From 04815891af917cb2470e60f55224299640afd819 Mon Sep 17 00:00:00 2001
From: lpichler <lpichler@redhat.com>
Date: Wed, 26 Apr 2017 16:11:11 +0200
Subject: [PATCH] Specs to ensure that user are listed only with allowed role

---
 spec/lib/rbac/filterer_spec.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/spec/lib/rbac/filterer_spec.rb b/spec/lib/rbac/filterer_spec.rb
index 4fcfa31c4d7..aba05dd280d 100644
--- a/spec/lib/rbac/filterer_spec.rb
+++ b/spec/lib/rbac/filterer_spec.rb
@@ -417,6 +417,17 @@ def get_rbac_results_for_and_expect_objects(klass, expected_objects)
           expect(MiqUserRole.count).to eq(3)
           get_rbac_results_for_and_expect_objects(MiqGroup, [group])
         end
+
+        let(:super_admin_group) do
+          FactoryGirl.create(:miq_group, :tenant => default_tenant, :miq_user_role => super_administrator_user_role)
+        end
+
+        let!(:super_admin_user) { FactoryGirl.create(:user, :miq_groups => [super_admin_group]) }
+
+        it 'can see all users expect to user with group with role EvmRole-super_administrator' do
+          expect(User.count).to eq(2)
+          get_rbac_results_for_and_expect_objects(User, [user])
+        end
       end
     end