Refs #5333@1.5h; Use permissions to sync StopAreas and Lines

- add missing policies - update permissions translator - update views to check for the permission - update views helper to check for the permission - uipdate controllers to check for the permission
author: Zog 2017-12-18 17:18:25 +0100
committer: Zog 2017-12-19 14:21:52 +0100
commit: 98c08c6fae5b0bf59231b3e402ca91307c200297 (patch)
tree: 51dc7a30198d6fa83df13948fc2223effb01cc28
parent: 3aa5ff0d1f5e74b4c46c14e6240e7def82f0451d (diff)
download: chouette-core-98c08c6fae5b0bf59231b3e402ca91307c200297.tar.bz2
19 files changed, 195 insertions, 24 deletions
diff --git a/app/controllers/line_referentials_controller.rb b/app/controllers/line_referentials_controller.rb
index 39c2cdb89..03dab3f8f 100644
--- a/app/controllers/line_referentials_controller.rb
+++ b/app/controllers/line_referentials_controller.rb
@@ -3,6 +3,7 @@ class LineReferentialsController < ChouetteController
   defaults :resource_class => LineReferential
 
   def sync
+    authorize resource, :synchronize?
     @sync = resource.line_referential_syncs.build
     if @sync.save
       flash[:notice] = t('notice.line_referential_sync.created')
diff --git a/app/controllers/stop_area_referentials_controller.rb b/app/controllers/stop_area_referentials_controller.rb
index 85541230d..f2d375e49 100644
--- a/app/controllers/stop_area_referentials_controller.rb
+++ b/app/controllers/stop_area_referentials_controller.rb
@@ -2,6 +2,7 @@ class StopAreaReferentialsController < ChouetteController
 
   defaults :resource_class => StopAreaReferential
   def sync
+    authorize resource, :synchronize?
     @sync = resource.stop_area_referential_syncs.build
     if @sync.save
       flash[:notice] = t('notice.stop_area_referential_sync.created')
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 124604cd9..713542ff4 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -23,12 +23,18 @@ module ApplicationHelper
   end
 
   def page_header_meta(object)
-    info = t('last_update', time: l(object.updated_at, format: :short))
-    if object.try(:versions)
-      author = object.versions.try(:last).try(:whodunnit) || t('default_whodunnit')
-      info   = "#{info} <br/> #{t('whodunnit', author: author)}"
+    out = ""
+    display = true
+    display = policy(object).synchronize? if policy(object).respond_to?(:synchronize?) rescue false
+    if display
+      info = t('last_update', time: l(object.updated_at, format: :short))
+      if object.try(:versions)
+        author = object.versions.try(:last).try(:whodunnit) || t('default_whodunnit')
+        info   = "#{info} <br/> #{t('whodunnit', author: author)}"
+      end
+      out += content_tag :div, info.html_safe, class: 'small last-update'
     end
-    content_tag :div, info.html_safe, class: 'small'
+    out.html_safe
   end
 
   def page_header_content_for(object)
diff --git a/app/models/user.rb b/app/models/user.rb
index 37d35209a..1342f60ed 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -36,7 +36,7 @@ class User < ActiveRecord::Base
     self.name         = extra[:full_name]
     self.email        = extra[:email]
     self.organisation = Organisation.sync_update extra[:organisation_code], extra[:organisation_name], extra[:functional_scope]
-    self.permissions  = Stif::PermissionTranslator.translate(extra[:permissions])
+    self.permissions  = Stif::PermissionTranslator.translate(extra[:permissions], self.organisation)
   end
 
   def self.portail_api_request
diff --git a/app/policies/calendar_policy.rb b/app/policies/calendar_policy.rb
index 074c41d8d..3ba708ec9 100644
--- a/app/policies/calendar_policy.rb
+++ b/app/policies/calendar_policy.rb
@@ -5,18 +5,15 @@ class CalendarPolicy < ApplicationPolicy
     end
   end
 
-  def create? 
+  def create?
     !archived? && user.has_permission?('calendars.create')
   end
-  def destroy?
-    !archived? & organisation_match? && user.has_permission?('calendars.destroy')
-  end
-  def update?
-    !archived? && organisation_match? && user.has_permission?('calendars.update')
-  end
+  def destroy?; instance_permission("destroy") end
+  def update?; instance_permission("update") end
+  def share?; instance_permission("share") end
 
