standardized policy tests using pundit matchers

lucasleandro1 · lucasleandro1 · commit 29218939b8f2 · 2025-04-11T15:10:45.000-03:00
diff --git a/spec/policies/application_policy_spec.rb b/spec/policies/application_policy_spec.rb
@@ -7,8 +7,12 @@
   let(:patient) { create(:patient, user: user) }
   let(:another_owner_patient) { create(:patient) }
 
-  permissions :index?, :show?, :create?, :new?, :update?, :edit?, :destroy? do
-    it { expect(described_class).not_to permit(nil, nil) }
+  describe "permissions" do
+    subject { described_class.new(nil, nil) }
+
+    it "forbids all default actions when no user is present" do
+      is_expected.to forbid_all_actions
+    end
   end
 
   permissions :user_owner? do
diff --git a/spec/policies/event_procedure_policy_spec.rb b/spec/policies/event_procedure_policy_spec.rb
@@ -3,8 +3,6 @@
 require "rails_helper"
 
 RSpec.describe EventProcedurePolicy do
-  subject(:policy) { described_class }
-
   let(:user) { create(:user) }
   let(:event_procedure) { create(:event_procedure, user: user) }
   let(:other_event_procedure) { create(:event_procedure) }
@@ -42,18 +40,29 @@
     end
   end
 
-  permissions :index?, :create? do
-    context "when user is nil" do
-      it { is_expected.not_to permit(nil, event_procedure) }
+  describe "permissions" do
+    context "when has no user" do
+      subject { described_class.new(nil, event_procedure) }
+
+      it { is_expected.to forbid_all_actions }
     end
 
     context "when user is present" do
-      it { is_expected.to permit(user, event_procedure) }
+      subject { described_class.new(user, event_procedure) }
+
+      it { is_expected.to permit_actions(%i[index create]) }
     end
-  end
 
-  permissions :update?, :destroy? do
-    it { is_expected.to permit(user, event_procedure) }
-    it { is_expected.not_to permit(user, other_event_procedure) }
+    context "when user is owner" do
+      subject { described_class.new(user, event_procedure) }
+
+      it { is_expected.to permit_actions(%i[index create update destroy]) }
+    end
+
+    context "when user is not owner" do
+      subject { described_class.new(user, other_event_procedure) }
+
+      it { is_expected.to forbid_actions(%i[update destroy]) }
+    end
   end
 end
diff --git a/spec/policies/health_insurance_policy_spec.rb b/spec/policies/health_insurance_policy_spec.rb
@@ -3,18 +3,16 @@
 require "rails_helper"
 
 RSpec.describe HealthInsurancePolicy do
-  subject { described_class }
-
   let(:user) { create(:user) }
   let(:health_insurance) { create(:health_insurance, user: user) }
 
   permissions :index?, :create? do
     context "when user is present" do
-      it { is_expected.to permit(user, health_insurance) }
+      it { expect(described_class).to permit(user, health_insurance) }
     end
 
     context "when user is nil" do
-      it { is_expected.not_to permit(nil, health_insurance) }
+      it { expect(described_class).not_to permit(nil, health_insurance) }
     end
   end
 end
diff --git a/spec/policies/hospital_policy_spec.rb b/spec/policies/hospital_policy_spec.rb
@@ -3,18 +3,16 @@
 require "rails_helper"
 
 RSpec.describe HospitalPolicy do
-  subject(:policy) { described_class }
-
   let(:user) { create(:user) }
   let(:hospital) { create(:hospital) }
 
   permissions :index?, :create?, :update?, :destroy? do
     context "when user is present" do
-      it { expect(policy).to permit(user, hospital) }
+      it { expect(described_class).to permit(user, hospital) }
     end
 
     context "when user is nil" do
-      it { expect(policy).not_to permit(nil, hospital) }
+      it { expect(described_class).not_to permit(nil, hospital) }
     end
   end
 end
diff --git a/spec/policies/medical_shift_policy_spec.rb b/spec/policies/medical_shift_policy_spec.rb
@@ -33,27 +33,29 @@
     end
   end
 
