diff --git a/ui/tests/unit/models/capabilities-test.js b/ui/tests/unit/models/capabilities-test.js index 65c01048d5f5..cd490fce972c 100644 --- a/ui/tests/unit/models/capabilities-test.js +++ b/ui/tests/unit/models/capabilities-test.js @@ -82,7 +82,7 @@ module('Unit | Model | capabilities', function(hooks) { assert.notOk(model.get('canList')); }); - test('it does not require sudo on sys/leases/revoke if update capability is present', function(assert) { + test('it does not require sudo on sys/leases/revoke if update capability is present and path is not fully a sudo prefix', function(assert) { let model = run(() => this.owner.lookup('service:store').createRecord('capabilities', { path: 'sys/leases/revoke', @@ -95,4 +95,32 @@ module('Unit | Model | capabilities', function(hooks) { assert.notOk(model.get('canDelete')); assert.notOk(model.get('canList')); }); + + test('it requires sudo on prefix path even if capability is present', function(assert) { + let model = run(() => + this.owner.lookup('service:store').createRecord('capabilities', { + path: SUDO_PATH_PREFIXES[0] + '/aws', + capabilities: ['update', 'read'], + }) + ); + assert.notOk(model.get('canRead')); + assert.notOk(model.get('canCreate')); + assert.notOk(model.get('canUpdate'), 'should still require sudo'); + assert.notOk(model.get('canDelete')); + assert.notOk(model.get('canList')); + }); + + test('it does not require sudo on prefix path if both update and sudo capabilities are present', function(assert) { + let model = run(() => + this.owner.lookup('service:store').createRecord('capabilities', { + path: SUDO_PATH_PREFIXES[0] + '/aws', + capabilities: ['sudo', 'update', 'read'], + }) + ); + assert.ok(model.get('canRead')); + assert.notOk(model.get('canCreate')); + assert.ok(model.get('canUpdate'), 'should not require sudo'); + assert.notOk(model.get('canDelete')); + assert.notOk(model.get('canList')); + }); });