-  def share?
-    user.organisation.name == 'STIF' # FIXME
+  private
+  def instance_permission permission
+    !archived? & organisation_match? && user.has_permission?("calendars.#{permission}")
   end
-
 end
diff --git a/app/policies/line_referential_policy.rb b/app/policies/line_referential_policy.rb
new file mode 100644
index 000000000..ee742a083
--- /dev/null
+++ b/app/policies/line_referential_policy.rb
@@ -0,0 +1,14 @@
+class LineReferentialPolicy < ApplicationPolicy
+  class Scope < Scope
+    def resolve
+      scope
+    end
+  end
+
+  def synchronize?; instance_permission("synchronize") end
+
+  private
+  def instance_permission permission
+    user.has_permission?("line_referentials.#{permission}")
+  end
+end
diff --git a/app/policies/stop_area_referential_policy.rb b/app/policies/stop_area_referential_policy.rb
new file mode 100644
index 000000000..e370babf8
--- /dev/null
+++ b/app/policies/stop_area_referential_policy.rb
@@ -0,0 +1,14 @@
+class StopAreaReferentialPolicy < ApplicationPolicy
+  class Scope < Scope
+    def resolve
+      scope
+    end
+  end
+
+  def synchronize?; instance_permission("synchronize") end
+
+  private
+  def instance_permission permission
+    user.has_permission?("stop_area_referentials.#{permission}")
+  end
+end
diff --git a/app/views/line_referentials/show.html.slim b/app/views/line_referentials/show.html.slim
index b4b32bc52..763eb076e 100644
--- a/app/views/line_referentials/show.html.slim
+++ b/app/views/line_referentials/show.html.slim
@@ -1,7 +1,8 @@
 - breadcrumb :line_referential, @line_referential
 - page_header_content_for @line_referential
-- content_for :page_header_actions do
-  = link_to(t('actions.sync'), sync_line_referential_path(@line_referential), method: :post, class: 'btn btn-default')
+- if policy(@line_referential).synchronize?
+  - content_for :page_header_actions do
+    = link_to(t('actions.sync'), sync_line_referential_path(@line_referential), method: :post, class: 'btn btn-default')
 
 - content_for :page_header_content do
   .row.mb-md
diff --git a/app/views/stop_area_referentials/show.html.slim b/app/views/stop_area_referentials/show.html.slim
index d43333fd9..f66db89f4 100644
--- a/app/views/stop_area_referentials/show.html.slim
+++ b/app/views/stop_area_referentials/show.html.slim
@@ -1,6 +1,7 @@
 - breadcrumb :stop_area_referential, @stop_area_referential
-- content_for :page_header_actions do
-  = link_to(t('actions.sync'), sync_stop_area_referential_path(@stop_area_referential), method: :post, class: 'btn btn-default')
+- if policy(@stop_area_referential).synchronize?
+  - content_for :page_header_actions do
+    = link_to(t('actions.sync'), sync_stop_area_referential_path(@stop_area_referential), method: :post, class: 'btn btn-default')
 
 - content_for :page_header_content do
   .row.mb-md
diff --git a/lib/stif/permission_translator.rb b/lib/stif/permission_translator.rb
index 2d267bc7b..78a4bac18 100644
--- a/lib/stif/permission_translator.rb
+++ b/lib/stif/permission_translator.rb
@@ -1,11 +1,11 @@
 module Stif
   module PermissionTranslator extend self
 
-    def translate(sso_extra_permissions)
-      sso_extra_permissions
-        .sort
+    def translate(sso_extra_permissions, organisation=nil)
+      permissions = sso_extra_permissions.sort
         .flat_map(&method(:extra_permission_translation))
-        .uniq
+      permissions += extra_organisation_permissions(organisation)
+      permissions.uniq
     end
 
     private
@@ -49,5 +49,12 @@ module Stif
         "boiv:edit-offer" => all_destructive_permissions + %w{sessions.create},
       }
     end
+
+    def extra_organisation_permissions organisation
+      if organisation&.name&.downcase == "stif"
+        return %w{calendars.share stop_area_referentials.synchronize line_referentials.synchronize} 
+      end
+      []
+    end
   end
 end
diff --git a/spec/controllers/line_referentials_controller_spec.rb b/spec/controllers/line_referentials_controller_spec.rb
index aee24b0fa..380fe32fd 100644
--- a/spec/controllers/line_referentials_controller_spec.rb
+++ b/spec/controllers/line_referentials_controller_spec.rb
@@ -1,3 +1,17 @@
 RSpec.describe LineReferentialsController, :type => :controller do
+  login_user
 
