Merge pull request #80 from af83/4440-add-permissions-to-imports

4440 add permissions to imports

12 files changed, 83 insertions, 24 deletions

diff --git a/app/controllers/imports_controller.rb b/app/controllers/imports_controller.rb
index 3333dc535..f2e65e445 100644
--- a/app/controllers/imports_controller.rb
+++ b/app/controllers/imports_controller.rb
@@ -1,4 +1,5 @@
 class ImportsController < BreadcrumbController
+  include PolicyChecker
   skip_before_action :authenticate_user!, only: [:download]
   defaults resource_class: Import, collection_name: 'imports', instance_name: 'import'
   before_action :ransack_started_at_params, only: [:index]
diff --git a/app/decorators/company_decorator.rb b/app/decorators/company_decorator.rb
index 402bd3ab6..764cce3a0 100644
--- a/app/decorators/company_decorator.rb
+++ b/app/decorators/company_decorator.rb
@@ -19,8 +19,6 @@ class CompanyDecorator < Draper::Decorator
     links = []
 
     if h.policy(Chouette::Company).create?
-      require 'pry'
-      binding.pry
       links << Link.new(
         content: h.t('companies.actions.new'),
         href: h.new_line_referential_company_path(context[:referential])
diff --git a/app/models/vehicle_journey_import.rb b/app/models/vehicle_journey_import.rb
index 44a6d457e..250f3a9e9 100644
--- a/app/models/vehicle_journey_import.rb
+++ b/app/models/vehicle_journey_import.rb
@@ -1,5 +1,3 @@
-# -*- coding: utf-8 -*-
-
 class VehicleJourneyImport
   include ActiveModel::Validations
   include ActiveModel::Conversion
diff --git a/app/policies/import_policy.rb b/app/policies/import_policy.rb
index 9e1d99a66..b12dcc167 100644
--- a/app/policies/import_policy.rb
+++ b/app/policies/import_policy.rb
@@ -4,4 +4,16 @@ class ImportPolicy < ApplicationPolicy
       scope
     end
   end
+
+  def create?
+    !archived? && user.has_permission?('imports.create')
+  end
+
+  def destroy?
+    !archived? && user.has_permission?('imports.destroy')
+  end
+
+  def update?
+    !archived? && user.has_permission?('imports.update')
+  end
 end
diff --git a/lib/stif/permission_translator.rb b/lib/stif/permission_translator.rb
index 2bc565968..15d5ffc89 100644
--- a/lib/stif/permission_translator.rb
+++ b/lib/stif/permission_translator.rb
@@ -19,6 +19,7 @@ module Stif
         access_points
         connection_links calendars
         footnotes
+        imports
         journey_patterns
         referentials routes routing_constraint_zones
         time_tables
@@ -29,7 +30,6 @@ module Stif
     end
 
     def destructive_permissions_for(models)
-      @__destructive_permissions_for__ ||=
         models.product( %w{create destroy update} ).map{ |model_action| model_action.join('.') }
     end
 
diff --git a/spec/controllers/imports_controller_spec.rb b/spec/controllers/imports_controller_spec.rb
index f07190496..22be9f6ed 100644
--- a/spec/controllers/imports_controller_spec.rb
+++ b/spec/controllers/imports_controller_spec.rb
@@ -5,10 +5,16 @@ RSpec.describe ImportsController, :type => :controller do
   let(:import)    { create :import, workbench: workbench }
 
   describe 'GET #new' do
-    it 'should be successful' do
+    it 'should be successful if authorized' do
       get :new, workbench_id: workbench.id
       expect(response).to be_success
     end
+
+    it 'should be unsuccessful unless authorized' do
+      remove_permissions('imports.create', from_user: @user, save: true)
+      get :new, workbench_id: workbench.id
+      expect(response).not_to be_success
+    end
   end
 
