Improve app/policies coverage (#32426)

This commit is contained in:
Matt Jankowski 2024-10-15 10:24:12 -04:00 committed by Claire
parent 6d72c13a4d
commit 9258ee8847
35 changed files with 264 additions and 55 deletions

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe AccountModerationNotePolicy do RSpec.describe AccountModerationNotePolicy do
subject { described_class } subject { described_class }
@ -12,13 +11,13 @@ RSpec.describe AccountModerationNotePolicy do
permissions :create? do permissions :create? do
context 'when staff' do context 'when staff' do
it 'grants to create' do it 'grants to create' do
expect(subject).to permit(admin, described_class) expect(subject).to permit(admin, AccountModerationNote)
end end
end end
context 'when not staff' do context 'when not staff' do
it 'denies to create' do it 'denies to create' do
expect(subject).to_not permit(john, described_class) expect(subject).to_not permit(john, AccountModerationNote)
end end
end end
end end

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe AccountPolicy do RSpec.describe AccountPolicy do
subject { described_class } subject { described_class }
@ -24,7 +23,7 @@ RSpec.describe AccountPolicy do
end end
end end
permissions :show?, :unsilence?, :unsensitive?, :remove_avatar?, :remove_header? do permissions :show?, :unsilence?, :unsensitive?, :remove_avatar?, :remove_header?, :sensitive?, :warn? do
context 'when staff' do context 'when staff' do
it 'permits' do it 'permits' do
expect(subject).to permit(admin, alice) expect(subject).to permit(admin, alice)

View File

@ -0,0 +1,42 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe AccountWarningPolicy do
subject { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:account) { Fabricate(:account) }
permissions :show? do
context 'with an admin' do
it { is_expected.to permit(admin, AccountWarning.new) }
end
context 'with a non-admin' do
context 'when account is not target' do
it { is_expected.to_not permit(account, AccountWarning.new) }
end
context 'when account is target' do
it { is_expected.to permit(account, AccountWarning.new(target_account_id: account.id)) }
end
end
end
permissions :appeal? do
context 'when account is not target' do
it { is_expected.to_not permit(account, AccountWarning.new) }
end
context 'when account is target' do
context 'when record is appealable' do
it { is_expected.to permit(account, AccountWarning.new(target_account_id: account.id, created_at: Appeal::MAX_STRIKE_AGE.ago + 1.hour)) }
end
context 'when record is not appealable' do
it { is_expected.to_not permit(account, AccountWarning.new(target_account_id: account.id, created_at: Appeal::MAX_STRIKE_AGE.ago - 1.hour)) }
end
end
end
end

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe AccountWarningPresetPolicy do RSpec.describe AccountWarningPresetPolicy do
let(:policy) { described_class } let(:policy) { described_class }
@ -11,13 +10,13 @@ RSpec.describe AccountWarningPresetPolicy do
permissions :index?, :create?, :update?, :destroy? do permissions :index?, :create?, :update?, :destroy? do
context 'with an admin' do context 'with an admin' do
it 'permits' do it 'permits' do
expect(policy).to permit(admin, Tag) expect(policy).to permit(admin, AccountWarningPreset)
end end
end end
context 'with a non-admin' do context 'with a non-admin' do
it 'denies' do it 'denies' do
expect(policy).to_not permit(john, Tag) expect(policy).to_not permit(john, AccountWarningPreset)
end end
end end
end end

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe Admin::StatusPolicy do RSpec.describe Admin::StatusPolicy do
let(:policy) { described_class } let(:policy) { described_class }
@ -13,13 +12,13 @@ RSpec.describe Admin::StatusPolicy do
permissions :index?, :update?, :review?, :destroy? do permissions :index?, :update?, :review?, :destroy? do
context 'with an admin' do context 'with an admin' do
it 'permits' do it 'permits' do
expect(policy).to permit(admin, Tag) expect(policy).to permit(admin, Status)
end end
end end
context 'with a non-admin' do context 'with a non-admin' do
it 'denies' do it 'denies' do
expect(policy).to_not permit(john, Tag) expect(policy).to_not permit(john, Status)
end end
end end
end end

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe AnnouncementPolicy do RSpec.describe AnnouncementPolicy do
let(:policy) { described_class } let(:policy) { described_class }
@ -11,13 +10,13 @@ RSpec.describe AnnouncementPolicy do
permissions :index?, :create?, :update?, :destroy? do permissions :index?, :create?, :update?, :destroy? do
context 'with an admin' do context 'with an admin' do
it 'permits' do it 'permits' do
expect(policy).to permit(admin, Tag) expect(policy).to permit(admin, Announcement)
end end
end end
context 'with a non-admin' do context 'with a non-admin' do
it 'denies' do it 'denies' do
expect(policy).to_not permit(john, Tag) expect(policy).to_not permit(john, Announcement)
end end
end end
end end

