Merge branch '3449_timetable_policies'

5 files changed, 88 insertions, 2 deletions

diff --git a/app/policies/time_table_policy.rb b/app/policies/time_table_policy.rb
index 6ca02f451..82e4ca194 100644
--- a/app/policies/time_table_policy.rb
+++ b/app/policies/time_table_policy.rb
@@ -17,6 +17,10 @@ class TimeTablePolicy < ApplicationPolicy
     organisation_match? && user.has_permission?('time_tables.destroy')
   end
 
+  def duplicate?
+    organisation_match? && create?
+  end
+
   def update?  ; edit? end
   def new?     ; create? end
 end
diff --git a/app/views/time_tables/show.html.slim b/app/views/time_tables/show.html.slim
index 46c32f4b0..1c5984a7d 100644
--- a/app/views/time_tables/show.html.slim
+++ b/app/views/time_tables/show.html.slim
@@ -17,8 +17,8 @@
       /- if policy(@time_table).create? && @referential.organisation == current_organisation
       = link_to t('actions.combine'), new_referential_time_table_time_table_combination_path(@referential, @time_table), class: 'btn btn-primary'
 
-      - if policy(@time_table).create? && @referential.organisation == current_organisation
-        = link_to t('actions.clone'), duplicate_referential_time_table_path(@referential, @time_table), class: 'btn btn-primary'
+      - if policy(@time_table).duplicate?
+        = link_to t('actions.duplicate'), duplicate_referential_time_table_path(@referential, @time_table), class: 'btn btn-primary'
 
       - if policy(@time_table).destroy?
         = link_to referential_time_table_path(@referential, @time_table), method: :delete, data: {confirm:  t('time_tables.actions.destroy_confirm')}, class: 'btn btn-primary' do
diff --git a/spec/features/time_tables_permissions_spec.rb b/spec/features/time_tables_permissions_spec.rb
new file mode 100644
index 000000000..bd94a3aa1
--- /dev/null
+++ b/spec/features/time_tables_permissions_spec.rb
@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+require 'spec_helper'
+
+describe "TimeTables", :type => :feature do
+  login_user
+
+  let(:time_table) { create :time_table }
+
+  describe 'permissions' do
+    before do
+      allow_any_instance_of(TimeTablePolicy).to receive(:duplicate?).and_return permission
+      visit path
+    end
+
+    context 'on show' do
+      let(:path){ referential_time_table_path(referential, time_table)}
+
+      context "if permission's absent → " do
+        let(:permission){ false }
+
+        it 'does not show the corresponsing button' do
+          expect(page).not_to have_link('Dupliquer ce calendrier')
+        end
+      end
+
+      context "if permission's present → " do
+        let(:permission){ true }
+
+        it 'shows the corresponsing button' do
+          expected_href = duplicate_referential_time_table_path(referential, time_table)
+          expect(page).to have_link('Dupliquer', href: expected_href)
+        end
+      end
+    end
+
+  end
+
+end
diff --git a/spec/policies/time_table_policy_spec.rb b/spec/policies/time_table_policy_spec.rb
new file mode 100644
index 000000000..63bd316e4
--- /dev/null
+++ b/spec/policies/time_table_policy_spec.rb
@@ -0,0 +1,26 @@
+RSpec.describe TimeTablePolicy, type: :policy do
+
+  permissions :duplicate? do
+    context "user of a different organisation" do
+      it "is denied" do
+        expect_it.not_to permit(user_context, referential)
+      end
+      it "even if she has the time_tables.create permission" do
+        add_permissions 'time_tables.create', for_user: user
+        expect_it.not_to permit(user_context, referential)
+      end
+    end
+    context "user of the same organisation" do
+      before do
+        user.update_attribute :organisation, referential.organisation
+      end
+      it "is denied" do
+        expect_it.not_to permit(user_context, referential)
+      end
+      it "unless she has the time_tables.create permission" do
+        add_permissions 'time_tables.create', for_user: user
+        expect_it.to permit(user_context, referential)
+      end
+    end
+  end
+end
diff --git a/spec/support/pundit.rb b/spec/support/pundit.rb
index 66225e82f..d818ce754 100644
--- a/spec/support/pundit.rb
+++ b/spec/support/pundit.rb
@@ -2,12 +2,30 @@ require 'pundit/rspec'
 
 module Support
   module ApplicationPolicy
+    def add_permissions(*permissions, for_user:)
+      for_user.permissions ||= []
+      for_user.permissions += permissions.flatten
+    end
+
     def create_user_context(user:, referential:)
       OpenStruct.new(user: user, context: {referential: referential})
     end
   end
+
+  module ApplicationPolicyMacros
+    def self.extended into
+      into.module_eval do
+        subject { described_class }
+        let( :user_context ) { create_user_context(user: user, referential: referential)  }
+        let( :referentail )  { create :referential }
+        let( :user )         { create :user }
+      end
+    end
+    
+  end
 end
 
 RSpec.configure do | c |
   c.include Support::ApplicationPolicy, type: :policy
+  c.extend Support::ApplicationPolicyMacros, type: :policy
 end