discourse/spec/requests/admin/screened_emails_controller_spec.rb

# frozen_string_literal: true

RSpec.describe Admin::ScreenedEmailsController do
  fab!(:admin) { Fabricate(:admin) }
  fab!(:moderator) { Fabricate(:moderator) }
  fab!(:user) { Fabricate(:user) }
  fab!(:screened_email) { Fabricate(:screened_email) }

  describe '#index' do
    shared_examples "screened emails accessible" do
      it "returns screened emails" do
        get "/admin/logs/screened_emails.json"

        expect(response.status).to eq(200)
        json = response.parsed_body
        expect(json.size).to eq(1)
      end
    end

    context "when logged in as an admin" do
      before { sign_in(admin) }

      include_examples "screened emails accessible"
    end

    context "when logged in as a moderator" do
      before { sign_in(moderator) }

      include_examples "screened emails accessible"
    end

    context "when logged in as a non-staff user" do
      before  { sign_in(user) }

      it "denies access with a 404 response" do
        get "/admin/logs/screened_emails.json"

        expect(response.status).to eq(404)
        expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
      end
    end
  end

  describe "#destroy" do
    shared_examples "screened email deletion possible" do
      it "deletes screened email" do
        expect do
          delete "/admin/logs/screened_emails/#{screened_email.id}.json"
        end.to change { ScreenedEmail.count }.by(-1)

        expect(response.status).to eq(200)
      end
    end

    context "when logged in as an admin" do
      before { sign_in(admin) }

      include_examples "screened email deletion possible"
    end

    context "when logged in as a moderator" do
      before { sign_in(moderator) }

      include_examples "screened email deletion possible"
    end

    context "when logged in as a non-staff user" do
      before  { sign_in(user) }

      it "prevents deletion with a 404 response" do
        delete "/admin/logs/screened_emails/#{screened_email.id}.json"

        expect(response.status).to eq(404)
        expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
      end
    end
  end
end
DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction 2019-04-30 08:27:42 +08:00			`# frozen_string_literal: true`

Add RSpec 4 compatibility (#17652) * Remove outdated option https://github.com/rspec/rspec-core/commit/04078317ba6577699d06cf4dccf014254dcde7a6 * Use the non-globally exposed RSpec syntax https://github.com/rspec/rspec-core/pull/2803 * Use the non-globally exposed RSpec syntax, cont https://github.com/rspec/rspec-core/pull/2803 * Comply to strict predicate matchers See: - https://github.com/rspec/rspec-expectations/pull/1195 - https://github.com/rspec/rspec-expectations/pull/1196 - https://github.com/rspec/rspec-expectations/pull/1277 2022-07-28 10:27:38 +08:00			`RSpec.describe Admin::ScreenedEmailsController do`
DEV: Extend specs coverage for non-admin access to admin endpoints (#18833) Replace base controller class inheritance specs with explicit specs for non-staff and moderator access to admin resources 2022-11-03 11:42:44 +08:00			`fab!(:admin) { Fabricate(:admin) }`
			`fab!(:moderator) { Fabricate(:moderator) }`
			`fab!(:user) { Fabricate(:user) }`
			`fab!(:screened_email) { Fabricate(:screened_email) }`
Blocked Emails list in admin 2013-08-02 09:30:13 +08:00
REFACTOR: admin screened emails controller specs to requests (#5975) 2018-06-11 12:33:54 +08:00			`describe '#index' do`
DEV: Extend specs coverage for non-admin access to admin endpoints (#18833) Replace base controller class inheritance specs with explicit specs for non-staff and moderator access to admin resources 2022-11-03 11:42:44 +08:00			`shared_examples "screened emails accessible" do`
			`it "returns screened emails" do`
			`get "/admin/logs/screened_emails.json"`

			`expect(response.status).to eq(200)`
			`json = response.parsed_body`
			`expect(json.size).to eq(1)`
			`end`
			`end`

			`context "when logged in as an admin" do`
			`before { sign_in(admin) }`

			`include_examples "screened emails accessible"`
			`end`

			`context "when logged in as a moderator" do`
			`before { sign_in(moderator) }`

			`include_examples "screened emails accessible"`
			`end`

			`context "when logged in as a non-staff user" do`
			`before { sign_in(user) }`

			`it "denies access with a 404 response" do`
			`get "/admin/logs/screened_emails.json"`

			`expect(response.status).to eq(404)`
			`expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))`
			`end`
Blocked Emails list in admin 2013-08-02 09:30:13 +08:00			`end`
DEV: Extend specs coverage for non-admin access to admin endpoints (#18833) Replace base controller class inheritance specs with explicit specs for non-staff and moderator access to admin resources 2022-11-03 11:42:44 +08:00			`end`

			`describe "#destroy" do`
			`shared_examples "screened email deletion possible" do`
			`it "deletes screened email" do`
			`expect do`
			`delete "/admin/logs/screened_emails/#{screened_email.id}.json"`
			`end.to change { ScreenedEmail.count }.by(-1)`

			`expect(response.status).to eq(200)`
			`end`
			`end`

			`context "when logged in as an admin" do`
			`before { sign_in(admin) }`

			`include_examples "screened email deletion possible"`
			`end`

			`context "when logged in as a moderator" do`
			`before { sign_in(moderator) }`

			`include_examples "screened email deletion possible"`
			`end`

			`context "when logged in as a non-staff user" do`
			`before { sign_in(user) }`

			`it "prevents deletion with a 404 response" do`
			`delete "/admin/logs/screened_emails/#{screened_email.id}.json"`
Blocked Emails list in admin 2013-08-02 09:30:13 +08:00
DEV: Extend specs coverage for non-admin access to admin endpoints (#18833) Replace base controller class inheritance specs with explicit specs for non-staff and moderator access to admin resources 2022-11-03 11:42:44 +08:00			`expect(response.status).to eq(404)`
			`expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))`
			`end`
Blocked Emails list in admin 2013-08-02 09:30:13 +08:00			`end`
			`end`
			`end`