implemented team-dependent exercise policy
This commit is contained in:
@ -3,7 +3,7 @@ require 'rails_helper'
|
||||
describe ExercisePolicy do
|
||||
subject { ExercisePolicy }
|
||||
|
||||
let(:exercise) { FactoryGirl.build(:fibonacci) }
|
||||
let(:exercise) { FactoryGirl.build(:fibonacci, team: FactoryGirl.create(:team)) }
|
||||
|
||||
[:create?, :index?, :new?].each do |action|
|
||||
permissions(action) do
|
||||
@ -21,7 +21,7 @@ describe ExercisePolicy do
|
||||
end
|
||||
end
|
||||
|
||||
[:destroy?, :edit?, :show?, :update?].each do |action|
|
||||
[:clone?, :destroy?, :edit?, :show?, :statistics?, :update?].each do |action|
|
||||
permissions(action) do
|
||||
it 'grants access to admins' do
|
||||
expect(subject).to permit(FactoryGirl.build(:admin), exercise)
|
||||
@ -31,6 +31,10 @@ describe ExercisePolicy do
|
||||
expect(subject).to permit(exercise.author, exercise)
|
||||
end
|
||||
|
||||
it 'grants access to team members' do
|
||||
expect(subject).to permit(exercise.team.members.first, exercise)
|
||||
end
|
||||
|
||||
it 'does not grant access to all other users' do
|
||||
[:external_user, :teacher].each do |factory_name|
|
||||
expect(subject).not_to permit(FactoryGirl.build(factory_name), exercise)
|
||||
@ -54,11 +58,15 @@ describe ExercisePolicy do
|
||||
let(:admin) { FactoryGirl.create(:admin) }
|
||||
let(:external_user) { FactoryGirl.create(:external_user) }
|
||||
let(:teacher) { FactoryGirl.create(:teacher) }
|
||||
let(:team) { FactoryGirl.create(:team) }
|
||||
|
||||
before(:each) do
|
||||
[admin, teacher].each do |user|
|
||||
[true, false].each do |public|
|
||||
FactoryGirl.create(:fibonacci, public: public, user_id: user.id, user_type: InternalUser.class.name)
|
||||
team.members << teacher
|
||||
[team, nil].each do |team|
|
||||
FactoryGirl.create(:fibonacci, public: public, team: team, user_id: user.id, user_type: InternalUser.class.name)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
@ -74,8 +82,8 @@ describe ExercisePolicy do
|
||||
context 'for external users' do
|
||||
let(:scope) { Pundit.policy_scope!(external_user, Exercise) }
|
||||
|
||||
it 'returns only public exercises' do
|
||||
expect(scope.map(&:id)).to include(*Exercise.where(public: true).map(&:id))
|
||||
it 'returns nothing' do
|
||||
expect(scope.count).to be 0
|
||||
end
|
||||
end
|
||||
|
||||
@ -90,8 +98,12 @@ describe ExercisePolicy do
|
||||
expect(scope.map(&:id)).to include(*Exercise.where(public: false, user_id: teacher.id).map(&:id))
|
||||
end
|
||||
|
||||
it "includes all of team members' non-public exercises" do
|
||||
expect(scope.map(&:id)).to include(*Exercise.where(public: false, team_id: teacher.teams.first.id).map(&:id))
|
||||
end
|
||||
|
||||
it "does not include other authors' non-public exercises" do
|
||||
expect(scope.map(&:id)).not_to include(*Exercise.where(public: false).where("user_id <> #{teacher.id}").map(&:id))
|
||||
expect(scope.map(&:id)).not_to include(*Exercise.where(public: false).where("team_id <> #{teacher.teams.first.id} AND user_id <> #{teacher.id}").map(&:id))
|
||||
end
|
||||
end
|
||||
end
|
||||
|
Reference in New Issue
Block a user