Test permissions combined with Ransack searches

2026-03-04 02:31:33 +00:00 · 2021-10-11 14:31:50 +01:00
parent 76f14a03c6
commit 46f9d3ef81
1 changed files with 10 additions and 0 deletions
--- a/spec/requests/api/v1/customers_spec.rb
+++ b/spec/requests/api/v1/customers_spec.rb
@@ -43,6 +43,16 @@ describe "Customers", type: :request do
          expect(json_response_ids).to eq [customer3.id.to_s]
        end
      end
+
+      context "with ransack params searching for specific customers" do
+        before { login_as enterprise2.owner }
+
+        it "does not show results the user doesn't have permissions to view" do
+          get "/api/v1/customers", params: { q: { id_eq: customer2.id } }
+
+          expect(json_response_ids).to eq []
+        end
+      end
    end

    post "Create customer" do