true
end
it 'returns false when staff tries to ban staff' do
Guardian . new ( admin ) . can_ban? ( moderator ) . should be_false
end
end
2013-02-05 14:16:51 -05:00
context 'a PostAction' do
2013-05-21 16:39:51 +10:00
let ( :post_action ) {
user . id = 1
post . id = 1
2013-05-19 23:04:53 -07:00
a = PostAction . new ( user : user , post : post , post_action_type_id : 1 )
2013-05-21 16:39:51 +10:00
a . created_at = 1 . minute . ago
a
}
2013-02-05 14:16:51 -05:00
it 'returns false when not logged in' do
Guardian . new . can_delete? ( post_action ) . should be_false
end
it 'returns false when not the user who created it' do
Guardian . new ( coding_horror ) . can_delete? ( post_action ) . should be_false
end
it " returns false if the window has expired " do
post_action . created_at = 20 . minutes . ago
SiteSetting . expects ( :post_undo_action_window_mins ) . returns ( 10 )
Guardian . new ( user ) . can_delete? ( post_action ) . should be_false
end
it " returns true if it's yours " do
Guardian . new ( user ) . can_delete? ( post_action ) . should be_true
end
end
end
context 'can_approve?' do
it " wont allow a non-logged in user to approve " do
Guardian . new . can_approve? ( user ) . should be_false
end
it " wont allow a non-admin to approve a user " do
Guardian . new ( coding_horror ) . can_approve? ( user ) . should be_false
end
it " returns false when the user is already approved " do
user . approved = true
Guardian . new ( admin ) . can_approve? ( user ) . should be_false
end
it " allows an admin to approve a user " do
Guardian . new ( admin ) . can_approve? ( user ) . should be_true
end
it " allows a moderator to approve a user " do
Guardian . new ( moderator ) . can_approve? ( user ) . should be_true
end
end
context 'can_grant_admin?' do
it " wont allow a non logged in user to grant an admin's access " do
Guardian . new . can_grant_admin? ( another_admin ) . should be_false
end
it " wont allow a regular user to revoke an admin's access " do
Guardian . new ( user ) . can_grant_admin? ( another_admin ) . should be_false
end
it 'wont allow an admin to grant their own access' do
2013-02-25 19:42:20 +03:00
Guardian . new ( admin ) . can_grant_admin? ( admin ) . should be_false
2013-02-05 14:16:51 -05:00
end
it " allows an admin to grant a regular user access " do
2013-05-21 16:39:51 +10:00
admin . id = 1
user . id = 2
2013-02-25 19:42:20 +03:00
Guardian . new ( admin ) . can_grant_admin? ( user ) . should be_true
2013-02-05 14:16:51 -05:00
end
end
context 'can_revoke_admin?' do
it " wont allow a non logged in user to revoke an admin's access " do
Guardian . new . can_revoke_admin? ( another_admin ) . should be_false
end
it " wont allow a regular user to revoke an admin's access " do
Guardian . new ( user ) . can_revoke_admin? ( another_admin ) . should be_false
end
it 'wont allow an admin to revoke their own access' do
2013-02-25 19:42:20 +03:00
Guardian . new ( admin ) . can_revoke_admin? ( admin ) . should be_false
2013-02-05 14:16:51 -05:00
end
it " allows an admin to revoke another admin's access " do
2013-05-21 16:39:51 +10:00
admin . id = 1
another_admin . id = 2
2013-02-25 19:42:20 +03:00
Guardian . new ( admin ) . can_revoke_admin? ( another_admin ) . should be_true
2013-02-05 14:16:51 -05:00
end
end
2013-02-12 22:58:08 +00:00
context 'can_grant_moderation?' do
2013-05-09 17:35:15 +10:00
2013-02-12 22:58:08 +00:00
it " wont allow a non logged in user to grant an moderator's access " do
Guardian . new . can_grant_moderation? ( user ) . should be_false
end
2013-05-19 23:04:53 -07:00
it " wont allow a regular user to revoke an moderator's access " do
2013-02-12 22:58:08 +00:00
Guardian . new ( user ) . can_grant_moderation? ( moderator ) . should be_false
end
2013-05-09 17:35:15 +10:00
it 'will allow an admin to grant their own moderator access' do
Guardian . new ( admin ) . can_grant_moderation? ( admin ) . should be_true
2013-02-12 22:58:08 +00:00
end
it 'wont allow an admin to grant it to an already moderator' do
