fix codeharbor_export policies, add specs

2020-10-29 18:06:14 +01:00
parent 9cd8ca2013
commit 517886ea0b
2 changed files with 60 additions and 2 deletions
--- a/app/policies/exercise_policy.rb
+++ b/app/policies/exercise_policy.rb
@ -19,10 +19,14 @@ class ExercisePolicy < AdminOrAuthorPolicy
    admin?
  end

-  [:clone?, :destroy?, :edit?, :update?, :export_external_check?, :export_external_confirm?].each do |action|
+  [:clone?, :destroy?, :edit?, :update?].each do |action|
    define_method(action) { admin? || teacher_in_study_group? || author? }
  end

+  [:export_external_check?, :export_external_confirm?].each do |action|
+    define_method(action) { (admin? || teacher_in_study_group? || author?) && @user.codeharbor_link }
+  end
+
  [:implement?, :working_times?, :intervention?, :search?, :submit?, :reload?].each do |action|
    define_method(action) { everyone }
  end
--- a/spec/policies/exercise_policy_spec.rb
+++ b/spec/policies/exercise_policy_spec.rb
@ -30,7 +30,7 @@ let(:exercise) { FactoryBot.build(:dummy, public: true) }
    end
  end

-  [:clone?, :destroy?, :edit?, :update?, :export_external_check?, :export_external_confirm?].each do |action|
+  [:clone?, :destroy?, :edit?, :update?].each do |action|
    permissions(action) do
      it 'grants access to admins' do
        expect(subject).to permit(FactoryBot.build(:admin), exercise)
@ -48,6 +48,60 @@ let(:exercise) { FactoryBot.build(:dummy, public: true) }
    end
  end

+  [:export_external_check?, :export_external_confirm?].each do |action|
+    permissions(action) do
+      context 'when user is author' do
+        let(:user) { exercise.author }
+
+        it 'does not grant access' do
+          expect(subject).not_to permit(user, exercise)
+        end
+
+        context 'when user has codeharbor_link' do
+          before { user.codeharbor_link = FactoryBot.build(:codeharbor_link) }
+
+          it 'grants access' do
+            expect(subject).to permit(user, exercise)
+          end
+        end
+      end
+
+      context 'when user is admin' do
+        let(:user) { FactoryBot.build(:admin) }
+
+        it 'does not grant access' do
+          expect(subject).not_to permit(user, exercise)
+        end
+
+        context 'when user has codeharbor_link' do
+          before { user.codeharbor_link = FactoryBot.build(:codeharbor_link) }
+
+          it 'grants access' do
+            expect(subject).to permit(user, exercise)
+          end
+        end
+      end
+
+      [:external_user, :teacher].each do |factory_name|
+        context "when user is #{factory_name}" do
+          let(:user) { FactoryBot.build(factory_name) }
+
+          it 'does not grant access' do
+            expect(subject).not_to permit(user, exercise)
+          end
+
+          context 'when user has codeharbor_link' do
+            before { user.codeharbor_link = FactoryBot.build(:codeharbor_link) }
+
+            it 'does not grants access' do
+              expect(subject).not_to permit(user, exercise)
+            end
+          end
+        end
+      end
+    end
+  end
+
  [:show?].each do |action|
    permissions(action) do
      it 'not grants access to external users' do