Refactor exercise_controller and move more checks to policy

* We introduce a custom handler for Pundit::NotAuthorizedError
2022-09-04 00:05:13 +02:00
parent 0de213b8c7
commit 49f4f0e6c5
4 changed files with 78 additions and 7 deletions
--- a/spec/controllers/exercises_controller_spec.rb
+++ b/spec/controllers/exercises_controller_spec.rb
@ -187,6 +187,17 @@ describe ExercisesController do
      expect_flash_message(:alert, :'exercises.implement.no_files')
      expect_redirect(:exercise)
    end
+
+    context 'with other users accessing an unpublished exercise' do
+      let(:exercise) { create(:fibonacci, unpublished: true) }
+      let(:user) { create(:teacher) }
+
+      before { perform_request.call }
+
+      expect_assigns(exercise: :exercise)
+      expect_flash_message(:alert, :'exercises.implement.unpublished')
+      expect_redirect(:exercise)
+    end
  end

  describe 'GET #index' do
@ -223,6 +234,8 @@ describe ExercisesController do

  describe 'GET #reload' do
    context 'when being anyone' do
+      let(:exercise) { create(:fibonacci) }
+
      before { get :reload, format: :json, params: {id: exercise.id} }

      expect_assigns(exercise: :exercise)