Testing the abilities a User has working with Users, Content, Screens.

Also testing half of submissions. New directory structure in play.
concerto · Apr 17, 2012 · f715a54 · f715a54
1 parent e9370b8
commit f715a54
Show file tree

Hide file tree

Showing 11 changed files with 213 additions and 104 deletions.
diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -82,7 +82,7 @@ def user_abilities(user)
     end
     # Users can read group screens
     can :read, Screen do |screen|
-      screen.owner.is_a?(Group) && screen.owner.include?(user)
+      screen.owner.is_a?(Group) && screen.owner.users.include?(user)
     end
     # Group leaders can create / delete their group screens
     can [:update, :delete], Screen do |screen|

diff --git a/test/fixtures/screens.yml b/test/fixtures/screens.yml
@@ -15,3 +15,10 @@ two:
   is_public: true
   owner: wtg (Group)
   template: one
+
+rpitv:
+  name: RPI TV Screen
+  location: Sharp Hall
+  is_public: false
+  owner: rpitv (Group)
+  template: one
diff --git a/test/unit/abilities/screen/user_test.rb b/test/unit/abilities/screen/user_test.rb
@@ -0,0 +1,21 @@
+require 'test_helper'
+
+class ScreenUserAbilityTest < ActiveSupport::TestCase
+
+  def setup
+    @admin = users(:admin)
+    @katie = users(:katie)
+    @kristen = users(:kristen)
+  end
+
+  test "screens can read users" do
+    s = screens(:one)
+    ability = Ability.new(s)
+    assert ability.can?(:read, users(:kristen))
+  end
+
+  test "new screens cannot read users" do
+    ability = Ability.new(Screen.new)
+    assert ability.cannot?(:read, users(:kristen))
+  end
+end
diff --git a/test/unit/abilities/user/content_test.rb b/test/unit/abilities/user/content_test.rb
@@ -0,0 +1,31 @@
+require 'test_helper'
+
+class UserContentAbilityTest < ActiveSupport::TestCase
+  test "Content can only be created by real users" do
+    ability = Ability.new(users(:katie))
+    assert ability.can?(:create, Content)
+  end
+
+  test "Content cannot be created by unsaved users" do
+    ability = Ability.new(User.new)
+    assert ability.cannot?(:create, Content)
+  end
+
+  test "Content can only be updated by the submitter" do
+    ability = Ability.new(users(:katie))
+    content = contents(:sample_ticker)
+    assert ability.can?(:update, content)
+
+    ability = Ability.new(users(:kristen))
+    assert ability.cannot?(:update, content)
+  end
+
+  test "Content can only be deleted by the submitter" do
+    ability = Ability.new(users(:katie))
+    content = contents(:sample_ticker)
+    assert ability.can?(:delete, content)
+
+    ability = Ability.new(users(:kristen))
+    assert ability.cannot?(:delete, content)
+  end
+end
diff --git a/test/unit/abilities/user/screen_test.rb b/test/unit/abilities/user/screen_test.rb
@@ -0,0 +1,73 @@
+require 'test_helper'
+
+class UserScreenAbilityTest < ActiveSupport::TestCase
+  def setup
+    @sgs = screens(:two)
+    @kt = screens(:one)
+    @rpitv = screens(:rpitv)
+  end
+
+  test "Screens can only be created by real users" do
+    ability = Ability.new(users(:katie))
+    assert ability.can?(:create, Screen)
+  end
+
+  test "Screens cannot be created by unsaved users" do
+    ability = Ability.new(User.new)
+    assert ability.cannot?(:create, Screen)
+  end
+
+  test "Anyone can read public screens" do
+    ability = Ability.new(User.new)
+    assert ability.can?(:read, @sgs)
+  end
+
+  test "Unauthenticated users cannot read private screens" do
+    ability = Ability.new(User.new)
+    assert ability.cannot?(:read, @kt)
+    assert ability.cannot?(:read, @rpitv)
+  end
+
+  test "Non members cannot read private screens" do
+    ability = Ability.new(users(:kristen))
+    assert ability.cannot?(:read, @kt)
+    assert ability.cannot?(:read, @rpitv)
+  end
+
+  test "Owning user can read private screen" do
+    ability = Ability.new(users(:katie))