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe AppealPolicy do RSpec.describe AppealPolicy do
let(:policy) { described_class } let(:policy) { described_class }
@ -12,18 +11,18 @@ RSpec.describe AppealPolicy do
permissions :index? do permissions :index? do
context 'with an admin' do context 'with an admin' do
it 'permits' do it 'permits' do
expect(policy).to permit(admin, Tag) expect(policy).to permit(admin, Appeal)
end end
end end
context 'with a non-admin' do context 'with a non-admin' do
it 'denies' do it 'denies' do
expect(policy).to_not permit(john, Tag) expect(policy).to_not permit(john, Appeal)
end end
end end
end end
permissions :reject? do permissions :reject?, :approve? do
context 'with an admin' do context 'with an admin' do
context 'with a pending appeal' do context 'with a pending appeal' do
before { allow(appeal).to receive(:pending?).and_return(true) } before { allow(appeal).to receive(:pending?).and_return(true) }

View File

@ -0,0 +1,20 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe AuditLogPolicy do
subject { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:account) { Fabricate(:account) }
permissions :index? do
context 'with an admin' do
it { is_expected.to permit(admin, nil) }
end
context 'with a non-admin' do
it { is_expected.to_not permit(account, nil) }
end
end
end

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe BackupPolicy do RSpec.describe BackupPolicy do
subject { described_class } subject { described_class }

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe CanonicalEmailBlockPolicy do RSpec.describe CanonicalEmailBlockPolicy do
let(:policy) { described_class } let(:policy) { described_class }
@ -11,13 +10,13 @@ RSpec.describe CanonicalEmailBlockPolicy do
permissions :index?, :show?, :test?, :create?, :destroy? do permissions :index?, :show?, :test?, :create?, :destroy? do
context 'with an admin' do context 'with an admin' do
it 'permits' do it 'permits' do
expect(policy).to permit(admin, Tag) expect(policy).to permit(admin, CanonicalEmailBlock)
end end
end end
context 'with a non-admin' do context 'with a non-admin' do
it 'denies' do it 'denies' do
expect(policy).to_not permit(john, Tag) expect(policy).to_not permit(john, CanonicalEmailBlock)
end end
end end
end end

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe CustomEmojiPolicy do RSpec.describe CustomEmojiPolicy do
subject { described_class } subject { described_class }

View File

@ -0,0 +1,20 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe DashboardPolicy do
subject { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:account) { Fabricate(:account) }
permissions :index? do
context 'with an admin' do
it { is_expected.to permit(admin, nil) }
end
context 'with a non-admin' do
it { is_expected.to_not permit(account, nil) }
end
end
end

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe DeliveryPolicy do RSpec.describe DeliveryPolicy do
let(:policy) { described_class } let(:policy) { described_class }
@ -11,13 +10,13 @@ RSpec.describe DeliveryPolicy do
permissions :clear_delivery_errors?, :restart_delivery?, :stop_delivery? do permissions :clear_delivery_errors?, :restart_delivery?, :stop_delivery? do
context 'with an admin' do context 'with an admin' do
it 'permits' do it 'permits' do
expect(policy).to permit(admin, Tag) expect(policy).to permit(admin, nil)
end end
end end
context 'with a non-admin' do context 'with a non-admin' do
it 'denies' do it 'denies' do
expect(policy).to_not permit(john, Tag) expect(policy).to_not permit(john, nil)
end end
end end
end end

View File

@ -0,0 +1,24 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe DomainAllowPolicy do
subject { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) }
permissions :index?, :show?, :create?, :destroy? do
context 'when admin' do
it 'permits' do
expect(subject).to permit(admin, DomainAllow)
end
end
context 'when not admin' do
it 'denies' do
expect(subject).to_not permit(john, DomainAllow)
end
end
end
end

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe DomainBlockPolicy do RSpec.describe DomainBlockPolicy do
subject { described_class } subject { described_class }
@ -9,7 +8,7 @@ RSpec.describe DomainBlockPolicy do
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) } let(:john) { Fabricate(:account) }
permissions :index?, :show?, :create?, :destroy? do permissions :index?, :show?, :create?, :destroy?, :update? do
context 'when admin' do context 'when admin' do
it 'permits' do it 'permits' do
expect(subject).to permit(admin, DomainBlock) expect(subject).to permit(admin, DomainBlock)

