Use author_in_programming_group? policy for files & RfCs

* Allow all members of a programming group to list and solve RfCs * Also adjust policy specs to respect programming groups
2023-08-22 09:23:20 +02:00
parent 9d1be1eeff
commit 01accdae58
7 changed files with 101 additions and 19 deletions
--- a/spec/policies/code_ocean/file_policy_spec.rb
+++ b/spec/policies/code_ocean/file_policy_spec.rb
@ -30,31 +30,81 @@ describe CodeOcean::FilePolicy do
    context 'when being part of a submission' do
      let(:file) { submission.files.first }

-      context 'when file creation is allowed' do
+      shared_context 'when file creation is allowed' do
        before do
          submission.exercise.update(allow_file_creation: true)
        end
-
-        it 'grants access to authors' do
-          expect(policy).to permit(submission.author, file)
-        end
      end

-      context 'when file creation is not allowed' do
+      shared_context 'when file creation is not allowed' do
        before do
          submission.exercise.update(allow_file_creation: false)
        end
+      end

-        it 'grants access to authors' do
-          expect(policy).not_to permit(submission.author, file)
+      shared_examples 'no other user allowed to access' do
+        it 'does not grant access to all other users' do
+          %i[admin external_user teacher].each do |factory_name|
+            expect(policy).not_to permit(create(factory_name), file)
+          end
        end
      end

-      it 'does not grant access to all other users' do
-        %i[admin external_user teacher].each do |factory_name|
-          expect(policy).not_to permit(create(factory_name), file)
+      context 'when a single user authored' do
+        context 'when file creation is allowed' do
+          include_context 'when file creation is allowed'
+
+          it 'grants access to authors' do
+            expect(policy).to permit(submission.author, file)
+          end
+
+          it_behaves_like 'no other user allowed to access'
+        end
+
+        context 'when file creation is not allowed' do
+          include_context 'when file creation is not allowed'
+
+          it 'does not grant access to authors' do
+            expect(policy).not_to permit(submission.author, file)
+          end
+
+          it_behaves_like 'no other user allowed to access'
        end
      end
+
+      context 'when a programming group authored' do
+        let(:group_author) { create(:external_user) }
+        let(:other_group_author) { create(:external_user) }
+        let(:programming_group) { create(:programming_group, exercise: submission.exercise, users: [group_author, other_group_author]) }
+
+        before do
+          submission.update(contributor: programming_group)
+        end
+
+        context 'when file creation is allowed' do
+          include_context 'when file creation is allowed'
+
+          it 'grants access to authors' do
+            expect(policy).to permit(group_author, file)
+            expect(policy).to permit(other_group_author, file)
+          end
+
+          it_behaves_like 'no other user allowed to access'
+        end
+
+        context 'when file creation is not allowed' do
+          include_context 'when file creation is not allowed'
+
+          it 'does not grant access to authors' do
+            expect(policy).not_to permit(group_author, file)
+            expect(policy).not_to permit(other_group_author, file)
+          end
+
+          it_behaves_like 'no other user allowed to access'
+        end
+      end
+
+      it_behaves_like 'no other user allowed to access'
    end
  end