   describe 'GET #download' do
@@ -18,4 +24,5 @@ RSpec.describe ImportsController, :type => :controller do
       expect( response.body ).to eq(import.file.read)
     end
   end
+
 end
diff --git a/spec/policies/api_key_policy_spec.rb b/spec/policies/api_key_policy_spec.rb
index f0242978e..3638a05b2 100644
--- a/spec/policies/api_key_policy_spec.rb
+++ b/spec/policies/api_key_policy_spec.rb
@@ -21,7 +21,7 @@ RSpec.describe ApiKeyPolicy do
     end
     context 'permission present → '  do
       it 'allows a user with a different organisation' do
-        add_permissions('api_keys.create', for_user: user)
+        add_permissions('api_keys.create', to_user: user)
         expect_it.to permit(user_context, record)
       end
     end
@@ -40,7 +40,7 @@ RSpec.describe ApiKeyPolicy do
 
     context 'permission present → '  do
       before do
-        add_permissions('api_keys.update', for_user: user)
+        add_permissions('api_keys.update', to_user: user)
       end
 
       it 'denies a user with a different organisation' do
diff --git a/spec/policies/import_policy_spec.rb b/spec/policies/import_policy_spec.rb
new file mode 100644
index 000000000..fd9f3172c
--- /dev/null
+++ b/spec/policies/import_policy_spec.rb
@@ -0,0 +1,41 @@
+RSpec.describe ImportPolicy, type: :policy do
+
+  let( :record ){ build_stubbed :import }
+  before { stub_policy_scope(record) }
+
+  #
+  #  Non Destructive
+  #  ---------------
+
+  context 'Non Destructive actions →' do
+    permissions :index? do
+      it_behaves_like 'always allowed', 'anything', archived: true
+    end
+    permissions :show? do
+      it_behaves_like 'always allowed', 'anything', archived: true
+    end
+  end
+
+
+  #
+  #  Destructive
+  #  -----------
+
+  context 'Destructive actions →' do
+    permissions :create? do
+      it_behaves_like 'permitted policy', 'imports.create', archived: true
+    end
+    permissions :destroy? do
+      it_behaves_like 'permitted policy', 'imports.destroy', archived: true
+    end
+    permissions :edit? do
+      it_behaves_like 'permitted policy', 'imports.update', archived: true
+    end
+    permissions :new? do
+      it_behaves_like 'permitted policy', 'imports.create', archived: true
+    end
+    permissions :update? do
+      it_behaves_like 'permitted policy', 'imports.update', archived: true
+    end
+  end
+end
diff --git a/spec/policies/referential_policy_spec.rb b/spec/policies/referential_policy_spec.rb
index 69d0eb17b..d00415fc6 100644
--- a/spec/policies/referential_policy_spec.rb
+++ b/spec/policies/referential_policy_spec.rb
@@ -9,7 +9,7 @@ RSpec.describe ReferentialPolicy, type: :policy do
 
   permissions :create? do
     it 'permissions present → allowed' do
-      add_permissions('referentials.create', for_user: user)
+      add_permissions('referentials.create', to_user: user)
       expect_it.to permit(user_context, record)
     end
     it 'permissions absent → forbidden' do
@@ -19,7 +19,7 @@ RSpec.describe ReferentialPolicy, type: :policy do
 
   permissions :new? do
     it 'permissions present → allowed' do
-      add_permissions('referentials.create', for_user: user)
+      add_permissions('referentials.create', to_user: user)
       expect_it.to permit(user_context, record)
     end
     it 'permissions absent → forbidden' do
@@ -53,7 +53,7 @@ RSpec.describe ReferentialPolicy, type: :policy do
 
     context 'permission present →' do
       before do
-        add_permissions('referentials.update', for_user: user)
+        add_permissions('referentials.update', to_user: user)
       end
 
       context 'same organisation →' do
@@ -108,7 +108,7 @@ RSpec.describe ReferentialPolicy, type: :policy do
 
