Merge branch '5333-add-policies-for-referentials-sharing'

17 files changed, 172 insertions, 14 deletions

diff --git a/app/controllers/line_referentials_controller.rb b/app/controllers/line_referentials_controller.rb
index 39c2cdb89..03dab3f8f 100644
--- a/app/controllers/line_referentials_controller.rb
+++ b/app/controllers/line_referentials_controller.rb
@@ -3,6 +3,7 @@ class LineReferentialsController < ChouetteController
   defaults :resource_class => LineReferential
 
   def sync
+    authorize resource, :synchronize?
     @sync = resource.line_referential_syncs.build
     if @sync.save
       flash[:notice] = t('notice.line_referential_sync.created')
diff --git a/app/controllers/stop_area_referentials_controller.rb b/app/controllers/stop_area_referentials_controller.rb
index 85541230d..f2d375e49 100644
--- a/app/controllers/stop_area_referentials_controller.rb
+++ b/app/controllers/stop_area_referentials_controller.rb
@@ -2,6 +2,7 @@ class StopAreaReferentialsController < ChouetteController
 
   defaults :resource_class => StopAreaReferential
   def sync
+    authorize resource, :synchronize?
     @sync = resource.stop_area_referential_syncs.build
     if @sync.save
       flash[:notice] = t('notice.stop_area_referential_sync.created')
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 124604cd9..713542ff4 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -23,12 +23,18 @@ module ApplicationHelper
   end
 
   def page_header_meta(object)
-    info = t('last_update', time: l(object.updated_at, format: :short))
-    if object.try(:versions)
-      author = object.versions.try(:last).try(:whodunnit) || t('default_whodunnit')
-      info   = "#{info} <br/> #{t('whodunnit', author: author)}"
+    out = ""
+    display = true
+    display = policy(object).synchronize? if policy(object).respond_to?(:synchronize?) rescue false
+    if display
+      info = t('last_update', time: l(object.updated_at, format: :short))
+      if object.try(:versions)
+        author = object.versions.try(:last).try(:whodunnit) || t('default_whodunnit')
+        info   = "#{info} <br/> #{t('whodunnit', author: author)}"
+      end
+      out += content_tag :div, info.html_safe, class: 'small last-update'
     end
-    content_tag :div, info.html_safe, class: 'small'
+    out.html_safe
   end
 
   def page_header_content_for(object)
diff --git a/app/policies/line_referential_policy.rb b/app/policies/line_referential_policy.rb
new file mode 100644
index 000000000..ee742a083
--- /dev/null
+++ b/app/policies/line_referential_policy.rb
@@ -0,0 +1,14 @@
+class LineReferentialPolicy < ApplicationPolicy
+  class Scope < Scope
+    def resolve
+      scope
+    end
+  end
+
+  def synchronize?; instance_permission("synchronize") end
+
+  private
+  def instance_permission permission
+    user.has_permission?("line_referentials.#{permission}")
+  end
+end
diff --git a/app/policies/stop_area_referential_policy.rb b/app/policies/stop_area_referential_policy.rb
new file mode 100644
index 000000000..e370babf8
--- /dev/null
+++ b/app/policies/stop_area_referential_policy.rb
@@ -0,0 +1,14 @@
+class StopAreaReferentialPolicy < ApplicationPolicy
+  class Scope < Scope
+    def resolve
+      scope
+    end
+  end
+
+  def synchronize?; instance_permission("synchronize") end
+
+  private
+  def instance_permission permission
+    user.has_permission?("stop_area_referentials.#{permission}")
+  end
+end
diff --git a/app/views/line_referentials/show.html.slim b/app/views/line_referentials/show.html.slim
index b4b32bc52..763eb076e 100644
--- a/app/views/line_referentials/show.html.slim
+++ b/app/views/line_referentials/show.html.slim
@@ -1,7 +1,8 @@
 - breadcrumb :line_referential, @line_referential
 - page_header_content_for @line_referential
-- content_for :page_header_actions do
-  = link_to(t('actions.sync'), sync_line_referential_path(@line_referential), method: :post, class: 'btn btn-default')
+- if policy(@line_referential).synchronize?
+  - content_for :page_header_actions do
+    = link_to(t('actions.sync'), sync_line_referential_path(@line_referential), method: :post, class: 'btn btn-default')
 