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe EmailDomainBlockPolicy do RSpec.describe EmailDomainBlockPolicy do
subject { described_class } subject { described_class }

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe FollowRecommendationPolicy do RSpec.describe FollowRecommendationPolicy do
let(:policy) { described_class } let(:policy) { described_class }
@ -11,13 +10,13 @@ RSpec.describe FollowRecommendationPolicy do
permissions :show?, :suppress?, :unsuppress? do permissions :show?, :suppress?, :unsuppress? do
context 'with an admin' do context 'with an admin' do
it 'permits' do it 'permits' do
expect(policy).to permit(admin, Tag) expect(policy).to permit(admin, FollowRecommendation)
end end
end end
context 'with a non-admin' do context 'with a non-admin' do
it 'denies' do it 'denies' do
expect(policy).to_not permit(john, Tag) expect(policy).to_not permit(john, FollowRecommendation)
end end
end end
end end

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe InstancePolicy do RSpec.describe InstancePolicy do
subject { described_class } subject { described_class }

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe InvitePolicy do RSpec.describe InvitePolicy do
subject { described_class } subject { described_class }

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe IpBlockPolicy do RSpec.describe IpBlockPolicy do
let(:policy) { described_class } let(:policy) { described_class }
@ -11,13 +10,13 @@ RSpec.describe IpBlockPolicy do
permissions :index?, :show?, :create?, :update?, :destroy? do permissions :index?, :show?, :create?, :update?, :destroy? do
context 'with an admin' do context 'with an admin' do
it 'permits' do it 'permits' do
expect(policy).to permit(admin, Tag) expect(policy).to permit(admin, IpBlock)
end end
end end
context 'with a non-admin' do context 'with a non-admin' do
it 'denies' do it 'denies' do
expect(policy).to_not permit(john, Tag) expect(policy).to_not permit(john, IpBlock)
end end
end end
end end

View File

@ -0,0 +1,36 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe PollPolicy do
subject { described_class }
let(:account) { Fabricate(:account) }
let(:poll) { Fabricate :poll }
permissions :vote? do
context 'when account cannot view status' do
before { poll.status.update(visibility: :private) }
it { is_expected.to_not permit(account, poll) }
end
context 'when account can view status' do
context 'when accounts do not block each other' do
it { is_expected.to permit(account, poll) }
end
context 'when view blocks poll creator' do
before { Fabricate :block, account: account, target_account: poll.account }
it { is_expected.to_not permit(account, poll) }
end
context 'when poll creator blocks viewer' do
before { Fabricate :block, account: poll.account, target_account: account }
it { is_expected.to_not permit(account, poll) }
end
end
end
end

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe PreviewCardPolicy do RSpec.describe PreviewCardPolicy do
let(:policy) { described_class } let(:policy) { described_class }
@ -11,13 +10,13 @@ RSpec.describe PreviewCardPolicy do
permissions :index?, :review? do permissions :index?, :review? do
context 'with an admin' do context 'with an admin' do
it 'permits' do it 'permits' do
expect(policy).to permit(admin, Tag) expect(policy).to permit(admin, PreviewCard)
end end
end end
context 'with a non-admin' do context 'with a non-admin' do
it 'denies' do it 'denies' do
expect(policy).to_not permit(john, Tag) expect(policy).to_not permit(john, PreviewCard)
end end
end end
end end

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe PreviewCardProviderPolicy do RSpec.describe PreviewCardProviderPolicy do
let(:policy) { described_class } let(:policy) { described_class }
@ -11,13 +10,13 @@ RSpec.describe PreviewCardProviderPolicy do
permissions :index?, :review? do permissions :index?, :review? do
context 'with an admin' do context 'with an admin' do
it 'permits' do it 'permits' do
expect(policy).to permit(admin, Tag) expect(policy).to permit(admin, PreviewCardProvider)
end end
end end
context 'with a non-admin' do context 'with a non-admin' do
it 'denies' do it 'denies' do
expect(policy).to_not permit(john, Tag) expect(policy).to_not permit(john, PreviewCardProvider)
end end
end end
end end

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe RelayPolicy do RSpec.describe RelayPolicy do
subject { described_class } subject { described_class }

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe ReportNotePolicy do RSpec.describe ReportNotePolicy do
subject { described_class } subject { described_class }