+  let(:line_referential) { create :line_referential }
+
+  describe 'PUT sync' do
+    let(:request){ put :sync, id: line_referential.id }
+
+    it { request.should redirect_to "/403" }
+
+    with_permission "line_referentials.synchronize" do
+      it 'returns HTTP success' do
+        expect(request).to redirect_to [line_referential]
+      end
+    end
+  end
 end
diff --git a/spec/controllers/stop_area_referentials_controller_spec.rb b/spec/controllers/stop_area_referentials_controller_spec.rb
new file mode 100644
index 000000000..c8d7e1736
--- /dev/null
+++ b/spec/controllers/stop_area_referentials_controller_spec.rb
@@ -0,0 +1,17 @@
+RSpec.describe StopAreaReferentialsController, :type => :controller do
+  login_user
+
+  let(:stop_area_referential) { create :stop_area_referential }
+
+  describe 'PUT sync' do
+    let(:request){ put :sync, id: stop_area_referential.id }
+
+    it { request.should redirect_to "/403" }
+
+    with_permission "stop_area_referentials.synchronize" do
+      it 'returns HTTP success' do
+        expect(request).to redirect_to [stop_area_referential]
+      end
+    end
+  end
+end
diff --git a/spec/lib/stif/permission_translator_spec.rb b/spec/lib/stif/permission_translator_spec.rb
index ae1a2d1d5..04fc1c6f3 100644
--- a/spec/lib/stif/permission_translator_spec.rb
+++ b/spec/lib/stif/permission_translator_spec.rb
@@ -42,4 +42,19 @@ RSpec.describe Stif::PermissionTranslator do
       ).to match_array(Support::Permissions.all_permissions)
     end
   end
+
+  context "For the STIF organisation" do
+    let(:organisation){ build_stubbed :organisation, name: "STIF" }
+    let(:permissions){ %w{calendars.share stop_area_referentials.synchronize line_referentials.synchronize}.sort }
+    it "adds the calendars.share permission" do
+      expect(described_class.translate([], organisation).sort).to eq permissions
+    end
+
+    context "with the case changed" do
+      let(:organisation){ build_stubbed :organisation, name: "StiF" }
+      it "adds the calendars.share permission" do
+        expect(described_class.translate([], organisation).sort).to eq permissions
+      end
+    end
+  end
 end
diff --git a/spec/policies/calendar_policy_spec.rb b/spec/policies/calendar_policy_spec.rb
index 294be8198..8b1facc71 100644
--- a/spec/policies/calendar_policy_spec.rb
+++ b/spec/policies/calendar_policy_spec.rb
@@ -7,6 +7,9 @@ RSpec.describe CalendarPolicy, type: :policy do
   permissions :create? do
     it_behaves_like 'permitted policy', 'calendars.create', archived: true
   end
+  permissions :share? do
+    it_behaves_like 'permitted policy and same organisation', 'calendars.share', archived: true
+  end
   permissions :destroy? do
     it_behaves_like 'permitted policy and same organisation', 'calendars.destroy', archived: true
   end
diff --git a/spec/policies/line_referential_policy_spec.rb b/spec/policies/line_referential_policy_spec.rb
new file mode 100644
index 000000000..7e0a9da8e
--- /dev/null
+++ b/spec/policies/line_referential_policy_spec.rb
@@ -0,0 +1,9 @@
+RSpec.describe LineReferentialPolicy, type: :policy do
+
+  let( :record ){ build_stubbed :line_referential }
+  before { stub_policy_scope(record) }
+
+  permissions :synchronize? do
+    it_behaves_like 'permitted policy', 'line_referentials.synchronize'
+  end
+end
diff --git a/spec/policies/sto_area_referential_policy_spec.rb b/spec/policies/sto_area_referential_policy_spec.rb
new file mode 100644
index 000000000..5bd6da427
--- /dev/null
+++ b/spec/policies/sto_area_referential_policy_spec.rb
@@ -0,0 +1,9 @@