-  permissions :index?, :create? do
-    context "when user is present" do
-      it { expect(described_class).to permit(user, medical_shift) }
+  describe "permissions" do
+    context "when has user" do
+      subject { described_class.new(user, medical_shift) }
+
+      it { is_expected.to permit_actions(%i[index create hospital_name_suggestion_index amount_suggestions_index]) }
     end
 
-    context "when user is nil" do
-      it { expect(described_class).not_to permit(nil, medical_shift) }
+    context "when has no user" do
+      subject { described_class.new(nil, medical_shift) }
+
+      it { is_expected.to forbid_all_actions }
     end
-  end
 
-  permissions :update?, :destroy? do
     context "when user is owner" do
-      it { expect(described_class).to permit(user, medical_shift) }
-    end
+      subject { described_class.new(user, medical_shift) }
 
-    context "when user is nil" do
-      it { expect(described_class).not_to permit(nil, medical_shift) }
+      it { is_expected.to permit_actions(%i[index create update destroy]) }
     end
 
     context "when user is not owner" do
-      it { expect(described_class).not_to permit(user, medical_shift_without_user) }
+      subject { described_class.new(user, medical_shift_without_user) }
+
+      it { is_expected.to forbid_actions(%i[update destroy]) }
     end
   end
 end
diff --git a/spec/policies/patient_policy_spec.rb b/spec/policies/patient_policy_spec.rb
@@ -34,19 +34,29 @@
     end
   end
 
-  permissions :index?, :create? do
+  describe "permissions" do
     context "when user is nil" do
-      it { expect(described_class).not_to permit(nil, patient) }
+      subject { described_class.new(nil, patient) }
+
+      it { is_expected.to forbid_all_actions }
     end
-  end
 
-  permissions :update?, :destroy? do
-    context "when user is not the owner" do
-      it { expect(described_class).not_to permit(user, patient_another_user) }
+    context "when user is present" do
+      subject { described_class.new(user, patient) }
+
+      it { is_expected.to permit_actions(%i[index create]) }
     end
 
-    context "when user is the owner" do
-      it { expect(described_class).to permit(user, patient) }
+    context "when user is owner" do
+      subject { described_class.new(user, patient) }
+
+      it { is_expected.to permit_actions(%i[index create update destroy]) }
+    end
+
+    context "when user is not owner" do
+      subject { described_class.new(user, patient_another_user) }
+
+      it { is_expected.to forbid_actions(%i[update destroy]) }
     end
   end
 end
diff --git a/spec/policies/procedure_policy_spec.rb b/spec/policies/procedure_policy_spec.rb
@@ -7,19 +7,29 @@
   let(:procedure) { create(:procedure, user: user) }
   let(:procedure_without_user) { create(:procedure) }
 
-  permissions :index?, :create? do
+  describe "permissions" do
     context "when has no user" do
-      it { expect(described_class).not_to permit(nil, procedure) }
+      subject { described_class.new(nil, procedure) }
+
+      it { is_expected.to forbid_all_actions }
     end
-  end
 
-  permissions :update?, :destroy? do
-    context "when user is not owner" do
-      it { expect(described_class).not_to permit(user, procedure_without_user) }
+    context "when user is present" do
+      subject { described_class.new(user, procedure) }
+
+      it { is_expected.to permit_actions(%i[index create]) }
     end
 
     context "when user is owner" do
-      it { expect(described_class).to permit(user, procedure) }
+      subject { described_class.new(user, procedure) }
+
+      it { is_expected.to permit_actions(%i[index create update destroy]) }
+    end
+
+    context "when user is not owner" do
+      subject { described_class.new(user, procedure_without_user) }
+
+      it { is_expected.to forbid_actions(%i[update destroy]) }
     end
   end
 end