 - content_for :page_header_content do
   .row.mb-md
diff --git a/app/views/stop_area_referentials/show.html.slim b/app/views/stop_area_referentials/show.html.slim
index b562df5d5..911006c39 100644
--- a/app/views/stop_area_referentials/show.html.slim
+++ b/app/views/stop_area_referentials/show.html.slim
@@ -1,6 +1,7 @@
 - breadcrumb :stop_area_referential, @stop_area_referential
-- content_for :page_header_actions do
-  = link_to(t('actions.sync'), sync_stop_area_referential_path(@stop_area_referential), method: :post, class: 'btn btn-default')
+- if policy(@stop_area_referential).synchronize?
+  - content_for :page_header_actions do
+    = link_to(t('actions.sync'), sync_stop_area_referential_path(@stop_area_referential), method: :post, class: 'btn btn-default')
 
 - content_for :page_header_content do
   .row.mb-md
diff --git a/lib/stif/permission_translator.rb b/lib/stif/permission_translator.rb
index 4a1c3ec8c..4acf42884 100644
--- a/lib/stif/permission_translator.rb
+++ b/lib/stif/permission_translator.rb
@@ -51,7 +51,9 @@ module Stif
     end
 
     def extra_organisation_permissions organisation
-      return %w(calendars.share) if organisation&.name&.downcase == "stif"
+      if organisation&.name&.downcase == "stif"
+        return %w{calendars.share stop_area_referentials.synchronize line_referentials.synchronize}
+      end
       []
     end
   end
diff --git a/spec/controllers/line_referentials_controller_spec.rb b/spec/controllers/line_referentials_controller_spec.rb
index aee24b0fa..17ffb670d 100644
--- a/spec/controllers/line_referentials_controller_spec.rb
+++ b/spec/controllers/line_referentials_controller_spec.rb
@@ -1,3 +1,19 @@
 RSpec.describe LineReferentialsController, :type => :controller do
+  login_user
 
+  let(:line_referential) { create :line_referential }
+
+  describe 'PUT sync' do
+    let(:request){ put :sync, id: line_referential.id }
+
+    it 'should redirect to 403' do
+       expect(request).to redirect_to "/403"
+    end
+
+    with_permission "line_referentials.synchronize" do
+      it 'returns HTTP success' do
+        expect(request).to redirect_to [line_referential]
+      end
+    end
+  end
 end
diff --git a/spec/controllers/stop_area_referentials_controller_spec.rb b/spec/controllers/stop_area_referentials_controller_spec.rb
new file mode 100644
index 000000000..c8d7e1736
--- /dev/null
+++ b/spec/controllers/stop_area_referentials_controller_spec.rb
@@ -0,0 +1,17 @@
+RSpec.describe StopAreaReferentialsController, :type => :controller do
+  login_user
+
+  let(:stop_area_referential) { create :stop_area_referential }
+
+  describe 'PUT sync' do
+    let(:request){ put :sync, id: stop_area_referential.id }
+
+    it { request.should redirect_to "/403" }
+
+    with_permission "stop_area_referentials.synchronize" do
+      it 'returns HTTP success' do
+        expect(request).to redirect_to [stop_area_referential]
+      end
+    end
+  end
+end
diff --git a/spec/lib/stif/permission_translator_spec.rb b/spec/lib/stif/permission_translator_spec.rb
index 355b0e336..9771af187 100644
--- a/spec/lib/stif/permission_translator_spec.rb
+++ b/spec/lib/stif/permission_translator_spec.rb
@@ -1,3 +1,4 @@
+# coding: utf-8
 RSpec.describe Stif::PermissionTranslator do
 
   context "No SSO Permissions" do
@@ -45,14 +46,15 @@ RSpec.describe Stif::PermissionTranslator do
 
   context "For the STIF organisation" do
     let(:organisation){ build_stubbed :organisation, name: "STIF" }
-    it "adds the calendars.share permission" do
-      expect( described_class.translate([], organisation) ).to eq(%w{calendars.share})
+    let(:permissions){ %w{calendars.share stop_area_referentials.synchronize line_referentials.synchronize}.sort }
+    it "adds the STIF permission" do
+      expect(described_class.translate([], organisation).sort).to eq permissions
     end
 
