Improve CodeOcean::FilePolicy with specs

This commit is contained in:
Sebastian Serth
2020-12-07 14:41:30 +01:00
parent fac29f73d4
commit f5492ca35d
3 changed files with 27 additions and 5 deletions

View File

@ -14,7 +14,7 @@ module CodeOcean
def create? def create?
if @record.context.is_a?(Exercise) if @record.context.is_a?(Exercise)
admin? # FIXME: || author? admin? || author?
elsif @record.context.is_a?(Submission) and @record.context.exercise.allow_file_creation elsif @record.context.is_a?(Submission) and @record.context.exercise.allow_file_creation
author? author?
else else

View File

@ -9,7 +9,10 @@ describe CodeOcean::FilesController do
context 'with a valid file' do context 'with a valid file' do
let(:perform_request) { proc { post :create, params: { code_ocean_file: FactoryBot.build(:file, context: submission).attributes, format: :json } } } let(:perform_request) { proc { post :create, params: { code_ocean_file: FactoryBot.build(:file, context: submission).attributes, format: :json } } }
before(:each) { perform_request.call } before(:each) do
submission.exercise.update(allow_file_creation: true)
perform_request.call
end
expect_assigns(file: CodeOcean::File) expect_assigns(file: CodeOcean::File)
@ -22,7 +25,10 @@ describe CodeOcean::FilesController do
end end
context 'with an invalid file' do context 'with an invalid file' do
before(:each) { post :create, params: { code_ocean_file: {context_id: submission.id, context_type: Submission}, format: :json } } before(:each) do
submission.exercise.update(allow_file_creation: true)
post :create, params: { code_ocean_file: {context_id: submission.id, context_type: Submission}, format: :json }
end
expect_assigns(file: CodeOcean::File) expect_assigns(file: CodeOcean::File)
expect_json expect_json

View File

@ -28,9 +28,25 @@ describe CodeOcean::FilePolicy do
context 'as part of a submission' do context 'as part of a submission' do
let(:file) { submission.files.first } let(:file) { submission.files.first }
context 'where file creation is allowed' do
before do
submission.exercise.update(allow_file_creation: true)
end
it 'grants access to authors' do it 'grants access to authors' do
expect(subject).to permit(submission.author, file) expect(subject).to permit(submission.author, file)
end end
end
context 'where file creation is not allowed' do
before do
submission.exercise.update(allow_file_creation: false)
end
it 'grants access to authors' do
expect(subject).not_to permit(submission.author, file)
end
end
it 'does not grant access to all other users' do it 'does not grant access to all other users' do
[:admin, :external_user, :teacher].each do |factory_name| [:admin, :external_user, :teacher].each do |factory_name|