diff --git a/spec/services/hyrax/collections/permissions_service_spec.rb b/spec/services/hyrax/collections/permissions_service_spec.rb index 5f44945eb3..488dab208d 100644 --- a/spec/services/hyrax/collections/permissions_service_spec.rb +++ b/spec/services/hyrax/collections/permissions_service_spec.rb @@ -1,304 +1,382 @@ # frozen_string_literal: true RSpec.describe Hyrax::Collections::PermissionsService do + subject(:service) { described_class } let(:user) { FactoryBot.create(:user) } let(:ability) { Ability.new(user) } - context 'collection specific methods' do - let(:collection) { FactoryBot.build(:collection_lw, id: 'collection_1') } - let(:admin_set) { FactoryBot.build(:admin_set, id: 'adminset_1') } - let(:col_permission_template) { FactoryBot.create(:permission_template, source_id: collection.id) } - let(:as_permission_template) { FactoryBot.create(:permission_template, source_id: admin_set.id) } - - before do - allow(Hyrax::PermissionTemplate).to receive(:find_by!).with(source_id: collection.id).and_return(col_permission_template) + context 'methods querying individual collections' do + let(:collection) do + FactoryBot.valkyrie_create(:hyrax_collection, + :with_permission_template, + access_grants: grants) end + let(:grants) { [] } + context 'when manage user' do - before do - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'manage').and_return([user.user_key]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'deposit').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'view').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'manage').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'deposit').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'view').and_return([]) + let(:grants) do + [{agent_type: 'user', access: 'manage', agent_id: user.user_key}] end it '.can_deposit_in_collection? returns true' do - expect(described_class.can_deposit_in_collection?(collection_id: collection.id, ability: ability)).to be true + expect(service.can_deposit_in_collection?(collection_id: collection.id, ability: ability)) + .to be true end it '.can_view_admin_show_for_collection? returns true' do - expect(described_class.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)).to be true + expect(service.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)) + .to be true end end context 'when deposit user' do - before do - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'manage').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'deposit').and_return([user.user_key]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'view').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'manage').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'deposit').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'view').and_return([]) + let(:grants) do + [{agent_type: 'user', access: 'deposit', agent_id: user.user_key}] end it '.can_deposit_in_collection? returns true' do - expect(described_class.can_deposit_in_collection?(collection_id: collection.id, ability: ability)).to be true + expect(service.can_deposit_in_collection?(collection_id: collection.id, ability: ability)) + .to be true end it '.can_view_admin_show_for_collection? returns true' do - expect(described_class.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)).to be true + expect(service.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)) + .to be true end end context 'when view user' do - before do - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'manage').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'deposit').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'view').and_return([user.user_key]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'manage').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'deposit').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'view').and_return([]) + let(:grants) do + [{agent_type: 'user', access: 'view', agent_id: user.user_key}] end it '.can_deposit_in_collection? returns false' do - expect(described_class.can_deposit_in_collection?(collection_id: collection.id, ability: ability)).to be false + expect(service.can_deposit_in_collection?(collection_id: collection.id, ability: ability)) + .to be false end it '.can_view_admin_show_for_collection? returns true' do - expect(described_class.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)).to be true + expect(service.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)) + .to be true end end - context 'when deposit user' do - context 'through membership in public group' do - before do - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'manage').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'deposit').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'view').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'manage').