Move the capabilities call out of api_controller

[rails.git] / test / abilities / abilities_test.rb

diff --git a/test/abilities/abilities_test.rb b/test/abilities/abilities_test.rb
index 9444a45f5ecee1f71eaecad118ea44670f970610..b951e23e5b68b0b5fcfcb3e4f22a6dd04c0ec09b 100644 (file)
--- a/test/abilities/abilities_test.rb
+++ b/test/abilities/abilities_test.rb
@@ -38,6 +38,14 @@ class GuestAbilityTest < AbilityTest
       assert ability.cannot?(action, Note), "should not be able to #{action} Notes"
     end
   end
+
+  test "user roles permissions for a guest" do
+    ability = Ability.new nil
+
+    [:grant, :revoke].each do |action|
+      assert ability.cannot?(action, UserRole), "should not be able to #{action} UserRoles"
+    end
+  end
 end
 
 class UserAbilityTest < AbilityTest
@@ -87,6 +95,14 @@ class ModeratorAbilityTest < AbilityTest
       assert ability.can?(action, Note), "should be able to #{action} Notes"
     end
   end
+
+  test "User Roles permissions" do
+    ability = Ability.new create(:moderator_user)
+
+    [:grant, :revoke].each do |action|
+      assert ability.cannot?(action, UserRole), "should not be able to #{action} UserRoles"
+    end
+  end
 end
 
 class AdministratorAbilityTest < AbilityTest
@@ -100,4 +116,12 @@ class AdministratorAbilityTest < AbilityTest
       assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComment"
     end
   end
+
+  test "User Roles permissions for an administrator" do
+    ability = Ability.new create(:administrator_user)
+
+    [:grant, :revoke].each do |action|
+      assert ability.can?(action, UserRole), "should be able to #{action} UserRoles"
+    end
+  end
 end