[webui][ci] Add comment policy test for nobody

- Add test for "nobody" user. He cannot destroy any comment. - The initialize method is not needed. It is as ApplicationPolicy.
openSUSE · Oct 25, 2017 · 3e122b1 · 3e122b1
1 parent 9be339d
commit 3e122b1
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/src/api/app/policies/comment_policy.rb b/src/api/app/policies/comment_policy.rb
@@ -7,6 +7,7 @@ def initialize(user, record)
 
   def destroy?
     return false if @user.blank?
+
     # Admins can always delete all comments
     return true if @user.is_admin?
 

diff --git a/src/api/spec/policies/comment_policy_spec.rb b/src/api/spec/policies/comment_policy_spec.rb
@@ -1,14 +1,20 @@
 require "rails_helper"
 
 RSpec.describe CommentPolicy do
-  subject { CommentPolicy }
+  let(:anonymous_user) { create(:user_nobody) }
   let(:comment_author) { create(:confirmed_user, login: 'burdenski') }
   let(:admin_user) { create(:admin_user, login: 'admin') }
   let(:user) { create(:confirmed_user, login: 'tom') }
   let(:project) { create(:project, name: 'CommentableProject') }
   let(:comment) { create(:comment_project, commentable: project, user: comment_author) }
 
+  subject { CommentPolicy }
+
   permissions :destroy? do
+    it 'Not logged users cannot destroy comments' do
+      expect(subject).not_to permit(nil, comment)
+    end
+
     it 'Users can destroy their own comments' do
       expect(subject).to permit(comment_author, comment)
     end