diff --git a/app/policies/exercise_policy.rb b/app/policies/exercise_policy.rb index eced0408..07ee02df 100644 --- a/app/policies/exercise_policy.rb +++ b/app/policies/exercise_policy.rb @@ -19,10 +19,14 @@ class ExercisePolicy < AdminOrAuthorPolicy admin? end - [:clone?, :destroy?, :edit?, :update?, :export_external_check?, :export_external_confirm?].each do |action| + [:clone?, :destroy?, :edit?, :update?].each do |action| define_method(action) { admin? || teacher_in_study_group? || author? } end + [:export_external_check?, :export_external_confirm?].each do |action| + define_method(action) { (admin? || teacher_in_study_group? || author?) && @user.codeharbor_link } + end + [:implement?, :working_times?, :intervention?, :search?, :submit?, :reload?].each do |action| define_method(action) { everyone } end diff --git a/spec/policies/exercise_policy_spec.rb b/spec/policies/exercise_policy_spec.rb index 999f1a1c..7f9d60a1 100644 --- a/spec/policies/exercise_policy_spec.rb +++ b/spec/policies/exercise_policy_spec.rb @@ -30,7 +30,7 @@ let(:exercise) { FactoryBot.build(:dummy, public: true) } end end - [:clone?, :destroy?, :edit?, :update?, :export_external_check?, :export_external_confirm?].each do |action| + [:clone?, :destroy?, :edit?, :update?].each do |action| permissions(action) do it 'grants access to admins' do expect(subject).to permit(FactoryBot.build(:admin), exercise) @@ -48,6 +48,60 @@ let(:exercise) { FactoryBot.build(:dummy, public: true) } end end + [:export_external_check?, :export_external_confirm?].each do |action| + permissions(action) do + context 'when user is author' do + let(:user) { exercise.author } + + it 'does not grant access' do + expect(subject).not_to permit(user, exercise) + end + + context 'when user has codeharbor_link' do + before { user.codeharbor_link = FactoryBot.build(:codeharbor_link) } + + it 'grants access' do + expect(subject).to permit(user, exercise) + end + end + end + + context 'when user is admin' do + let(:user) { FactoryBot.build(:admin) } + + it 'does not grant access' do + expect(subject).not_to permit(user, exercise) + end + + context 'when user has codeharbor_link' do + before { user.codeharbor_link = FactoryBot.build(:codeharbor_link) } + + it 'grants access' do + expect(subject).to permit(user, exercise) + end + end + end + + [:external_user, :teacher].each do |factory_name| + context "when user is #{factory_name}" do + let(:user) { FactoryBot.build(factory_name) } + + it 'does not grant access' do + expect(subject).not_to permit(user, exercise) + end + + context 'when user has codeharbor_link' do + before { user.codeharbor_link = FactoryBot.build(:codeharbor_link) } + + it 'does not grants access' do + expect(subject).not_to permit(user, exercise) + end + end + end + end + end + end + [:show?].each do |action| permissions(action) do it 'not grants access to external users' do