Improve CodeOcean::FilePolicy with specs

2020-12-07 14:41:30 +01:00
parent fac29f73d4
commit f5492ca35d
3 changed files with 27 additions and 5 deletions
--- a/app/policies/code_ocean/file_policy.rb
+++ b/app/policies/code_ocean/file_policy.rb
@ -14,7 +14,7 @@ module CodeOcean

    def create?
      if @record.context.is_a?(Exercise)
-        admin? # FIXME: || author?
+        admin? || author?
      elsif @record.context.is_a?(Submission) and @record.context.exercise.allow_file_creation
        author?
      else
--- a/spec/controllers/code_ocean/files_controller_spec.rb
+++ b/spec/controllers/code_ocean/files_controller_spec.rb
@ -9,7 +9,10 @@ describe CodeOcean::FilesController do

    context 'with a valid file' do
      let(:perform_request) { proc { post :create, params: { code_ocean_file: FactoryBot.build(:file, context: submission).attributes, format: :json } } }
-      before(:each) { perform_request.call }
+      before(:each) do
+        submission.exercise.update(allow_file_creation: true)
+        perform_request.call
+      end

      expect_assigns(file: CodeOcean::File)

@ -22,7 +25,10 @@ describe CodeOcean::FilesController do
    end

    context 'with an invalid file' do
-      before(:each) { post :create, params: { code_ocean_file: {context_id: submission.id, context_type: Submission}, format: :json } }
+      before(:each) do
+        submission.exercise.update(allow_file_creation: true)
+        post :create, params: { code_ocean_file: {context_id: submission.id, context_type: Submission}, format: :json }
+      end

      expect_assigns(file: CodeOcean::File)
      expect_json
--- a/spec/policies/code_ocean/file_policy_spec.rb
+++ b/spec/policies/code_ocean/file_policy_spec.rb
@ -28,9 +28,25 @@ describe CodeOcean::FilePolicy do
    context 'as part of a submission' do
      let(:file) { submission.files.first }

+      context 'where file creation is allowed' do
+        before do
+          submission.exercise.update(allow_file_creation: true)
+        end
+
        it 'grants access to authors' do
          expect(subject).to permit(submission.author, file)
        end
+      end
+
+      context 'where file creation is not allowed' do
+        before do
+          submission.exercise.update(allow_file_creation: false)
+        end
+
+        it 'grants access to authors' do
+          expect(subject).not_to permit(submission.author, file)
+        end
+      end

      it 'does not grant access to all other users' do
        [:admin, :external_user, :teacher].each do |factory_name|