Permalink
Browse files

Clearer rules around who can do what with users (better specs too).

  • Loading branch information...
christiannelson committed Dec 31, 2012
1 parent ec03b01 commit 9ff536d87b05423e44ee54ce931d5274b1ad14ae
@@ -5,11 +5,15 @@ def initialize(user)
user ||= User.new # guest user (not logged in)
if user.admin?
- can :manage, User
+ can :manage, :all
else
- can :manage, User, id: user.id
+ can [:read, :update], User, id: user.id
end
+ # No one can destroy themselves.
+ cannot :destroy, User, id: user.id
+
+
# Define abilities for the passed in user here. For example:
#
# user ||= User.new # guest user (not logged in)
@@ -60,7 +60,7 @@ def valid_session
end
it "assigns a newly created user as @user" do
- post :create, {user: valid_attributes }, valid_session
+ post :create, { user: valid_attributes }, valid_session
expect(assigns(:user)).to be_a(User)
expect(assigns(:user)).to be_persisted
end
@@ -2,33 +2,35 @@
require 'cancan/matchers'
describe "User" do
+ subject { ability }
+ let(:ability) { Ability.new(user) }
+ let(:other) { build(:user) { |u| u.id = 2 } }
+
context "when working with User" do
context "as a non-admin" do
let(:user) { build(:user) { |u| u.id = 1 } }
- subject { Ability.new(user) }
context "operating on themselves" do
- it { should be_able_to(:manage, user) }
+ it { should be_able_to(:read, user) }
+ it { should be_able_to(:update, user) }
+ it { should_not be_able_to(:destroy, user) }
end
context "operating on someone else" do
- let(:other) { build(:user) { |u| u.id = 2 } }
-
it { should_not be_able_to(:manage, other) }
+ it { should_not be_able_to(:create, User) }
end
end
context "as an admin" do
let(:user) { build(:admin) { |u| u.id = 1 } }
- subject { Ability.new(user) }
context "operating on themselves" do
- it { should be_able_to(:manage, user) }
+ it { should be_able_to(:manage, user) }
+ it { should_not be_able_to(:destroy, user) }
end
context "operating on someone else" do
- let(:other) { build(:user) { |u| u.id = 2 } }
-
it { should be_able_to(:manage, other) }
end
end

0 comments on commit 9ff536d

Please sign in to comment.