DEV: Extend specs coverage for non-admin access to admin endpoints (#18833)

Replace base controller class inheritance specs with explicit specs for non-staff and moderator access to admin resources
2025-05-23 11:41:03 +08:00 · 2022-11-03 03:42:44 +00:00
parent 612ab8710a
commit 52be5b3782
31 changed files with 7047 additions and 3433 deletions
--- a/spec/requests/admin/plugins_controller_spec.rb
+++ b/spec/requests/admin/plugins_controller_spec.rb
@ -1,20 +1,42 @@
 # frozen_string_literal: true

 RSpec.describe Admin::PluginsController do
+  fab!(:admin) { Fabricate(:admin) }
+  fab!(:moderator) { Fabricate(:moderator) }
+  fab!(:user) { Fabricate(:user) }

-  it "is a subclass of StaffController" do
-    expect(Admin::PluginsController < Admin::StaffController).to eq(true)
-  end
+  describe "#index" do
+    context "while logged in as an admin" do
+      before { sign_in(admin) }

-  context "while logged in as an admin" do
-    before do
-      sign_in(Fabricate(:admin))
+      it "returns plugins" do
+        get "/admin/plugins.json"
+
+        expect(response.status).to eq(200)
+        expect(response.parsed_body.has_key?('plugins')).to eq(true)
+      end
    end

-    it 'should return JSON' do
-      get "/admin/plugins.json"
-      expect(response.status).to eq(200)
-      expect(response.parsed_body.has_key?('plugins')).to eq(true)
+    context "when logged in as a moderator" do
+      before { sign_in(moderator) }
+
+      it "returns plugins" do
+        get "/admin/plugins.json"
+
+        expect(response.status).to eq(200)
+        expect(response.parsed_body.has_key?('plugins')).to eq(true)
+      end
+    end
+
+    context "when logged in as a non-staff user" do
+      before  { sign_in(user) }
+
+      it "denies access with a 404 response" do
+        get "/admin/plugins.json"
+
+        expect(response.status).to eq(404)
+        expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
+      end
    end
  end
 end