discourse-data-explorer/spec/guardian_spec.rb

require 'rails_helper'

describe Guardian do

  def make_query(group_ids = [])
    q = DataExplorer::Query.new
    q.id = Fabrication::Sequencer.sequence("query-id", 1)
    q.name ="Query number #{q.id}"
    q.sql = "SELECT 1"
    q.group_ids = group_ids
    q.save
    q
  end

  let(:user) { build(:user) }
  let(:admin) { build(:admin) }
  
  describe "#user_is_a_member_of_group?" do
    let(:group) { Fabricate(:group) }

    it "is true when the user is an admin" do
      expect(Guardian.new(admin).user_is_a_member_of_group?(group)).to eq(true)
    end

    it "is true when the user is not an admin, but is a member of the group" do
      group.add(user)

      expect(Guardian.new(user).user_is_a_member_of_group?(group)).to eq(true)
    end

    it "is false when the user is not an admin, and is not a member of the group" do
      expect(Guardian.new(user).user_is_a_member_of_group?(group)).to eq(false)
    end
  end

  describe "#user_can_access_query?" do
    let(:group) { Fabricate(:group) }

    it "is true if the user is an admin" do
      expect(Guardian.new(admin).user_can_access_query?(group, make_query)).to eq(true)
    end

    it "is true if the user is a member of the group, and query contains the group id" do
      query = make_query(["#{group.id}"])
      group.add(user)

      expect(Guardian.new(user).user_can_access_query?(group, query)).to eq(true)
    end

    it "is false if the query does not contain the group id" do
      group.add(user)
      
      expect(Guardian.new(user).user_can_access_query?(group, make_query)).to eq(false)
    end

    it "is false if the user is not member of the group" do
      query = make_query(["#{group.id}"])
      
      expect(Guardian.new(user).user_can_access_query?(group, query)).to eq(false)
    end
  end
end
Allow groups to access queries (#36) * [WIP] group ids saving on new reports * Add groups to default queries, and added tab connector * group_ids set to empty array for default queries * group reports route (in & and) action * [WIP] created group reports show route/controller * Find correct query in show route * Removed empty array for group_ids in query file * Add report show view, where users can run queries * Removed unneeded commas from queries.rb * Allow non-admin group members to access reports * query-result component dynamic download url based on location * Removed accidental changes, and corrected tab size * Group members can add params to queries * Specs for new QueryController actions * remove "Inlude query plan" from group reports * Run prettier * return and return -> return render Co-Authored-By: Robin Ward <robin.ward@gmail.com> * [WIP] changes from review * Remove weird [-1] group_ids logic, for a simply check for [] in query update action * Added integration tests for group report access * Using guardian for securing endpoints, and much improved specs * Update assets/javascripts/discourse/components/group-reports-nav-item.js.es6 Co-Authored-By: Robin Ward <robin.ward@gmail.com> 2019-09-11 09:09:41 -05:00			`require 'rails_helper'`

			`describe Guardian do`

			`def make_query(group_ids = [])`
			`q = DataExplorer::Query.new`
			`q.id = Fabrication::Sequencer.sequence("query-id", 1)`
			`q.name ="Query number #{q.id}"`
			`q.sql = "SELECT 1"`
			`q.group_ids = group_ids`
			`q.save`
			`q`
			`end`

			`let(:user) { build(:user) }`
			`let(:admin) { build(:admin) }`

			`describe "#user_is_a_member_of_group?" do`
			`let(:group) { Fabricate(:group) }`

			`it "is true when the user is an admin" do`
			`expect(Guardian.new(admin).user_is_a_member_of_group?(group)).to eq(true)`
			`end`

			`it "is true when the user is not an admin, but is a member of the group" do`
			`group.add(user)`

			`expect(Guardian.new(user).user_is_a_member_of_group?(group)).to eq(true)`
			`end`

			`it "is false when the user is not an admin, and is not a member of the group" do`
			`expect(Guardian.new(user).user_is_a_member_of_group?(group)).to eq(false)`
			`end`
			`end`

			`describe "#user_can_access_query?" do`
			`let(:group) { Fabricate(:group) }`

			`it "is true if the user is an admin" do`
			`expect(Guardian.new(admin).user_can_access_query?(group, make_query)).to eq(true)`
			`end`

			`it "is true if the user is a member of the group, and query contains the group id" do`
			`query = make_query(["#{group.id}"])`
			`group.add(user)`

			`expect(Guardian.new(user).user_can_access_query?(group, query)).to eq(true)`
			`end`

			`it "is false if the query does not contain the group id" do`
			`group.add(user)`

			`expect(Guardian.new(user).user_can_access_query?(group, make_query)).to eq(false)`
			`end`

			`it "is false if the user is not member of the group" do`
			`query = make_query(["#{group.id}"])`

			`expect(Guardian.new(user).user_can_access_query?(group, query)).to eq(false)`
			`end`
			`end`
			`end`