table & model changes for group managers with permission to edit membership

spec/controllers/groups_controller_spec.rb

@@ -84,4 +84,78 @@ describe GroupsController do
       expect(members.map{ |m| m['username'] }).to eq(usernames[3..4])
     end
   end
+
+
+  describe "membership edit permission" do
+    it "refuses membership changes to unauthorized users" do
+      Guardian.any_instance.stubs(:can_edit?).with(group).returns(false)
+
+      xhr :put, :add_members, group_id: group.name, usernames: "bob"
+      response.should be_forbidden
+
+      xhr :delete, :remove_member, group_id: group.name, username: "bob"
+      response.should be_forbidden
+    end
+
+    it "cannot add members to automatic groups" do
+      Guardian.any_instance.stubs(:is_admin?).returns(true)
+      auto_group = Fabricate(:group, name: "auto_group", automatic: true)
+
+      xhr :put, :add_members, group_id: group.name, usernames: "bob"
+      response.should be_forbidden
+    end
+  end
+
+  describe "membership edits" do
+    before do
+      @user1 = Fabricate(:user)
+      group.add(@user1)
+      group.reload
+
+      Guardian.any_instance.stubs(:can_edit?).with(group).returns(true)
+    end
+
+    it "can make incremental adds" do
+      user2 = Fabricate(:user)
+      xhr :put, :add_members, group_id: group.name, usernames: user2.username
+
+      response.should be_success
+      group.reload
+      group.users.count.should eq(2)
+    end
+
+    it "succeeds silently when adding non-existent users" do
+      xhr :put, :add_members, group_id: group.name, usernames: "nosuchperson"
+
+      response.should be_success
+      group.reload
+      group.users.count.should eq(1)
+    end
+
+    it "succeeds silently when adding duplicate users" do
+      xhr :put, :add_members, group_id: group.name, usernames: @user1.username
+
+      response.should be_success
+      group.reload
+      group.users.should eq([@user1])
+    end
+
+    it "can make incremental deletes" do
+      xhr :delete, :remove_member, group_id: group.name, username: @user1.username
+
+      response.should be_success
+      group.reload
+      group.users.count.should eq(0)
+    end
+
+    it "succeeds silently when removing non-members" do
+      user2 = Fabricate(:user)
+      xhr :delete, :remove_member, group_id: group.name, username: user2.username
+
+      response.should be_success
+      group.reload
+      group.users.count.should eq(1)
+    end
+  end
+
 end

spec/models/group_spec.rb

@@ -204,4 +204,27 @@ describe Group do
     expect(user.groups.map(&:name).sort).to eq ["trust_level_0"]
   end
 
+  context "group management" do
+    let(:group) {Fabricate(:group)}
+
+    it "by default has no managers" do
+      group.managers.should be_empty
+    end
+
+    it "multiple managers can be appointed" do
+      2.times do |i|
+        u = Fabricate(:user)
+        group.appoint_manager(u)
+      end
+      expect(group.managers.count).to eq(2)
+    end
+
+    it "manager has authority to edit membership" do
+      u = Fabricate(:user)
+      expect(Guardian.new(u).can_edit?(group)).to be_falsy
+      group.appoint_manager(u)
+      expect(Guardian.new(u).can_edit?(group)).to be_truthy
+    end
+  end
+
 end

spec/models/user_spec.rb

@@ -1029,6 +1029,22 @@ describe User do
     end
   end
 
+  context "group management" do
+    let!(:user) { Fabricate(:user) }
+
+    it "by default has no managed groups" do
+      expect(user.managed_groups).to be_empty
+    end
+
+    it "can manage multiple groups" do
+      3.times do |i|
+        g = Fabricate(:group, name: "group_#{i}")
+        g.appoint_manager(user)
+      end
+      expect(user.managed_groups.count).to eq(3)
+    end
+  end
+
   describe "should_be_redirected_to_top" do
     let!(:user) { Fabricate(:user) }