+    assert ability.can?(:read, @kt)
+  end
+
+  test "Member of owning group can read private screen" do
+    ability = Ability.new(users(:katie))
+    assert ability.can?(:read, @rpitv)
+  end
+
+  test "Owning user can update and delete screen" do
+    ability = Ability.new(users(:katie))
+    assert ability.can?(:update, @kt)
+    assert ability.can?(:delete, @kt)
+
+    ability = Ability.new(users(:kristen))
+    assert ability.cannot?(:update, @kt)
+    assert ability.cannot?(:delete, @kt)
+  end
+
+  test "Leaders of a group can update and delete screen" do
+    ability = Ability.new(users(:katie))
+    assert ability.can?(:update, @sgs)
+    assert ability.can?(:delete, @sgs)
+
+    ability = Ability.new(users(:kristen))
+    assert ability.cannot?(:update, @sgs)
+    assert ability.cannot?(:delete, @sgs)
+  end
+
+  test "Regular group  members cannot update or delete a screen" do
+    ability = Ability.new(users(:katie))
+    assert ability.cannot?(:update, @rpitv)
+    assert ability.cannot?(:delete, @rpitv)
+  end
+end
+
diff --git a/test/unit/abilities/user/submission_test.rb b/test/unit/abilities/user/submission_test.rb
@@ -0,0 +1,36 @@
+require 'test_helper'
+
+class UserSubmissionAbilityTest < ActiveSupport::TestCase
+  def setup
+    @katie = users(:katie)
+    @kristen = users(:kristen)
+    @wtg = feeds(:service)
+    @rpitv = feeds(:secret_announcements)
+    @submission = Submission.new
+  end
+
+  test "Submissions cannot be created by unsaved users" do
+    ability = Ability.new(User.new)
+    @submission.feed = @wtg
+    assert ability.cannot?(:create, @submission)
+  end
+
+  test "Submissions can be created to public feeds" do
+    ability = Ability.new(@kristen)
+    @submission.feed = @wtg
+    assert ability.can?(:create, @submission)
+  end
+
+  test "Submissions can be created on private feeds by members" do
+    ability = Ability.new(@katie)
+    @submission.feed = @rpitv
+    assert ability.can?(:create, @submission)
+  end
+
+  test "Submissions cannot be created to private feeds by non members" do
+    ability = Ability.new(@kristen)
+    @submission.feed = @rpitv
+    assert ability.cannot?(:create, @submission)
+  end
+end
+
diff --git a/test/unit/abilities/user/user_test.rb b/test/unit/abilities/user/user_test.rb
@@ -0,0 +1,44 @@
+require 'test_helper'
+
+class UserUserAbilityTest < ActiveSupport::TestCase
+
+  def setup
+    @admin = users(:admin)
+    @katie = users(:katie)
+    @kristen = users(:kristen)
+  end
+
+  test "admin users can do anything to users" do
+    ability = Ability.new(@admin)
+    assert ability.can?(:create, User)
+    assert ability.can?(:read, @kristen)
+    assert ability.can?(:update, @kristen)
+    assert ability.can?(:destroy, User.new)
+  end
+
+  test "regular users can only update themselves" do
+    user = @kristen
+    ability = Ability.new(user)
+    assert ability.can?(:read, @kristen)
+    assert ability.can?(:update, @kristen)
+
+    # Don't let users delete themselves ATM.
+    # We need to think about the reprecussions of this
+    assert ability.cannot?(:destroy, @kristen)
+
+    assert ability.cannot?(:create, User)
+    assert ability.cannot?(:update, @katie)
+    assert ability.cannot?(:destroy, @katie)
+
+    # Actually, let users see each other
+    assert ability.can?(:read, @katie)
+  end
+
+  test "new users can only sign up" do
+    ability = Ability.new(User.new)
+    assert ability.can?(:create, User)
+    assert ability.cannot?(:read, @katie)
+    assert ability.cannot?(:update, @katie)
+    assert ability.cannot?(:destroy, @katie)
+  end
+end
diff --git a/test/unit/content_test.rb b/test/unit/content_test.rb
@@ -75,15 +75,4 @@ class ContentTest < ActiveSupport::TestCase
     assert_equal c.end_time.strftime('%Y-%m-%d %H:%M:%S'), "2011-01-01 00:00:00"
   end
 
