diff --git a/spec/controllers/ops_controller/ops_rbac_spec.rb b/spec/controllers/ops_controller/ops_rbac_spec.rb index 1b67cfb744e..c934a62116a 100644 --- a/spec/controllers/ops_controller/ops_rbac_spec.rb +++ b/spec/controllers/ops_controller/ops_rbac_spec.rb @@ -591,14 +591,14 @@ expect(controller.instance_variable_get(:@users_count)).to eq(1) end - it "displays the access object count for the current tenant" do + it "displays the access object count for the current user" do login_as @u2a session[:sandboxes] = {"ops" => {:active_tree => :rbac_tree}} allow(controller).to receive(:replace_right_cell) post :tree_select, :params => { :id => 'root', :format => :js } - expect(controller.instance_variable_get(:@groups_count)).to eq(2) + expect(controller.instance_variable_get(:@groups_count)).to eq(1) expect(controller.instance_variable_get(:@tenants_count)).to eq(1) - expect(controller.instance_variable_get(:@users_count)).to eq(5) + expect(controller.instance_variable_get(:@users_count)).to eq(2) end end diff --git a/spec/controllers/ops_controller_spec.rb b/spec/controllers/ops_controller_spec.rb index c6f64273541..ee4ba3d50e6 100644 --- a/spec/controllers/ops_controller_spec.rb +++ b/spec/controllers/ops_controller_spec.rb @@ -31,9 +31,24 @@ expect(response.status).to eq(200) end - it 'rbac group edit' do - post :x_button, :params => {:pressed => 'rbac_group_edit', :id => MiqGroup.first.id} - expect(response.status).to eq(200) + context 'with using real user' do + let(:feature) { MiqProductFeature.find_all_by_identifier(%w(rbac_group_edit)) } + let(:role) { FactoryGirl.create(:miq_user_role, :miq_product_features => feature) } + let(:group) { FactoryGirl.create(:miq_group, :miq_user_role => role) } + let(:user) { FactoryGirl.create(:user, :miq_groups => [group], :role => "super_administrator") } + + before do + EvmSpecHelper.seed_specific_product_features(%w(rbac_group_edit)) + allow(User).to receive(:current_user).and_return(user) + allow(Rbac).to receive(:role_allows?).and_call_original + login_as user + end + + it 'rbac group edit' do + allow(controller).to receive(:x_node).and_return('xx-g') + post :x_button, :params => {:pressed => 'rbac_group_edit', :id => group.id} + expect(response.status).to eq(200) + end end it 'rbac role add' do @@ -67,11 +82,18 @@ end describe 'rbac_user_edit' do - let(:group) { FactoryGirl.create(:miq_group) } + let(:group) { admin_user.miq_groups.first } before do ApplicationController.handle_exceptions = true end + let(:admin_user) { FactoryGirl.create(:user_with_group, :role => 'super_administrator') } + + before do + allow(User).to receive(:current_user).and_return(admin_user) + login_as admin_user + end + it 'can add a user w/ group' do session[:edit] = { :key => 'rbac_user_edit__new', diff --git a/spec/helpers/application_helper/views_shared_spec.rb b/spec/helpers/application_helper/views_shared_spec.rb index 83b5df3a01d..39a0c7c768c 100644 --- a/spec/helpers/application_helper/views_shared_spec.rb +++ b/spec/helpers/application_helper/views_shared_spec.rb @@ -17,7 +17,7 @@ end let!(:admin_user) { FactoryGirl.create(:user_admin) } let!(:child_user) { FactoryGirl.create(:user, :miq_groups => [child_group]) } - let!(:grand_child_user) { FactoryGirl.create(:user, :miq_groups => [grand_child_group]) } + let!(:grand_child_user) { FactoryGirl.create(:user, :miq_groups => [grand_child_group, great_grand_child_group]) } let!(:great_grand_child_user) { FactoryGirl.create(:user, :miq_groups => [great_grand_child_group]) } subject { helper.ownership_user_options } @@ -30,11 +30,10 @@ end context 'a tenant user' do - it 'lists users in that tenant' do + it 'lists users in his group' do allow(User).to receive(:server_timezone).and_return('UTC') allow(User).to receive(:current_user).and_return(grand_child_user) - - ids = [great_grand_child_tenant, grand_child_tenant].collect(&:user_ids).flatten + ids = grand_child_user.miq_groups.collect(&:user_ids).flatten.uniq expect(subject.values(&:id).map(&:to_i)).to match_array(ids) end end diff --git a/spec/presenters/tree_builder_ops_rbac_spec.rb b/spec/presenters/tree_builder_ops_rbac_spec.rb index 30dbbb931e9..5d29ff65142 100644 --- a/spec/presenters/tree_builder_ops_rbac_spec.rb +++ b/spec/presenters/tree_builder_ops_rbac_spec.rb @@ -46,7 +46,7 @@ def assert_tree_nodes(expected) describe "#x_get_tree_custom_kids" do let(:group) { FactoryGirl.create(:miq_group) } - let(:user) { FactoryGirl.create(:user, :miq_groups => [group]) } + let(:user) { FactoryGirl.create(:user, :miq_groups => [group, other_group]) } let(:other_group) { FactoryGirl.create(:miq_group) } let(:other_user) { FactoryGirl.create(:user, :miq_groups => [other_group]) } @@ -60,7 +60,7 @@ def x_get_tree_custom_kids_for_and_expect_objects(type_of_model, expected_object expect(objects).to match_array(expected_objects) end - it "is listing all users" do + it "is listing all users from current user's groups" do x_get_tree_custom_kids_for_and_expect_objects("u", [user, other_user]) end @@ -69,9 +69,10 @@ def x_get_tree_custom_kids_for_and_expect_objects(type_of_model, expected_object end context "User with self service user" do - before :each do - allow_any_instance_of(User).to receive_messages(:self_service? => true) - end + let(:self_service_role) { FactoryGirl.create(:miq_user_role, :settings => {:restrictions => {:vms => :user}}) } + let(:group) { FactoryGirl.create(:miq_group, :miq_user_role => self_service_role) } + let(:other_group) { FactoryGirl.create(:miq_group, :miq_user_role => self_service_role) } + let(:user) { FactoryGirl.create(:user, :miq_groups => [group, other_group], :role => 'user_self_service') } it "is listing only current user" do x_get_tree_custom_kids_for_and_expect_objects("u", [user])