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'deposit').and_return(['public']) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'view').and_return([]) - end + context 'when deposit user through membership in public group' do + let(:grants) do + [{agent_type: 'group', access: 'deposit', agent_id: 'public'}] + end - subject { described_class } + it '.can_deposit_in_collection? returns true' do + expect(service.can_deposit_in_collection?(collection_id: collection.id, ability: ability)) + .to be true + end - it '.can_deposit_in_collection? returns true' do - expect(subject.can_deposit_in_collection?(collection_id: collection.id, ability: ability)).to be true - end - it '.can_view_admin_show_for_collection? returns false' do - expect(subject.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)).to be false - end + it '.can_view_admin_show_for_collection? returns false' do + expect(service.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)) + .to be false end + end - context 'through membership in registered group' do - before do - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'manage').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'deposit').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'view').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'manage').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'deposit').and_return(['registered']) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'view').and_return([]) - end + context 'when deposit user through membership in registered group' do + let(:grants) do + [{agent_type: 'group', access: 'deposit', agent_id: 'registered'}] + end - it '.can_deposit_in_collection? returns true' do - expect(described_class.can_deposit_in_collection?(collection_id: collection.id, ability: ability)).to be true - end + it '.can_deposit_in_collection? returns true' do + expect(service.can_deposit_in_collection?(collection_id: collection.id, ability: ability)) + .to be true + end - it '.can_view_admin_show_for_collection? returns false' do - expect(described_class.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)).to be false - end + it '.can_view_admin_show_for_collection? returns false' do + expect(service.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)) + .to be false end end - context 'when view user' do - context 'through membership in public group' do - before do - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'manage').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'deposit').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'view').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'manage').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'deposit').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'view').and_return(['public']) - end + context 'when view user through membership in public group' do + let(:grants) do + [{agent_type: 'group', access: 'view', agent_id: 'public'}] + end - it '.can_deposit_in_collection? returns false' do - expect(described_class.can_deposit_in_collection?(collection_id: collection.id, ability: ability)).to be false - end - it '.can_view_admin_show_for_collection? returns false' do - expect(described_class.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)).to be false - end + it '.can_deposit_in_collection? returns false' do + expect(service.can_deposit_in_collection?(collection_id: collection.id, ability: ability)) + .to be false end - context 'through membership in registered group' do - before do - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'manage').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'deposit').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'user', access: 'view').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'manage').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'deposit').and_return([]) - allow(col_permission_template).to receive(:agent_ids_for).with(agent_type: 'group', access: 'view').and_return(['registered']) - end + it '.can_view_admin_show_for_collection? returns false' do + expect(service.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)) + .to be false + end + end - it '.can_deposit_in_collection? returns false' do - expect(described_class.can_deposit_in_collection?(collection_id: collection.id, ability: ability)).to be false - end + context 'when view user through membership in registered group' do + let(:grants) do + [{agent_type: 'group', access: 'view', agent_id: 'registered'}] + end - it '.can_view_admin_show_for_collection? returns false' do - expect(described_class.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)).to be false - end + it '.can_deposit_in_collection? returns false' do + expect(service.can_deposit_in_collection?(collection_id: collection.id, ability: ability)) + .to be false + end + + it '.can_view_admin_show_for_collection? returns false' do + expect(service.