-  # Authorization tests
-  test "real users can create content" do
-    ability = Ability.new(users(:katie))
-    assert ability.can?(:create, Content)
-  end
-
-  test "empty users cannot create content" do
-    ability = Ability.new(User.new)
-    assert ability.cannot?(:create, Content)
-  end
-
 end
diff --git a/test/unit/screen_test.rb b/test/unit/screen_test.rb
@@ -58,15 +58,4 @@ class ScreenTest < ActiveSupport::TestCase
     s = screens(:one)
     assert !s.fields.empty?
   end
-
-  # Authorization tests
-  test "real users can create screens" do
-    ability = Ability.new(users(:katie))
-    assert ability.can?(:create, Screen)
-  end
-
-  test "empty users cannot create screens" do
-    ability = Ability.new(User.new)
-    assert ability.cannot?(:create, Screen)
-  end
 end
diff --git a/test/unit/submission_test.rb b/test/unit/submission_test.rb
@@ -133,34 +133,4 @@ def setup
     s.moderator = nil
     assert s.invalid?
   end
-
-  # Users submitting to feeds
-  test "user can submit to submittable feeds" do
-    ability = Ability.new(users(:kristen))
-    assert ability.can?(:create, @public_submission)
-    assert ability.cannot?(:create, @hidden_submission)
-  end
-
-  test "new users can't submit to any feeds" do
-    ability = Ability.new(User.new)
-    assert ability.cannot?(:create, @public_submission)
-    assert ability.cannot?(:create, @hidden_submission)
-  end
-
-  test "user can submit hidden feed due to group" do
-    ability = Ability.new(users(:katie))
-    assert ability.can?(:create, @hidden_submission)
-  end
-
-  # Screens submitting (which they shouldn't do
-  test "screens cant submit anywhere" do
-    ability = Ability.new(screens(:one))
-    assert ability.cannot?(:create, @public_submission)
-    assert ability.cannot?(:create, @hidden_submission)
-
-    ability = Ability.new(Screen.new)
-    assert ability.cannot?(:create, @public_submission)
-    assert ability.cannot?(:create, @hidden_submission)
-  end
-
 end
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
@@ -1,55 +1,4 @@
 require 'test_helper'
 
 class UserTest < ActiveSupport::TestCase
-
-  def setup
-    @admin = users(:admin)
-    @katie = users(:katie)
-    @kristen = users(:kristen)
-  end
-
-  test "admin users can do anything to users" do
-    ability = Ability.new(@admin)
-    assert ability.can?(:create, User)
-    assert ability.can?(:read, @kristen)
-    assert ability.can?(:update, @kristen)
-    assert ability.can?(:destroy, User.new)
-  end
-
-  test "regular users can only touch themselves" do
-    user = @kristen
-    ability = Ability.new(user)
-    assert ability.can?(:read, @kristen)
-    assert ability.can?(:update, @kristen)
-
-    # Don't let users delete themselves ATM.
-    # We need to think about the reprecussions of this
-    assert ability.cannot?(:destroy, @kristen)
-
-    assert ability.cannot?(:create, User)
-    assert ability.cannot?(:update, @katie)
-    assert ability.cannot?(:destroy, @katie)
-
-    # Actually, let users see each other
-    assert ability.can?(:read, @katie)
-  end
-
-  test "new users can only sign up" do
-    ability = Ability.new(User.new)
-    assert ability.can?(:create, User)
-    assert ability.cannot?(:read, @katie)
-    assert ability.cannot?(:update, @katie)
-    assert ability.cannot?(:destroy, @katie)
-  end
-
-  test "screens can read users" do
-    s = screens(:one)
-    ability = Ability.new(s)
-    assert ability.can?(:read, users(:kristen))
-  end
-
-  test "new screens cannot read users" do
-    ability = Ability.new(Screen.new)
-    assert ability.cannot?(:read, users(:kristen))
-  end
 end