diff options
| author | Henare Degan <henare.degan@gmail.com> | 2013-03-14 14:33:17 +1100 |
|---|---|---|
| committer | Henare Degan <henare.degan@gmail.com> | 2013-03-14 14:33:17 +1100 |
| commit | 48c6f8077429dd86da27a52be20c97cc583f31a9 (patch) | |
| tree | 78d74660677a3a63659260c982dabfade692749d /spec/lib/ability_spec.rb | |
| parent | 2f6af09899e2822121d060db55fdd78b15f099db (diff) | |
| parent | d8a5de249bfeb41317d64e7efbaab71da1ede00d (diff) | |
Merge remote-tracking branch 'mysociety/develop' into rails-3-develop
Conflicts:
Gemfile
Gemfile.lock
app/controllers/admin_request_controller.rb
app/controllers/admin_track_controller.rb
app/controllers/request_controller.rb
app/controllers/services_controller.rb
app/helpers/link_to_helper.rb
app/mailers/request_mailer.rb
app/models/application_mailer.rb
app/models/info_request.rb
app/views/admin_censor_rule/edit.html.erb
app/views/admin_censor_rule/new.html.erb
app/views/admin_public_body/_form.html.erb
app/views/admin_public_body/_locale_selector.html.erb
app/views/admin_public_body/_one_list.html.erb
app/views/admin_public_body/edit.html.erb
app/views/admin_public_body/list.html.erb
app/views/admin_public_body/new.html.erb
app/views/admin_request/_incoming_message_actions.html.erb
app/views/admin_request/edit.html.erb
app/views/admin_request/edit_comment.html.erb
app/views/admin_request/edit_outgoing.html.erb
app/views/admin_request/list.html.erb
app/views/admin_request/list_old_unclassified.html.erb
app/views/admin_request/show.html.erb
app/views/admin_track/_some_tracks.html.erb
app/views/admin_track/list.html.erb
app/views/admin_user/edit.html.erb
app/views/admin_user/list.html.erb
app/views/admin_user/show.html.erb
app/views/general/_footer.html.erb
app/views/general/exception_caught.html.erb
app/views/help/contact.html.erb
app/views/layouts/default.html.erb
app/views/public_body/_alphabet.html.erb
app/views/request/_request_listing_single.html.erb
app/views/request/_sidebar.html.erb
app/views/request/new.html.erb
app/views/request/show.html.erb
app/views/request_mailer/external_response.rhtml
app/views/request_mailer/fake_response.rhtml
config/environment.rb
config/environments/production.rb
config/routes.rb
spec/controllers/admin_censor_rule_controller_spec.rb
spec/controllers/request_controller_spec.rb
spec/controllers/track_controller_spec.rb
spec/helpers/link_to_helper_spec.rb
spec/mailers/request_mailer_spec.rb
spec/models/info_request_spec.rb
spec/spec_helper.rb
spec/views/public_body/show.html.erb_spec.rb
spec/views/request/show.html.erb_spec.rb
vendor/plugins/rails_xss/lib/rails_xss/erubis.rb
Diffstat (limited to 'spec/lib/ability_spec.rb')
| -rw-r--r-- | spec/lib/ability_spec.rb | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/spec/lib/ability_spec.rb b/spec/lib/ability_spec.rb new file mode 100644 index 000000000..f075d0f32 --- /dev/null +++ b/spec/lib/ability_spec.rb @@ -0,0 +1,51 @@ +require File.expand_path(File.dirname(__FILE__) + '/../spec_helper') + +describe Ability do + describe ".can_update_request_state?" do + context "old and unclassified request" do + let(:request) { mock_model(InfoRequest, :is_old_unclassified? => true) } + + context "logged out" do + let(:user) { nil } + before(:each) { request.stub!(:is_owning_user?).and_return(false) } + it { Ability::can_update_request_state?(user, request).should be_false } + end + + context "logged in but not owner of request" do + let(:user) { mock_model(User) } + before(:each) { request.stub!(:is_owning_user?).and_return(false) } + + it { Ability::can_update_request_state?(user, request).should be_true } + end + end + + context "new request" do + let(:request) { mock_model(InfoRequest, :is_old_unclassified? => false) } + + context "logged out" do + let(:user) { nil } + before(:each) { request.stub!(:is_owning_user?).and_return(false) } + + it { Ability::can_update_request_state?(user, request).should be_false } + end + + context "logged in" do + let(:user) { mock_model(User) } + + # An owner of a request can also be someone with admin powers + context "as owner of request" do + before(:each) { request.stub!(:is_owning_user?).and_return(true) } + + it { Ability::can_update_request_state?(user, request).should be_true } + end + + context "but not owner of request" do + before(:each) { request.stub!(:is_owning_user?).and_return(false) } + + it { Ability::can_update_request_state?(user, request).should be_false } + end + end + end + end +end + |