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)) + .to be false end end context 'when user without access' do it '.can_deposit_in_collection? returns false' do - expect(described_class.can_deposit_in_collection?(collection_id: collection.id, ability: ability)).to be false + expect(service.can_deposit_in_collection?(collection_id: collection.id, ability: ability)) + .to be false end it '.can_view_admin_show_for_collection? returns false' do - expect(described_class.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)).to be false + expect(service.can_view_admin_show_for_collection?(collection_id: collection.id, ability: ability)) + .to be false end end end - context 'methods returning ids' do - let(:user1) { FactoryBot.create(:user) } - let(:user2) { FactoryBot.create(:user) } + context 'methods querying access to many collections' do + let(:user) do + FactoryBot.create(:user, groups: ['view_group', + 'deposit_group', + 'manage_group']) + end + + let(:other_user) { FactoryBot.create(:user) } + + let!(:col_view_user) do + FactoryBot.valkyrie_create(:hyrax_collection, + :with_permission_template, + access_grants: [{agent_type: 'user', + access: 'view', + agent_id: user.user_key}]) + end + + let!(:col_view_group) do + FactoryBot.valkyrie_create(:hyrax_collection, + :with_permission_template, + access_grants: [{agent_type: 'group', + access: 'view', + agent_id: 'view_group'}]) + end + + let!(:col_manage_user) do + FactoryBot.valkyrie_create(:hyrax_collection, + :with_permission_template, + access_grants: [{agent_type: 'user', + access: 'manage', + agent_id: user.user_key}]) + end + + let!(:col_manage_group) do + FactoryBot.valkyrie_create(:hyrax_collection, + :with_permission_template, + access_grants: [{agent_type: 'group', + access: 'manage', + agent_id: 'manage_group'}]) + end + + let!(:col_deposit_user) do + FactoryBot.valkyrie_create(:hyrax_collection, + :with_permission_template, + access_grants: [{agent_type: 'user', + access: 'deposit', + agent_id: user.user_key}]) + end - let!(:col_vu) do - FactoryBot.build(:collection_lw, id: 'collection_vu', user: user1, with_solr_document: true, - with_permission_template: { view_users: [user] }) + let!(:col_deposit_group) do + FactoryBot.valkyrie_create(:hyrax_collection, + :with_permission_template, + access_grants: [{agent_type: 'group', + access: 'deposit', + agent_id: 'deposit_group'}]) end - let!(:col_vg) do - FactoryBot.build(:collection_lw, id: 'collection_vg', user: user1, with_solr_document: true, - with_permission_template: { view_groups: ['view_group'] }) + + let!(:as_view_user) do + FactoryBot.valkyrie_create(:hyrax_admin_set, + :with_permission_template, + access_grants: [{agent_type: 'user', + access: 'view', + agent_id: user.user_key}]) end - let!(:col_mu) do - FactoryBot.build(:collection_lw, id: 'collection_mu', user: user1, with_solr_document: true, - with_permission_template: { manage_users: [user] }) + + let!(:as_view_group) do + FactoryBot.valkyrie_create(:hyrax_admin_set, + :with_permission_template, + access_grants: [{agent_type: 'group', + access: 'view', + agent_id: 'view_group'}]) end - let!(:col_mg) do - FactoryBot.build(:collection_lw, id: 'collection_mg', user: user1, with_solr_document: true, - with_permission_template: { manage_groups: ['manage_group'] }) + + let!(:as_manage_user) do + FactoryBot.valkyrie_create(:hyrax_admin_set, + :with_permission_template, + access_grants: [{agent_type: 'user', + access: 'manage', + agent_id: user.user_key}]) end - let!(:col_du) do - FactoryBot.build(:collection_lw, id: 'collection_du', user: user1, with_solr_document: true, - with_permission_template: { deposit_users: [user] }) + + let!(:as_manage_group) do + FactoryBot.valkyrie_create(:hyrax_admin_set, + :with_permission_template, + access_grants: [{agent_type: 'group', + access: 'manage', + agent_id: 'manage_group'}]) end - let!(:col_dg) do - FactoryBot.build(:collection_lw, id: 'collection_dg', user: user1, with_solr_document: true, - with_permission_template: { deposit_groups: ['deposit_group'] }) + + let!(:as_deposit_user) do + FactoryBot.valkyrie_create(:hyrax_admin_set, + :with_permission_template, + access_grants: [{agent_type: 'user', + access: 'deposit', + agent_id: user.user_key}]) end - let(:as_vu) { FactoryBot.create(:admin_set, id: 'adminset_vu', with_permission_template: true) } - let(:as_vg) { FactoryBot.create(:admin_set, id: 'adminset_vg', with_permission_template: true) } - let(:as_mu) { FactoryBot.create(:admin_set, id: 'adminset_mu', with_permission_template: true) } - let(:as_mg) { FactoryBot.create(:admin_set, id: 'adminset_mg', with_permission_template: true) } - let(:as_du) { FactoryBot.create(:admin_set, id: 'adminset_du', with_permission_template: true) } - let(:as_dg) { FactoryBot.create(:admin_set, id: 'adminset_dg', with_permission_template: true) } - - before do - source_access(as_vu.permission_template, 'user', user.user_key, :view) - source_access(as_vg.permission_template, 'group', 'view_group', :view) - source_access(as_mu.permission_template, 'user', user.user_key, :manage) - source_access(as_mg.permission_template, 'group', 'manage_group', :manage) - source_access(as_du.permission_template, 'user', user.user_key, :deposit) - source_access(as_dg.permission_template, 'group', 'deposit_group', :deposit) - - allow(user).to receive(:groups).and_return(['view_group', 'deposit_group', 'manage_group']) + let!