     context "with the case changed" do
       let(:organisation){ build_stubbed :organisation, name: "StiF" }
-      it "adds the calendars.share permission" do
-        expect( described_class.translate([], organisation) ).to eq(%w{calendars.share})
+      it "adds the STIF permission" do
+        expect(described_class.translate([], organisation).sort).to eq permissions
       end
     end
   end
diff --git a/spec/policies/calendar_policy_spec.rb b/spec/policies/calendar_policy_spec.rb
index 5fd1eca47..a881d0e80 100644
--- a/spec/policies/calendar_policy_spec.rb
+++ b/spec/policies/calendar_policy_spec.rb
@@ -10,6 +10,9 @@ RSpec.describe CalendarPolicy, type: :policy do
   permissions :share? do
     it_behaves_like 'permitted policy and same organisation', 'calendars.share'
   end
+  permissions :share? do
+    it_behaves_like 'permitted policy and same organisation', 'calendars.share', archived: true
+  end
   permissions :destroy? do
     it_behaves_like 'permitted policy and same organisation', 'calendars.destroy'
   end
diff --git a/spec/policies/line_referential_policy_spec.rb b/spec/policies/line_referential_policy_spec.rb
new file mode 100644
index 000000000..7e0a9da8e
--- /dev/null
+++ b/spec/policies/line_referential_policy_spec.rb
@@ -0,0 +1,9 @@
+RSpec.describe LineReferentialPolicy, type: :policy do
+
+  let( :record ){ build_stubbed :line_referential }
+  before { stub_policy_scope(record) }
+
+  permissions :synchronize? do
+    it_behaves_like 'permitted policy', 'line_referentials.synchronize'
+  end
+end
diff --git a/spec/policies/sto_area_referential_policy_spec.rb b/spec/policies/sto_area_referential_policy_spec.rb
new file mode 100644
index 000000000..5bd6da427
--- /dev/null
+++ b/spec/policies/sto_area_referential_policy_spec.rb
@@ -0,0 +1,9 @@
+RSpec.describe StopAreaReferentialPolicy, type: :policy do
+
+  let( :record ){ build_stubbed :stop_area_referential }
+  before { stub_policy_scope(record) }
+
+  permissions :synchronize? do
+    it_behaves_like 'permitted policy', 'stop_area_referentials.synchronize'
+  end
+end
diff --git a/spec/support/controller_spec_helper.rb b/spec/support/controller_spec_helper.rb
new file mode 100644
index 000000000..1d0288dea
--- /dev/null
+++ b/spec/support/controller_spec_helper.rb
@@ -0,0 +1,18 @@
+module ControllerSpecHelper
+  def with_permission permission, &block
+    context "with permission #{permission}" do
+      login_user
+      before(:each) do
+        @user.permissions << permission
+        @user.save!
+        sign_in @user
+      end
+      context('', &block) if block_given?
+    end
+  end
+
+end
+
+RSpec.configure do |config|
+  config.extend ControllerSpecHelper, type: :controller
+end
diff --git a/spec/views/line_referentials/show.html.slim_spec.rb b/spec/views/line_referentials/show.html.slim_spec.rb
new file mode 100644
index 000000000..0516677cb
--- /dev/null
+++ b/spec/views/line_referentials/show.html.slim_spec.rb
@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+describe "/line_referentials/show", :type => :view do
+
+  let!(:line_referential) { assign :line_referential, create(:line_referential) }
+
+  before :each do
+    render
+  end
+
+  it "should not present syncing infos and button" do
+    expect(view.content_for(:page_header_actions)).to_not have_selector("a[href=\"#{view.sync_line_referential_path(line_referential)}\"]")
+    expect(view.content_for(:page_header_meta)).to_not have_selector(".last-update")
+  end
+
+  with_permission "line_referentials.synchronize" do
+    it "should present syncing infos and button" do
+      expect(view.content_for(:page_header_actions)).to have_selector("a[href=\"#{view.sync_line_referential_path(line_referential)}\"]", count: 1)
+      expect(view.content_for(:page_header_meta)).to have_selector(".last-update", count: 1)
+    end
+  end
+end
diff --git a/spec/views/line_referentials/stop_area_referentials/show.html.slim_spec.rb b/spec/views/line_referentials/stop_area_referentials/show.html.slim_spec.rb
new file mode 100644
index 000000000..71a8d16f5
--- /dev/null
+++ b/spec/views/line_referentials/stop_area_referentials/show.html.slim_spec.rb
@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+describe "/stop_area_referentials/show", :type => :view do
+
+  let!(:stop_area_referential) { assign :stop_area_referential, create(:stop_area_referential) }
+
+  before :each do
+    render
+  end
+
+  it "should not present syncing infos and button" do
+    expect(view.content_for(:page_header_actions)).to_not have_selector("a[href=\"#{view.sync_stop_area_referential_path(stop_area_referential)}\"]")
+    expect(view.content_for(:page_header_meta)).to_not have_selector(".last-update")
+  end
+
+  with_permission "stop_area_referentials.synchronize" do
+    it "should present syncing infos and button" do
+      expect(view.content_for(:page_header_actions)).to have_selector("a[href=\"#{view.sync_stop_area_referential_path(stop_area_referential)}\"]", count: 1)
+      expect(view.content_for(:page_header_meta)).to have_selector(".last-update", count: 1)
+    end
+  end
+end