test "diary permissions for a guest" do
ability = Ability.new nil
- [:list, :rss, :view, :comments].each do |action|
+ [:index, :rss, :show, :comments].each do |action|
assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
end
[:create, :edit, :comment, :subscribe, :unsubscribe, :hide, :hidecomment].each do |action|
- assert ability.cannot?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
- assert ability.cannot?(action, DiaryComment), "should be able to #{action} DiaryEntries"
+ assert ability.cannot?(action, DiaryEntry), "should not be able to #{action} DiaryEntries"
+ assert ability.cannot?(action, DiaryComment), "should not be able to #{action} DiaryEntries"
end
end
end
test "Diary permissions" do
ability = Ability.new create(:user)
- [:list, :rss, :view, :comments, :create, :edit, :comment, :subscribe, :unsubscribe].each do |action|
+ [:index, :rss, :show, :comments, :create, :edit, :comment, :subscribe, :unsubscribe].each do |action|
assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
end
[:hide, :hidecomment].each do |action|
- assert ability.cannot?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
- assert ability.cannot?(action, DiaryComment), "should be able to #{action} DiaryEntries"
+ assert ability.cannot?(action, DiaryEntry), "should not be able to #{action} DiaryEntries"
+ assert ability.cannot?(action, DiaryComment), "should not be able to #{action} DiaryEntries"
+ end
+
+ [:index, :show, :resolve, :ignore, :reopen].each do |action|
+ assert ability.cannot?(action, Issue), "should not be able to #{action} Issues"
+ end
+ end
+end
+
+class ModeratorAbilityTest < AbilityTest
+ test "Issue permissions" do
+ ability = Ability.new create(:moderator_user)
+
+ [:index, :show, :resolve, :ignore, :reopen].each do |action|
+ assert ability.can?(action, Issue), "should be able to #{action} Issues"
end
end
end
class AdministratorAbilityTest < AbilityTest
test "Diary for an administrator" do
ability = Ability.new create(:administrator_user)
- [:list, :rss, :view, :comments, :create, :edit, :comment, :subscribe, :unsubscribe, :hide, :hidecomment].each do |action|
+ [:index, :rss, :show, :comments, :create, :edit, :comment, :subscribe, :unsubscribe, :hide, :hidecomment].each do |action|
assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
end
assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComment"
end
end
-
- test "administrator does not auto-grant user preferences" do
- ability = Ability.new create(:administrator_user)
-
- [:read, :read_one, :update, :update_one, :delete_one].each do |act|
- assert ability.cannot? act, UserPreference
- end
- end
end