(:as_deposit_group) do + FactoryBot.valkyrie_create(:hyrax_admin_set, + :with_permission_template, + access_grants: [{agent_type: 'group', + access: 'deposit', + agent_id: 'deposit_group'}]) end describe '.collection_ids_for_user' do it 'returns collection ids where user has manage access' do - expect(described_class.collection_ids_for_user(access: 'manage', ability: ability)).to match_array [col_mu.id, col_mg.id] + expect(described_class.collection_ids_for_user(access: 'manage', ability: ability)) + .to contain_exactly(col_manage_user.id, col_manage_group.id) end it 'returns collection ids where user has deposit access' do - expect(described_class.collection_ids_for_user(access: 'deposit', ability: ability)).to match_array [col_du.id, col_dg.id] + expect(described_class.collection_ids_for_user(access: 'deposit', ability: ability)) + .to contain_exactly(col_deposit_user.id, col_deposit_group.id) end it 'returns collection ids where user has view access' do - expect(described_class.collection_ids_for_user(access: 'view', ability: ability)).to match_array [col_vu.id, col_vg.id] + expect(described_class.collection_ids_for_user(access: 'view', ability: ability)) + .to contain_exactly(col_view_user.id, col_view_group.id) end it 'returns collection ids where user has manage, deposit, or view access' do - all = [col_mu.id, col_mg.id, col_du.id, col_dg.id, col_vu.id, col_vg.id] - expect(described_class.collection_ids_for_user(access: ['manage', 'deposit', 'view'], ability: ability)).to match_array all + all = [col_manage_user.id, col_manage_group.id, col_deposit_user.id, col_deposit_group.id, col_view_user.id, col_view_group.id] + + expect(described_class.collection_ids_for_user(access: ['manage', 'deposit', 'view'], ability: ability)) + .to contain_exactly(*all) end it 'returns empty arraywhen user has no access' do - expect(described_class.collection_ids_for_user(access: ['manage', 'deposit', 'view'], ability: Ability.new(user2))) + expect(described_class.collection_ids_for_user(access: ['manage', 'deposit', 'view'], ability: Ability.new(other_user))) .to be_empty end end describe '.source_ids_for_manage' do it 'returns collection and admin set ids where user has manage access' do - expect(described_class.source_ids_for_manage(ability: ability)).to match_array [col_mu.id, col_mg.id, as_mu.id, as_mg.id] + expect(described_class.source_ids_for_manage(ability: ability)) + .to contain_exactly(col_manage_user.id, + col_manage_group.id, + as_manage_user.id, + as_manage_group.id) end it 'returns collection ids where user has manage access' do - expect(described_class.source_ids_for_manage(ability: ability, source_type: 'collection')).to match_array [col_mu.id, col_mg.id] + expect(described_class.source_ids_for_manage(ability: ability, source_type: 'collection')) + .to contain_exactly(col_manage_user.id, col_manage_group.id) end it 'returns admin set ids where user has manage access' do - expect(described_class.source_ids_for_manage(ability: ability, source_type: 'admin_set')).to match_array [as_mu.id, as_mg.id] + expect(described_class.source_ids_for_manage(ability: ability, source_type: 'admin_set')) + .to contain_exactly(as_manage_user.id, as_manage_group.id) end context 'when user has no access' do it 'returns empty array' do - expect(described_class.source_ids_for_manage(ability: Ability.new(user2))).to be_empty + expect(described_class.source_ids_for_manage(ability: Ability.new(other_user))) + .to be_empty end end end describe '.source_ids_for_deposit' do it 'returns collection and admin set ids where user has deposit access' do - expect(described_class.source_ids_for_deposit(ability: ability)).to match_array [col_du.id, col_dg.id, col_mu.id, col_mg.id, as_du.id, as_dg.id, as_mu.id, as_mg.id] + expect(described_class.source_ids_for_deposit(ability: ability)) + .to contain_exactly(col_deposit_user.id, + col_deposit_group.id, + col_manage_user.id, + col_manage_group.id, + as_deposit_user.id, + as_deposit_group.id, + as_manage_user.id, + as_manage_group.id) end + it 'returns collection ids where user has deposit access' do - expect(described_class.source_ids_for_deposit(ability: ability, source_type: 'collection')).to match_array [col_du.id, col_dg.id, col_mu.id, col_mg.id] + expect(described_class.source_ids_for_deposit(ability: