Improve CodeOcean::FilePolicy with specs
This commit is contained in:
Sebastian Serth
@ -14,7 +14,7 @@ module CodeOcean
|
|||||||
|
|
||||||
def create?
|
def create?
|
||||||
if @record.context.is_a?(Exercise)
|
if @record.context.is_a?(Exercise)
|
||||||
admin? # FIXME: || author?
|
admin? || author?
|
||||||
elsif @record.context.is_a?(Submission) and @record.context.exercise.allow_file_creation
|
elsif @record.context.is_a?(Submission) and @record.context.exercise.allow_file_creation
|
||||||
author?
|
author?
|
||||||
else
|
else
|
||||||
|
|||||||
@ -9,7 +9,10 @@ describe CodeOcean::FilesController do
|
|||||||
|
|
||||||
context 'with a valid file' do
|
context 'with a valid file' do
|
||||||
let(:perform_request) { proc { post :create, params: { code_ocean_file: FactoryBot.build(:file, context: submission).attributes, format: :json } } }
|
let(:perform_request) { proc { post :create, params: { code_ocean_file: FactoryBot.build(:file, context: submission).attributes, format: :json } } }
|
||||||
before(:each) { perform_request.call }
|
before(:each) do
|
||||||
|
submission.exercise.update(allow_file_creation: true)
|
||||||
|
perform_request.call
|
||||||
|
end
|
||||||
|
|
||||||
expect_assigns(file: CodeOcean::File)
|
expect_assigns(file: CodeOcean::File)
|
||||||
|
|
||||||
@ -22,7 +25,10 @@ describe CodeOcean::FilesController do
|
|||||||
end
|
end
|
||||||
|
|
||||||
context 'with an invalid file' do
|
context 'with an invalid file' do
|
||||||
before(:each) { post :create, params: { code_ocean_file: {context_id: submission.id, context_type: Submission}, format: :json } }
|
before(:each) do
|
||||||
|
submission.exercise.update(allow_file_creation: true)
|
||||||
|
post :create, params: { code_ocean_file: {context_id: submission.id, context_type: Submission}, format: :json }
|
||||||
|
end
|
||||||
|
|
||||||
expect_assigns(file: CodeOcean::File)
|
expect_assigns(file: CodeOcean::File)
|
||||||
expect_json
|
expect_json
|
||||||
|
|||||||
@ -28,9 +28,25 @@ describe CodeOcean::FilePolicy do
|
|||||||
context 'as part of a submission' do
|
context 'as part of a submission' do
|
||||||
let(:file) { submission.files.first }
|
let(:file) { submission.files.first }
|
||||||
|
|
||||||
|
context 'where file creation is allowed' do
|
||||||
|
before do
|
||||||
|
submission.exercise.update(allow_file_creation: true)
|
||||||
|
end
|
||||||
|
|
||||||
it 'grants access to authors' do
|
it 'grants access to authors' do
|
||||||
expect(subject).to permit(submission.author, file)
|
expect(subject).to permit(submission.author, file)
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'where file creation is not allowed' do
|
||||||
|
before do
|
||||||
|
submission.exercise.update(allow_file_creation: false)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'grants access to authors' do
|
||||||
|
expect(subject).not_to permit(submission.author, file)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
it 'does not grant access to all other users' do
|
it 'does not grant access to all other users' do
|
||||||
[:admin, :external_user, :teacher].each do |factory_name|
|
[:admin, :external_user, :teacher].each do |factory_name|
|
||||||
|
|||||||
Reference in New Issue
Block a user