Fix tests and slightly refactor some policies

app/controllers/concerns/lti.rb

@@ -63,7 +63,7 @@ module Lti
       else # 'learner'
         next
       end
-    end
+    end unless provider.roles.blank?
     result
   end
 

app/policies/execution_environment_policy.rb

@@ -1,9 +1,9 @@
 class ExecutionEnvironmentPolicy < AdminOnlyPolicy
-  [:execute_command?, :shell?, :statistics?].each do |action|
+  [:execute_command?, :shell?, :statistics?, :show?].each do |action|
     define_method(action) { admin? || author? }
   end
 
-  [:show?, :index?, :new?].each do |action|
+  [:index?].each do |action|
     define_method(action) { admin? || teacher? }
   end
 end

app/policies/file_template_policy.rb

@@ -1,13 +1,5 @@
 class FileTemplatePolicy < AdminOnlyPolicy
 
-  def index?
-    admin? || teacher?
-  end
-
-  def show?
-    admin? || teacher?
-  end
-
   def by_file_type?
     everyone
   end

app/policies/file_type_policy.rb

@@ -1,6 +1,3 @@
 class FileTypePolicy < AdminOnlyPolicy
-  [:index?, :show?].each do |action|
-    define_method(action) { admin? || teacher? }
-  end
 
 end

app/policies/intervention_policy.rb

@@ -11,8 +11,8 @@ class InterventionPolicy < AdminOrAuthorPolicy
     define_method(action) { admin? || author?}
   end
 
-  [:reload?].each do |action|
+  def reload?
-    define_method(action) { everyone }
+    everyone
   end
 
   class Scope < Scope

app/policies/proxy_exercise_policy.rb

@@ -20,7 +20,7 @@ class ProxyExercisePolicy < AdminOrAuthorPolicy
       if @user.admin?
         @scope.all
       elsif @user.teacher?
-        @scope.where('user_id = ?', @user.id)
+        @scope.where('user_id = ? OR public = TRUE', @user.id)
       else
         @scope.none
       end

app/policies/request_for_comment_policy.rb

@@ -11,8 +11,8 @@ class RequestForCommentPolicy < ApplicationPolicy
     everyone
   end
 
-  [:destroy?].each do |action|
+  def destroy?
-    define_method(action) { admin? }
+    admin?
   end
 
   def mark_as_solved?

app/policies/subscription_policy.rb

@@ -7,10 +7,6 @@ class SubscriptionPolicy < ApplicationPolicy
     author? || admin?
   end
 
-  def show_error?
-    everyone
-  end
-
   def author?
     @user == @record.user
   end

app/policies/tag_policy.rb

@@ -1,29 +1,13 @@
-class TagPolicy < AdminOrAuthorPolicy
+class TagPolicy < AdminOnlyPolicy
-  def batch_update?
-    admin?
-  end
-
-  def show?
-    admin? || teacher?
-  end
-
-  [:clone?, :destroy?, :edit?, :update?].each do |action|
-    define_method(action) { admin? || author?}
-  end
-
-  [:reload?].each do |action|
-    define_method(action) { everyone }
-  end
 
   class Scope < Scope
     def resolve
-      if @user.admin?
+      if @user.admin? || @user.teacher?
         @scope.all
-      elsif @user.teacher?
-        @scope.where('user_id = ? OR public = TRUE', @user.id)
       else
         @scope.none
       end
     end
   end
+
 end

config/locales/de.yml

@@ -47,6 +47,7 @@ de:
         consumer: Konsument
         email: E-Mail
         name: Name
+        role: Rolle
       file:
         content: Inhalt
         feedback_message: Feedback-Nachricht

config/locales/en.yml

@@ -47,6 +47,7 @@ en:
         consumer: Consumer
         email: Email
         name: Name
+        role: Role
       file:
         content: Content
         feedback_message: Feedback Message

spec/features/authorization_spec.rb

@@ -23,11 +23,11 @@ describe 'Authorization' do
     let(:user) { FactoryBot.create(:teacher) }
     before(:each) { allow_any_instance_of(ApplicationController).to receive(:current_user).and_return(user) }
 
-    [Consumer, InternalUser].each do |model|
+    [Consumer, InternalUser, ExecutionEnvironment, FileType].each do |model|
       expect_forbidden_path(:"new_#{model.model_name.singular}_path")
     end
 
-    [ExecutionEnvironment, Exercise, FileType].each do |model|
+    [Exercise].each do |model|
       expect_permitted_path(:"new_#{model.model_name.singular}_path")
     end
   end

spec/policies/execution_environment_policy_spec.rb

@@ -5,7 +5,7 @@ describe ExecutionEnvironmentPolicy do
 
   let(:execution_environment) { FactoryBot.build(:ruby) }
 
-  [:create?, :index?, :new?].each do |action|
+  [:index?].each do |action|
     permissions(action) do
       it 'grants access to admins' do
         expect(subject).to permit(FactoryBot.build(:admin), execution_environment)
@@ -21,7 +21,7 @@ describe ExecutionEnvironmentPolicy do
     end
   end
 
-  [:execute_command?, :shell?, :statistics?].each do |action|
+  [:execute_command?, :shell?, :statistics?, :show?].each do |action|
     permissions(action) do
       it 'grants access to admins' do
         expect(subject).to permit(FactoryBot.build(:admin), execution_environment)
@@ -39,7 +39,7 @@ describe ExecutionEnvironmentPolicy do
     end
   end
 
-  [:destroy?, :edit?, :show?, :update?].each do |action|
+  [:destroy?, :edit?, :update?, :new?, :create?].each do |action|
     permissions(action) do
       it 'grants access to admins' do
         expect(subject).to permit(FactoryBot.build(:admin), execution_environment)

spec/policies/file_type_policy_spec.rb

@@ -5,23 +5,7 @@ describe FileTypePolicy do
 
   let(:file_type) { FactoryBot.build(:dot_rb) }
 
-  [:create?, :index?, :new?].each do |action|
+  [:destroy?, :edit?, :update?, :new?, :create?, :index?, :show?].each do |action|
-    permissions(action) do
-      it 'grants access to admins' do
-        expect(subject).to permit(FactoryBot.build(:admin), file_type)
-      end
-
-      it 'grants access to teachers' do
-        expect(subject).to permit(FactoryBot.build(:teacher), file_type)
-      end
-
-      it 'does not grant access to external users' do
-        expect(subject).not_to permit(FactoryBot.build(:external_user), file_type)
-      end
-    end
-  end
-
-  [:destroy?, :edit?, :show?, :update?].each do |action|
     permissions(action) do
       it 'grants access to admins' do
         expect(subject).to permit(FactoryBot.build(:admin), file_type)