ability, source_type: 'collection')) + .to contain_exactly(col_deposit_user.id, + col_deposit_group.id, + col_manage_user.id, + col_manage_group.id) end + it 'returns admin set ids where user has deposit access' do - expect(described_class.source_ids_for_deposit(ability: ability, source_type: 'admin_set')).to match_array [as_du.id, as_dg.id, as_mu.id, as_mg.id] + expect(described_class.source_ids_for_deposit(ability: ability, source_type: 'admin_set')) + .to contain_exactly(as_deposit_user.id, + as_deposit_group.id, + as_manage_user.id, + as_manage_group.id) end + it 'returns admin set ids where user has deposit access except excluded groups' do expect(described_class.source_ids_for_deposit(ability: ability, source_type: 'admin_set', exclude_groups: ['deposit_group'])) - .to match_array [as_du.id, as_mu.id, as_mg.id] + .to contain_exactly(as_deposit_user.id, as_manage_user.id, as_manage_group.id) end it 'returns empty array when user has no access' do - expect(described_class.source_ids_for_deposit(ability: Ability.new(user2))).to be_empty + expect(described_class.source_ids_for_deposit(ability: Ability.new(other_user))) + .to be_empty end end describe '.collection_ids_for_deposit' do it 'returns collection ids where user has manage access' do - expect(described_class.collection_ids_for_deposit(ability: ability)).to match_array [col_du.id, col_dg.id, col_mu.id, col_mg.id] + expect(described_class.collection_ids_for_deposit(ability: ability)) + .to contain_exactly(col_deposit_user.id, col_deposit_group.id, col_manage_user.id, col_manage_group.id) end it 'returns empty array' do - expect(described_class.collection_ids_for_deposit(ability: Ability.new(user2))).to be_empty + expect(described_class.collection_ids_for_deposit(ability: Ability.new(other_user))) + .to be_empty end end describe '.collection_ids_for_view' do it 'returns collection ids where user has view access' do - expect(described_class.collection_ids_for_view(ability: ability)).to match_array [col_du.id, col_dg.id, col_mu.id, col_mg.id, col_vu.id, col_vg.id] + expect(described_class.collection_ids_for_view(ability: ability)) + .to contain_exactly(col_deposit_user.id, + col_deposit_group.id, + col_manage_user.id, + col_manage_group.id, + col_view_user.id, + col_view_group.id) end it 'returns empty array when user has no access' do - expect(described_class.collection_ids_for_view(ability: Ability.new(user2))).to be_empty + expect(described_class.collection_ids_for_view(ability: Ability.new(other_user))) + .to be_empty end end describe '.can_manage_any_collection?' do it 'returns true when user has manage access to at least one collection' do - expect(described_class.can_manage_any_collection?(ability: ability)).to be true + expect(described_class.can_manage_any_collection?(ability: ability)) + .to be true end it 'returns false when user has no access' do - expect(described_class.can_manage_any_collection?(ability: Ability.new(user2))).to be false + expect(described_class.can_manage_any_collection?(ability: Ability.new(other_user))) + .to be false end end @@ -308,36 +386,33 @@ end it 'returns false when user has no access' do - expect(described_class.can_manage_any_admin_set?(ability: Ability.new(user2))).to be false + expect(described_class.can_manage_any_admin_set?(ability: Ability.new(other_user))) + .to be false end end describe '.can_view_admin_show_for_any_collection?' do it 'returns true when user has manage, deposit, or view access to at least one collection' do - expect(described_class.can_view_admin_show_for_any_collection?(ability: ability)).to be true + expect(described_class.can_view_admin_show_for_any_collection?(ability: ability)) + .to be true end it 'returns false when user has no access' do - expect(described_class.can_view_admin_show_for_any_collection?(ability: Ability.new(user2))).to be false + expect(described_class.can_view_admin_show_for_any_collection?(ability: Ability.new(other_user))) + .to be false end end describe '.can_view_admin_show_for_any_admin set?' do it 'returns true when user has manage, deposit, or view access to at least one admin set' do - expect(described_class.can_view_admin_show_for_any_admin_set?(ability: ability)).to be true + expect(described_class.can_view_admin_show_for_any_admin_set?(ability: ability)) + .to be true end it 'returns false when user has no access' do - expect(described_class.can_view_admin_show_for_any_admin_set?(ability: Ability.new(user2))).to be false + expect(described_class.can_view_admin_show_for_any_admin_set?(ability: Ability.new(other_user))) + .to be false end end end - - def source_access(permission_template, agent_type, agent_id, access) - FactoryBot.create(:permission_template_access, - access, - permission_template: permission_template, - agent_type: agent_type, - agent_id: agent_id) - end end