Add specs

hitobito · Jan 7, 2025 · bcb61c9 · bcb61c9
1 parent dde3c6d
commit bcb61c9
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 0 deletions.
diff --git a/spec/abilities/sac_cas/various_ability_spec.rb b/spec/abilities/sac_cas/various_ability_spec.rb
@@ -12,6 +12,14 @@
 
   let(:ability) { Ability.new(role.person.reload) }
 
+  context "as mitglied" do
+    let(:role) { Fabricate(Group::SektionsMitglieder::Mitglied.name.to_sym, group: groups(:bluemlisalp_mitglieder)) }
+
+    it "may not index ChangelogEntry" do
+      is_expected.not_to be_able_to(:index, ChangelogEntry)
+    end
+  end
+
   context "as andere" do
     let(:role) { Fabricate(Group::Geschaeftsstelle::Andere.name.to_sym, group: groups(:geschaeftsstelle)) }
 
@@ -28,6 +36,10 @@
       is_expected.to be_able_to(:index, HitobitoLogEntry)
       is_expected.to be_able_to(:show, hitobito_log_entries(:info_mail))
     end
+
+    it "may index ChangelogEntry" do
+      is_expected.to be_able_to(:index, ChangelogEntry)
+    end
   end
 
   context "as mitarbeiter lesend geschäftsstelle" do
@@ -37,5 +49,9 @@
       is_expected.to be_able_to(:index, HitobitoLogEntry)
       is_expected.to be_able_to(:show, hitobito_log_entries(:info_mail))
     end
+
+    it "may index ChangelogEntry" do
+      is_expected.to be_able_to(:index, ChangelogEntry)
+    end
   end
 end
diff --git a/spec/controllers/changelog_controller_spec.rb b/spec/controllers/changelog_controller_spec.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+#  Copyright (c) 2024, Schweizer Alpen-Club. This file is part of
+#  hitobito_sac_cas and licensed under the Affero General Public License version 3
+#  or later. See the COPYING file at the top-level directory or at
+#  https://github.com/hitobito/hitobito
+
+require "spec_helper"
+
+describe ChangelogController do
+  before { sign_in(person) }
+
+  context "GET #index" do
+    context "as geschätsstelle" do
+      let(:person) { people(:admin) }
+
+      it "is authorized" do
+        expect do
+          get :index
+        end.not_to raise_error(CanCan::AccessDenied)
+      end
+    end
+
+    context "as mitglied" do
+      let(:person) { people(:mitglied) }
+
+      it "is unauthorized" do
+        expect do
+          get :index
+        end.to raise_error(CanCan::AccessDenied)
+      end
+    end
+  end
+end