+RSpec.describe StopAreaReferentialPolicy, type: :policy do
+
+  let( :record ){ build_stubbed :stop_area_referential }
+  before { stub_policy_scope(record) }
+
+  permissions :synchronize? do
+    it_behaves_like 'permitted policy', 'stop_area_referentials.synchronize'
+  end
+end
diff --git a/spec/support/controller_spec_helper.rb b/spec/support/controller_spec_helper.rb
new file mode 100644
index 000000000..1d0288dea
--- /dev/null
+++ b/spec/support/controller_spec_helper.rb
@@ -0,0 +1,18 @@
+module ControllerSpecHelper
+  def with_permission permission, &block
+    context "with permission #{permission}" do
+      login_user
+      before(:each) do
+        @user.permissions << permission
+        @user.save!
+        sign_in @user
+      end
+      context('', &block) if block_given?
+    end
+  end
+
+end
+
+RSpec.configure do |config|
+  config.extend ControllerSpecHelper, type: :controller
+end
diff --git a/spec/views/line_referentials/show.html.slim_spec.rb b/spec/views/line_referentials/show.html.slim_spec.rb
new file mode 100644
index 000000000..0516677cb
--- /dev/null
+++ b/spec/views/line_referentials/show.html.slim_spec.rb
@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+describe "/line_referentials/show", :type => :view do
+
+  let!(:line_referential) { assign :line_referential, create(:line_referential) }
+
+  before :each do
+    render
+  end
+
+  it "should not present syncing infos and button" do
+    expect(view.content_for(:page_header_actions)).to_not have_selector("a[href=\"#{view.sync_line_referential_path(line_referential)}\"]")
+    expect(view.content_for(:page_header_meta)).to_not have_selector(".last-update")
+  end
+
+  with_permission "line_referentials.synchronize" do
+    it "should present syncing infos and button" do
+      expect(view.content_for(:page_header_actions)).to have_selector("a[href=\"#{view.sync_line_referential_path(line_referential)}\"]", count: 1)
+      expect(view.content_for(:page_header_meta)).to have_selector(".last-update", count: 1)
+    end
+  end
+end
diff --git a/spec/views/line_referentials/stop_area_referentials/show.html.slim_spec.rb b/spec/views/line_referentials/stop_area_referentials/show.html.slim_spec.rb
new file mode 100644
index 000000000..71a8d16f5
--- /dev/null
+++ b/spec/views/line_referentials/stop_area_referentials/show.html.slim_spec.rb
@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+describe "/stop_area_referentials/show", :type => :view do
+
+  let!(:stop_area_referential) { assign :stop_area_referential, create(:stop_area_referential) }
+
+  before :each do
+    render
+  end
+
+  it "should not present syncing infos and button" do
+    expect(view.content_for(:page_header_actions)).to_not have_selector("a[href=\"#{view.sync_stop_area_referential_path(stop_area_referential)}\"]")
+    expect(view.content_for(:page_header_meta)).to_not have_selector(".last-update")
+  end
+
+  with_permission "stop_area_referentials.synchronize" do
+    it "should present syncing infos and button" do
+      expect(view.content_for(:page_header_actions)).to have_selector("a[href=\"#{view.sync_stop_area_referential_path(stop_area_referential)}\"]", count: 1)
+      expect(view.content_for(:page_header_meta)).to have_selector(".last-update", count: 1)
+    end
+  end
+end
author	Zog	2017-12-18 17:18:25 +0100
committer	Zog	2017-12-19 14:21:52 +0100
commit	98c08c6fae5b0bf59231b3e402ca91307c200297 (patch)
tree	51dc7a30198d6fa83df13948fc2223effb01cc28
parent	3aa5ff0d1f5e74b4c46c14e6240e7def82f0451d (diff)
download	chouette-core-98c08c6fae5b0bf59231b3e402ca91307c200297.tar.bz2