spec/support/shared_examples/models/exportable_shared_examples.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

# frozen_string_literal: true

RSpec.shared_examples 'an exportable' do |restricted_association: :project|
  let_it_be(:user) { create(:user) }

  describe '#exportable_association?' do
    let(:association) { restricted_association }

    subject { resource.exportable_association?(association, current_user: user) }

    it { is_expected.to be_falsey }

    context 'when user can only read resource' do
      before do
        allow(Ability).to receive(:allowed?).and_call_original
        allow(Ability).to receive(:allowed?)
          .with(user, :"read_#{resource.to_ability_name}", resource)
          .and_return(true)
      end

      it { is_expected.to be_falsey }

      context "when user can read resource's association" do
        before do
          allow(resource).to receive(:readable_record?).with(anything, user).and_return(true)
        end

        it { is_expected.to be_truthy }

        context 'for an unknown association' do
          let(:association) { :foo }

          it { is_expected.to be_falsey }
        end
      end
    end
  end

  describe '#to_authorized_json' do
    let(:options) { { include: [{ notes: { only: [:id] } }] } }

    subject { resource.to_authorized_json(keys, user, options) }

    before do
      allow(Ability).to receive(:allowed?).and_call_original
      allow(Ability).to receive(:allowed?)
        .with(user, :"read_#{resource.to_ability_name}", resource)
        .and_return(true)
    end

    context 'when association not supported' do
      let(:keys) { [:foo] }

      it { is_expected.not_to include('foo') }
    end

    context 'when association is `:notes`' do
      let_it_be(:readable_note) { create(:system_note, noteable: resource, project: project, note: 'readable') }
      let_it_be(:restricted_note) { create(:system_note, noteable: resource, project: project, note: 'restricted') }

      let(:restricted_note_access) { false }
      let(:keys) { [:notes] }

      before do
        allow(Ability).to receive(:allowed?).and_call_original
        allow(Ability).to receive(:allowed?).with(user, :read_note, readable_note).and_return(true)
        allow(Ability).to receive(:allowed?).with(user, :read_note, restricted_note).and_return(restricted_note_access)
      end

      it { is_expected.to include("\"notes\":[{\"id\":#{readable_note.id}}]") }

      context 'when user have access to all notes' do
        let(:restricted_note_access) { true }

        it 'string includes all notes' do
          is_expected.to include("\"notes\":[{\"id\":#{readable_note.id}},{\"id\":#{restricted_note.id}}]")
        end
      end
    end
  end
end