From f5492ca35d3f800207ebe33f0f04d9591db65876 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Mon, 7 Dec 2020 14:41:30 +0100 Subject: [PATCH] Improve CodeOcean::FilePolicy with specs --- app/policies/code_ocean/file_policy.rb | 2 +- .../code_ocean/files_controller_spec.rb | 10 ++++++++-- spec/policies/code_ocean/file_policy_spec.rb | 20 +++++++++++++++++-- 3 files changed, 27 insertions(+), 5 deletions(-) diff --git a/app/policies/code_ocean/file_policy.rb b/app/policies/code_ocean/file_policy.rb index c9753c3a..3d5ab473 100644 --- a/app/policies/code_ocean/file_policy.rb +++ b/app/policies/code_ocean/file_policy.rb @@ -14,7 +14,7 @@ module CodeOcean def create? if @record.context.is_a?(Exercise) - admin? # FIXME: || author? + admin? || author? elsif @record.context.is_a?(Submission) and @record.context.exercise.allow_file_creation author? else diff --git a/spec/controllers/code_ocean/files_controller_spec.rb b/spec/controllers/code_ocean/files_controller_spec.rb index a2886eb8..bca4daaf 100644 --- a/spec/controllers/code_ocean/files_controller_spec.rb +++ b/spec/controllers/code_ocean/files_controller_spec.rb @@ -9,7 +9,10 @@ describe CodeOcean::FilesController do context 'with a valid file' do let(:perform_request) { proc { post :create, params: { code_ocean_file: FactoryBot.build(:file, context: submission).attributes, format: :json } } } - before(:each) { perform_request.call } + before(:each) do + submission.exercise.update(allow_file_creation: true) + perform_request.call + end expect_assigns(file: CodeOcean::File) @@ -22,7 +25,10 @@ describe CodeOcean::FilesController do end context 'with an invalid file' do - before(:each) { post :create, params: { code_ocean_file: {context_id: submission.id, context_type: Submission}, format: :json } } + before(:each) do + submission.exercise.update(allow_file_creation: true) + post :create, params: { code_ocean_file: {context_id: submission.id, context_type: Submission}, format: :json } + end expect_assigns(file: CodeOcean::File) expect_json diff --git a/spec/policies/code_ocean/file_policy_spec.rb b/spec/policies/code_ocean/file_policy_spec.rb index ac928cb3..276ded5f 100644 --- a/spec/policies/code_ocean/file_policy_spec.rb +++ b/spec/policies/code_ocean/file_policy_spec.rb @@ -28,8 +28,24 @@ describe CodeOcean::FilePolicy do context 'as part of a submission' do let(:file) { submission.files.first } - it 'grants access to authors' do - expect(subject).to permit(submission.author, file) + context 'where file creation is allowed' do + before do + submission.exercise.update(allow_file_creation: true) + end + + it 'grants access to authors' do + expect(subject).to permit(submission.author, file) + end + end + + context 'where file creation is not allowed' do + before do + submission.exercise.update(allow_file_creation: false) + end + + it 'grants access to authors' do + expect(subject).not_to permit(submission.author, file) + end end it 'does not grant access to all other users' do