Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Member ability tests on User done.

  • Loading branch information...
commit 8f1a47f1e2e944408379b74af1fa5779bcc1e446 1 parent 04c8084
@pbm authored
Showing with 29 additions and 4 deletions.
  1. +1 −0  app/models/ability.rb
  2. +28 −4 test/unit/ability_test.rb
View
1  app/models/ability.rb
@@ -27,6 +27,7 @@ class Ability
def initialize(user)
if user
can :read, [Event,Aircraft,User]
+ can :update, User, :id => user.id
can :administer_users, User if user.admin?
can :manage, :all if user.admin?
else
View
32 test/unit/ability_test.rb
@@ -21,10 +21,34 @@ class MemberAbilityTest < ActiveSupport::TestCase
@pub_user = FactoryGirl.create(:notprivate)
end
- test "Member can read self, private and public members" do
- assert @ability.can?(:read, @member), "self"
- assert @ability.can?(:read, @priv_user), "private user"
- assert @ability.can?(:read, @pub_user), "public user"
+ test "Member allowed to read self, private and public members" do
+ assert @ability.can?(:read, @member), "read self"
+ assert @ability.can?(:read, @priv_user), "read private user"
+ assert @ability.can?(:read, @pub_user), "read public user"
+ end
+
+ test "Member not allowed to create anyone" do
+ assert ! @ability.can?(:create, User), "create User"
+ assert ! @ability.can?(:create, @priv_user), "create private user"
+ assert ! @ability.can?(:create, @prub_user), "create public user"
+ end
+
+ test "Member allowed to update self, but not others" do
+ assert @ability.can?(:update, @member), "update self"
+ assert ! @ability.can?(:update, @priv_user), "update private user"
+ assert ! @ability.can?(:update, @pub_user), "update public user"
+ end
+
+ test "Member not allowed to delete anyone" do
+ assert ! @ability.can?(:destroy, @member), "destroy self"
+ assert ! @ability.can?(:destroy, @priv_user), "destroy private user"
+ assert ! @ability.can?(:destroy, @pub_user), "destroy public user"
+ end
+
+ test "Member not allowed to update admin properties on anyone" do
+ assert ! @ability.can?(:administer_users, @member), "administer_users self"
+ assert ! @ability.can?(:administer_users, @priv_user), "administer_users private user"
+ assert ! @ability.can?(:administer_users, @pub_user), "administer_users public user"
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.