github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 21:10:17 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
52be5b3782
discourse/spec/requests/admin/screened_emails_controller_spec.rb
Selase Krakani 52be5b3782
DEV: Extend specs coverage for non-admin access to admin endpoints (#18833) 
Replace base controller class inheritance specs with explicit specs
for non-staff and moderator access to admin resources
2022-11-03 03:42:44 +00:00

79 lines
2.1 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
RSpec.describe Admin::ScreenedEmailsController do
fab!(:admin) { Fabricate(:admin) }
fab!(:moderator) { Fabricate(:moderator) }
fab!(:user) { Fabricate(:user) }
fab!(:screened_email) { Fabricate(:screened_email) }
describe '#index' do
shared_examples "screened emails accessible" do
it "returns screened emails" do
get "/admin/logs/screened_emails.json"
expect(response.status).to eq(200)
json = response.parsed_body
expect(json.size).to eq(1)
end
end
context "when logged in as an admin" do
before { sign_in(admin) }
include_examples "screened emails accessible"
end
context "when logged in as a moderator" do
before { sign_in(moderator) }
include_examples "screened emails accessible"
end
context "when logged in as a non-staff user" do
before { sign_in(user) }
it "denies access with a 404 response" do
get "/admin/logs/screened_emails.json"
expect(response.status).to eq(404)
expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
end
end
end
describe "#destroy" do
shared_examples "screened email deletion possible" do
it "deletes screened email" do
expect do
delete "/admin/logs/screened_emails/#{screened_email.id}.json"
end.to change { ScreenedEmail.count }.by(-1)
expect(response.status).to eq(200)
end
end
context "when logged in as an admin" do
before { sign_in(admin) }
include_examples "screened email deletion possible"
end
context "when logged in as a moderator" do
before { sign_in(moderator) }
include_examples "screened email deletion possible"
end
context "when logged in as a non-staff user" do
before { sign_in(user) }
it "prevents deletion with a 404 response" do
delete "/admin/logs/screened_emails/#{screened_email.id}.json"
expect(response.status).to eq(404)
expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink