Add comprehensive tests for all Pundit policies #2457

olleolleolle · 2026-02-02T09:05:27Z

Suggested change

subject { described_class.new(user, :admin_portal) }

subject(:policy) { described_class.new(user, :admin_portal) }

RSpec lets use name subjects, which improves the legibility of the individual tests, while preserving the possibility to use RSpec shared examples, and the like.

Let's call this feedback minor, not a blocker to merging.

-Original file line number
+Diff line change
@@ -0,0 +1,55 @@
+    RSpec.describe ApplicationPolicy do
+      subject { described_class.new(user, record) }
+      let(:record) { double('record') }
+      let(:admin) { Fabricate(:member).tap { |m| m.add_role(:admin) } }
+      let(:regular_member) { Fabricate(:member) }
+      describe '#index?' do
+        let(:user) { admin }
+        it 'denies access by default' do
+          expect(subject.index?).to be false
+        end
+      end
+      describe '#create?' do
+        let(:user) { admin }
+        it 'denies access by default' do
+          expect(subject.create?).to be false
+        end
+      end
+      describe '#new?' do
+        let(:user) { admin }
+        it 'delegates to create?' do
+          expect(subject.new?).to eq(subject.create?)
+        end
+      end
+      describe '#update?' do
+        let(:user) { admin }
+        it 'denies access by default' do
+          expect(subject.update?).to be false
+        end
+      end
+      describe '#edit?' do
+        let(:user) { admin }
+        it 'delegates to update?' do
+          expect(subject.edit?).to eq(subject.update?)
+        end
+      end
+      describe '#destroy?' do
+        let(:user) { admin }
+        it 'denies access by default' do
+          expect(subject.destroy?).to be false
+        end
+      end
+    end

-Original file line number
+Diff line change
@@ -0,0 +1,115 @@
+    RSpec.describe ChapterPolicy do
+      subject { described_class.new(user, chapter) }
+      let(:chapter) { Fabricate(:chapter) }
+      let(:admin) { Fabricate(:member).tap { |m| m.add_role(:admin) } }
+      let(:regular_member) { Fabricate(:member) }
+      describe '#index?' do
+        context 'when user is admin' do
+          let(:user) { admin }
+          it 'permits access' do
+            expect(subject.index?).to be true
+          end
+        end
+        context 'when user is regular member' do
+          let(:user) { regular_member }
+          it 'denies access' do
+            expect(subject.index?).to be false
+          end
+        end
+      end
+      describe '#create?' do
+        context 'when user is admin' do
+          let(:user) { admin }
+          it 'permits access' do
+            expect(subject.create?).to be true
+          end
+        end
+        context 'when user is regular member' do
+          let(:user) { regular_member }
+          it 'denies access' do
+            expect(subject.create?).to be false
+          end
+        end
+      end
+      describe '#show?' do
+        context 'when user is admin' do
+          let(:user) { admin }
+          it 'permits access' do
+            expect(subject.show?).to be true
+          end
+        end
+        context 'when user is regular member' do
+          let(:user) { regular_member }
+          it 'denies access' do
+            expect(subject.show?).to be false
+          end
+        end
+      end
+      describe '#edit?' do
+        context 'when user is admin' do
+          let(:user) { admin }
+          it 'permits access' do
+            expect(subject.edit?).to be true
+          end
+        end
+        context 'when user is regular member' do
+          let(:user) { regular_member }
+          it 'denies access' do
+            expect(subject.edit?).to be false
+          end
+        end
+      end
+      describe '#update?' do
+        context 'when user is admin' do
+          let(:user) { admin }
+          it 'permits access' do
+            expect(subject.update?).to be true
+          end
+        end
+        context 'when user is regular member' do
+          let(:user) { regular_member }
+          it 'denies access' do
+            expect(subject.update?).to be false
+          end
+        end
+      end
+      describe '#members?' do
+        context 'when user is admin' do
+          let(:user) { admin }
+          it 'permits access' do
+            expect(subject.members?).to be true
+          end
+        end
+        context 'when user is regular member' do
+          let(:user) { regular_member }
+          it 'denies access' do
+            expect(subject.members?).to be false
+          end
+        end
+      end
+    end

-Original file line number
+Diff line change
@@ -0,0 +1,25 @@
+    RSpec.describe ContactPolicy do
+      subject { described_class.new(user, contact) }
+      let(:contact) { Fabricate(:contact) }
+      let(:admin) { Fabricate(:member).tap { |m| m.add_role(:admin) } }
+      let(:regular_member) { Fabricate(:member) }
+      describe '#index?' do
+        context 'when user is admin' do
+          let(:user) { admin }
+          it 'permits access' do
+            expect(subject.index?).to be true
+          end
+        end
+        context 'when user is regular member' do
+          let(:user) { regular_member }
+          it 'denies access' do
+            expect(subject.index?).to be false
+          end
+        end
+      end
+    end

-Original file line number
+Diff line change
@@ -0,0 +1,43 @@
+    RSpec.describe EventPolicy do
+      subject { described_class.new(user, event) }
+      let(:event) { Fabricate(:event) }
+      let(:admin) { Fabricate(:member).tap { |m| m.add_role(:admin) } }
+      let(:regular_member) { Fabricate(:member) }
+      describe '#invite?' do
+        context 'when user is admin' do
+          let(:user) { admin }
+          it 'permits access' do
+            expect(subject.invite?).to be true
+          end
+        end
+        context 'when user is regular member' do
+          let(:user) { regular_member }
+          it 'denies access' do
+            expect(subject.invite?).to be false
+          end
+        end
+      end
+      describe '#show?' do
+        context 'when user is admin' do
+          let(:user) { admin }
+          it 'permits access' do
+            expect(subject.show?).to be true
+          end
+        end
+        context 'when user is regular member' do
+          let(:user) { regular_member }
+          it 'denies access' do
+            expect(subject.show?).to be false
+          end
+        end
+      end
+    end

-Original file line number
+Diff line change
@@ -0,0 +1,43 @@
+    RSpec.describe GroupPolicy do
+      subject { described_class.new(user, group) }
+      let(:group) { Fabricate(:group) }
+      let(:admin) { Fabricate(:member).tap { |m| m.add_role(:admin) } }
+      let(:regular_member) { Fabricate(:member) }
+      describe '#create?' do
+        context 'when user is admin' do
+          let(:user) { admin }
+          it 'permits access' do
+            expect(subject.create?).to be true
+          end
+        end
+        context 'when user is regular member' do
+          let(:user) { regular_member }
+          it 'denies access' do
+            expect(subject.create?).to be false
+          end
+        end
+      end
+      describe '#show?' do
+        context 'when user is admin' do
+          let(:user) { admin }
+          it 'permits access' do
+            expect(subject.show?).to be true
+          end
+        end
+        context 'when user is regular member' do
+          let(:user) { regular_member }
+          it 'denies access' do
+            expect(subject.show?).to be false
+          end
+        end
+      end
+    end

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add comprehensive tests for all Pundit policies #2457

Uh oh!

Diff view

Diff view

There are no files selected for viewing

olleolleolle Feb 2, 2026 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Add comprehensive tests for all Pundit policies #2457

Uh oh!

Add comprehensive tests for all Pundit policies #2457

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

olleolleolle Feb 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

olleolleolle Feb 2, 2026 •

edited

Loading