2013-02-25 19:42:20 +03:00
Guardian . new ( admin ) . can_grant_moderation? ( moderator ) . should be_false
2013-02-12 22:58:08 +00:00
end
it " allows an admin to grant a regular user access " do
2013-02-25 19:42:20 +03:00
Guardian . new ( admin ) . can_grant_moderation? ( user ) . should be_true
2013-02-12 22:58:08 +00:00
end
end
context 'can_revoke_moderation?' do
it " wont allow a non logged in user to revoke an moderator's access " do
Guardian . new . can_revoke_moderation? ( moderator ) . should be_false
end
it " wont allow a regular user to revoke an moderator's access " do
Guardian . new ( user ) . can_revoke_moderation? ( moderator ) . should be_false
end
2013-05-09 17:35:15 +10:00
it 'wont allow a moderator to revoke their own moderator' do
2013-02-25 19:42:20 +03:00
Guardian . new ( moderator ) . can_revoke_moderation? ( moderator ) . should be_false
2013-02-12 22:58:08 +00:00
end
it " allows an admin to revoke a moderator's access " do
2013-02-25 19:42:20 +03:00
Guardian . new ( admin ) . can_revoke_moderation? ( moderator ) . should be_true
2013-02-12 22:58:08 +00:00
end
2013-05-09 17:35:15 +10:00
it " allows an admin to revoke a moderator's access from self " do
admin . moderator = true
Guardian . new ( admin ) . can_revoke_moderation? ( admin ) . should be_true
end
it " does not allow revoke from non moderators " do
Guardian . new ( admin ) . can_revoke_moderation? ( admin ) . should be_false
end
2013-02-12 22:58:08 +00:00
end
2013-02-05 14:16:51 -05:00
context " can_see_pending_invites_from? " do
it 'is false without a logged in user' do
Guardian . new ( nil ) . can_see_pending_invites_from? ( user ) . should be_false
end
it 'is false without a user to look at' do
Guardian . new ( user ) . can_see_pending_invites_from? ( nil ) . should be_false
end
it 'is true when looking at your own invites' do
Guardian . new ( user ) . can_see_pending_invites_from? ( user ) . should be_true
end
2013-04-03 12:23:28 -04:00
end
context " can_access_forum? " do
let ( :unapproved_user ) { Fabricate . build ( :user ) }
context " when must_approve_users is false " do
before do
SiteSetting . stubs ( :must_approve_users? ) . returns ( false )
end
it " returns true for a nil user " do
Guardian . new ( nil ) . can_access_forum? . should be_true
end
it " returns true for an unapproved user " do
Guardian . new ( unapproved_user ) . can_access_forum? . should be_true
end
end
context 'when must_approve_users is true' do
before do
SiteSetting . stubs ( :must_approve_users? ) . returns ( true )
end
it " returns false for a nil user " do
Guardian . new ( nil ) . can_access_forum? . should be_false
end
it " returns false for an unapproved user " do
Guardian . new ( unapproved_user ) . can_access_forum? . should be_false
end
it " returns true for an admin user " do
unapproved_user . admin = true
Guardian . new ( unapproved_user ) . can_access_forum? . should be_true
end
it " returns true for an approved user " do
unapproved_user . approved = true
Guardian . new ( unapproved_user ) . can_access_forum? . should be_true
end
end
2013-02-05 14:16:51 -05:00
end
2013-04-11 16:04:20 -04:00
context " can_delete_user? " do
it " is false without a logged in user " do
Guardian . new ( nil ) . can_delete_user? ( user ) . should be_false
end
it " is false without a user to look at " do
Guardian . new ( admin ) . can_delete_user? ( nil ) . should be_false
end
it " is false for regular users " do
Guardian . new ( user ) . can_delete_user? ( coding_horror ) . should be_false
end
it " is false for moderators " do
Guardian . new ( moderator ) . can_delete_user? ( coding_horror ) . should be_false
end
context " for admins " do
it " is false if user has posts " do
Fabricate ( :post , user : user )
Guardian . new ( admin ) . can_delete_user? ( user ) . should be_false
end
it " is true if user has no posts " do
Guardian . new ( admin ) . can_delete_user? ( user ) . should be_true
end
end
end
2013-02-05 14:16:51 -05:00
end
2013-02-25 19:42:20 +03:00