     context 'permission present →' do
       before do
-        add_permissions('referentials.update', for_user: user)
+        add_permissions('referentials.update', to_user: user)
       end
 
       context 'same organisation →' do
diff --git a/spec/support/permissions.rb b/spec/support/permissions.rb
index 467c07a32..13666aca3 100644
--- a/spec/support/permissions.rb
+++ b/spec/support/permissions.rb
@@ -18,6 +18,7 @@ module Support
       connection_links
       calendars
       footnotes
+      imports
       journey_patterns
       referentials
       routes
diff --git a/spec/support/pundit/policies.rb b/spec/support/pundit/policies.rb
index d5bb63243..a3489d9db 100644
--- a/spec/support/pundit/policies.rb
+++ b/spec/support/pundit/policies.rb
@@ -3,18 +3,18 @@ require 'pundit/rspec'
 module Support
   module Pundit
     module Policies
-      def add_permissions(*permissions, for_user:)
-        for_user.permissions ||= []
-        for_user.permissions += permissions.flatten
+      def add_permissions(*permissions, to_user:)
+        to_user.permissions ||= []
+        to_user.permissions += permissions.flatten
       end
 
       def create_user_context(user:, referential:)
         UserContext.new(user, referential: referential)
       end
 
-      def add_permissions(*permissions, for_user:)
-        for_user.permissions ||= []
-        for_user.permissions += permissions.flatten
+      def remove_permissions(*permissions, from_user:, save: false)
+        from_user.permissions -= permissions.flatten
+        from_user.save! if save
       end
 
     end
@@ -30,7 +30,7 @@ module Support
       end
       def with_user_permission(permission, &blk)
         it "with user permission #{permission.inspect}" do
-          add_permissions(permission, for_user: user)
+          add_permissions(permission, to_user: user)
           blk.()
         end
       end
@@ -41,7 +41,7 @@ module Support
         perms, options = permissions.partition{|x| String === x}
         context "with permissions #{perms.inspect}...", *options do
           before do
-            add_permissions(*permissions, for_user: @user)
+            add_permissions(*permissions, to_user: @user)
           end
           instance_eval(&blk)
         end
@@ -51,6 +51,7 @@ module Support
 end
 
 RSpec.configure do | c |
+  c.include Support::Pundit::Policies, type: :controller
   c.include Support::Pundit::Policies, type: :policy
   c.extend Support::Pundit::PoliciesMacros, type: :policy
   c.include Support::Pundit::Policies, type: :feature
diff --git a/spec/support/pundit/shared_examples.rb b/spec/support/pundit/shared_examples.rb
index 63a106759..49c6845da 100644
--- a/spec/support/pundit/shared_examples.rb
+++ b/spec/support/pundit/shared_examples.rb
@@ -18,7 +18,7 @@ RSpec.shared_examples 'always allowed' do
 
   context 'different organisations →' do
     before do
-      add_permissions(permission, for_user: user)
+      add_permissions(permission, to_user: user)
     end
     it "allows a user with a different organisation" do
       expect_it.to permit(user_context, record)
@@ -51,7 +51,7 @@ RSpec.shared_examples 'always forbidden' do
 
   context 'different organisations →' do
     before do
-      add_permissions(permission, for_user: user)
+      add_permissions(permission, to_user: user)
     end
     it "denies a user with a different organisation" do
       expect_it.not_to permit(user_context, record)
@@ -80,7 +80,7 @@ RSpec.shared_examples 'permitted policy and same organisation' do
 
   context 'permission present → '  do
     before do
-      add_permissions(permission, for_user: user)
+      add_permissions(permission, to_user: user)
     end
 
     it 'denies a user with a different organisation' do
@@ -113,7 +113,7 @@ RSpec.shared_examples 'permitted policy' do
 
   context 'permission present → '  do
     before do
-      add_permissions(permission, for_user: user)
+      add_permissions(permission, to_user: user)
     end
 
     it 'allows user' do