@@ -36,4 +36,45 @@ class Boards::ColumnsControllerTest < ActionDispatch::IntegrationTest
3636 assert_response :success
3737 end
3838 end
39+
40+ test "create requires board admin permission" do
41+ logout_and_sign_in_as :jz
42+
43+ assert_no_difference -> { boards ( :writebook ) . columns . count } do
44+ post board_columns_path ( boards ( :writebook ) ) , params : { column : { name : "New Column" } } , as : :turbo_stream
45+ assert_response :forbidden
46+ end
47+ end
48+
49+ test "update requires board admin permission" do
50+ logout_and_sign_in_as :jz
51+
52+ column = columns ( :writebook_in_progress )
53+ original_name = column . name
54+
55+ put board_column_path ( boards ( :writebook ) , column ) , params : { column : { name : "Updated Name" } } , as : :turbo_stream
56+
57+ assert_response :forbidden
58+ assert_equal original_name , column . reload . name
59+ end
60+
61+ test "destroy requires board admin permission" do
62+ logout_and_sign_in_as :jz
63+
64+ column = columns ( :writebook_on_hold )
65+
66+ assert_no_difference -> { boards ( :writebook ) . columns . count } do
67+ delete board_column_path ( boards ( :writebook ) , column ) , as : :turbo_stream
68+ assert_response :forbidden
69+ end
70+ end
71+
72+ test "board creator can manage columns" do
73+ logout_and_sign_in_as :david # David is not admin but created writebook board
74+
75+ assert_difference -> { boards ( :writebook ) . columns . count } , +1 do
76+ post board_columns_path ( boards ( :writebook ) ) , params : { column : { name : "Creator Column" } } , as : :turbo_stream
77+ assert_response :success
78+ end
79+ end
3980end
0 commit comments