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe ReportPolicy do RSpec.describe ReportPolicy do
subject { described_class } subject { described_class }

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe RulePolicy do RSpec.describe RulePolicy do
let(:policy) { described_class } let(:policy) { described_class }
@ -11,13 +10,13 @@ RSpec.describe RulePolicy do
permissions :index?, :create?, :update?, :destroy? do permissions :index?, :create?, :update?, :destroy? do
context 'with an admin' do context 'with an admin' do
it 'permits' do it 'permits' do
expect(policy).to permit(admin, Tag) expect(policy).to permit(admin, Rule)
end end
end end
context 'with a non-admin' do context 'with a non-admin' do
it 'denies' do it 'denies' do
expect(policy).to_not permit(john, Tag) expect(policy).to_not permit(john, Rule)
end end
end end
end end

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe SettingsPolicy do RSpec.describe SettingsPolicy do
subject { described_class } subject { described_class }

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe SoftwareUpdatePolicy do RSpec.describe SoftwareUpdatePolicy do
subject { described_class } subject { described_class }

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe StatusPolicy, type: :model do RSpec.describe StatusPolicy, type: :model do
subject { described_class } subject { described_class }

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe TagPolicy do RSpec.describe TagPolicy do
subject { described_class } subject { described_class }

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe UserPolicy do RSpec.describe UserPolicy do
subject { described_class } subject { described_class }
@ -112,4 +111,42 @@ RSpec.describe UserPolicy do
end end
end end
end end
permissions :approve?, :reject? do
context 'when admin' do
context 'when user is approved' do
it { is_expected.to_not permit(admin, User.new(approved: true)) }
end
context 'when user is not approved' do
it { is_expected.to permit(admin, User.new(approved: false)) }
end
end
context 'when not admin' do
it { is_expected.to_not permit(john, User.new) }
end
end
permissions :change_role? do
context 'when not admin' do
it { is_expected.to_not permit(john, User.new) }
end
context 'when admin' do
let(:user) { User.new(role: role) }
context 'when role of admin overrides user role' do
let(:role) { UserRole.new(position: admin.user.role.position - 10, id: 123) }
it { is_expected.to permit(admin, user) }
end
context 'when role of admin does not override user role' do
let(:role) { UserRole.new(position: admin.user.role.position + 10, id: 123) }
it { is_expected.to_not permit(admin, user) }
end
end
end
end end

View File

@ -0,0 +1,56 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe UserRolePolicy do
subject { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:account) { Fabricate(:account) }
permissions :index?, :create? do
context 'when admin' do
it { is_expected.to permit(admin, UserRole.new) }
end
context 'when not admin' do
it { is_expected.to_not permit(account, UserRole.new) }
end
end
permissions :update? do
context 'when admin' do
context 'when role of admin overrides relevant role' do
it { is_expected.to permit(admin, UserRole.new(position: admin.user.role.position - 10, id: 123)) }
end
context 'when role of admin does not override relevant role' do
it { is_expected.to_not permit(admin, UserRole.new(position: admin.user.role.position + 10, id: 123)) }
end
end
context 'when not admin' do
it { is_expected.to_not permit(account, UserRole.new) }
end
end
permissions :destroy? do
context 'when admin' do
context 'when role of admin overrides relevant role' do
it { is_expected.to permit(admin, UserRole.new(position: admin.user.role.position - 10)) }
end
context 'when role of admin does not override relevant role' do
it { is_expected.to_not permit(admin, UserRole.new(position: admin.user.role.position + 10)) }
end
context 'when everyone role' do
it { is_expected.to_not permit(admin, UserRole.everyone) }
end
end
context 'when not admin' do
it { is_expected.to_not permit(account, UserRole.new) }
end
end
end

View File

@ -1,7 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'rails_helper' require 'rails_helper'
require 'pundit/rspec'
RSpec.describe WebhookPolicy do RSpec.describe WebhookPolicy do
let(:policy) { described_class } let(:policy) { described_class }

View File

@ -43,6 +43,7 @@ require 'paperclip/matchers'
require 'capybara/rspec' require 'capybara/rspec'
require 'chewy/rspec' require 'chewy/rspec'
require 'email_spec/rspec' require 'email_spec/rspec'
require 'pundit/rspec'
require 'test_prof/recipes/rspec/before_all' require 'test_prof/recipes/rspec/before_all'
Rails.root.glob('spec/support/**/*.rb').each { |f| require f } Rails.root.glob('spec/support/**/*.rb').each { |f| require f }