Convert settings/deletes spec controller->request/system (#34274)

2025-03-26 03:26:28 -04:00 · 2025-03-26 03:26:28 -04:00 · 2a181f56e3
commit 2a181f56e3
parent 94d71c992e
3 changed files with 95 additions and 92 deletions
--- a/spec/requests/settings/deletes_spec.rb
+++ b/spec/requests/settings/deletes_spec.rb
@ -4,13 +4,65 @@ require 'rails_helper'

 RSpec.describe 'Settings Deletes' do
  describe 'DELETE /settings/delete' do
-    before { sign_in Fabricate(:user) }
+    context 'when signed in' do
+      before { sign_in(user) }

-    it 'gracefully handles invalid nested params' do
-      delete settings_delete_path(form_delete_confirmation: 'invalid')
+      let(:user) { Fabricate(:user) }

-      expect(response)
-        .to have_http_status(400)
+      it 'gracefully handles invalid nested params' do
+        delete settings_delete_path(form_delete_confirmation: 'invalid')
+
+        expect(response)
+          .to have_http_status(400)
+      end
+
+      context 'when suspended' do
+        let(:user) { Fabricate(:user, account_attributes: { suspended_at: Time.now.utc }) }
+
+        it 'returns http forbidden' do
+          delete settings_delete_path
+
+          expect(response)
+            .to have_http_status(403)
+        end
+      end
+    end
+
+    context 'when not signed in' do
+      it 'redirects to sign in' do
+        delete settings_delete_path
+
+        expect(response)
+          .to redirect_to(new_user_session_path)
+      end
+    end
+  end
+
+  describe 'GET /settings/delete' do
+    context 'when signed in' do
+      before { sign_in(user) }
+
+      context 'when suspended' do
+        let(:user) { Fabricate(:user, account_attributes: { suspended_at: Time.now.utc }) }
+
+        it 'returns http forbidden with private cache control headers' do
+          get settings_delete_path
+
+          expect(response)
+            .to have_http_status(403)
+          expect(response.headers['Cache-Control'])
+            .to include('private, no-store')
+        end
+      end
+    end
+
+    context 'when not signed in' do
+      it 'redirects to sign in' do
+        get settings_delete_path
+
+        expect(response)
+          .to redirect_to(new_user_session_path)
+      end
    end
  end
 end