Convert admin/users/roles spec controller->system/request (#33930)

2025-02-17 04:25:25 -05:00 · 2025-02-17 04:25:25 -05:00 · ea53faeb3f
commit ea53faeb3f
parent a3ef72a541
3 changed files with 66 additions and 77 deletions
--- a/spec/requests/admin/users/roles_spec.rb
+++ b/spec/requests/admin/users/roles_spec.rb
@ -3,6 +3,34 @@
 require 'rails_helper'

 RSpec.describe 'Admin Users Roles' do
+  context 'when target user is higher ranked than current user' do
+    let(:current_role) { UserRole.create(name: 'Foo', permissions: UserRole::FLAGS[:manage_roles], position: 10) }
+    let(:current_user) { Fabricate(:user, role: current_role) }
+
+    let(:previous_role) { UserRole.create(name: 'Baz', permissions: UserRole::FLAGS[:administrator], position: 100) }
+    let(:user) { Fabricate(:user, role: previous_role) }
+
+    before { sign_in(current_user) }
+
+    describe 'GET /admin/users/:user_id/role' do
+      it 'returns http forbidden' do
+        get admin_user_role_path(user.id)
+
+        expect(response)
+          .to have_http_status(403)
+      end
+    end
+
+    describe 'PUT /admin/users/:user_id/role' do
+      it 'returns http forbidden' do
+        put admin_user_role_path(user.id)
+
+        expect(response)
+          .to have_http_status(403)
+      end
+    end
+  end
+
  describe 'PUT /admin/users/:user_id/role' do
    before { sign_in Fabricate(:admin_user) }