diff options
| author | Luc Donnet | 2017-11-28 12:07:16 +0100 |
|---|---|---|
| committer | Luc Donnet | 2017-11-28 12:07:16 +0100 |
| commit | 3a8aa5708a3a2bb5d8b841ab754cfd93bae0104b (patch) | |
| tree | 909b5b1a0ed29df7199b37a3007411d5a36e6da0 | |
| parent | 6bd0791839353750511ce4a49e6b75a462dfec51 (diff) | |
| download | chouette-core-3a8aa5708a3a2bb5d8b841ab754cfd93bae0104b.tar.bz2 | |
Fix import policy to not authorize destroy and not be linked with referential state (archived) Refs #5093
| -rw-r--r-- | app/policies/compliance_check_set_policy.rb | 14 | ||||
| -rw-r--r-- | app/policies/import_policy.rb | 6 | ||||
| -rw-r--r-- | spec/policies/import_policy_spec.rb | 14 |
3 files changed, 23 insertions, 11 deletions
diff --git a/app/policies/compliance_check_set_policy.rb b/app/policies/compliance_check_set_policy.rb index 171a33347..85e7e8ddd 100644 --- a/app/policies/compliance_check_set_policy.rb +++ b/app/policies/compliance_check_set_policy.rb @@ -3,5 +3,17 @@ class ComplianceCheckSetPolicy < ApplicationPolicy def resolve scope end + + def create? + false # ComplianceCheckSet can not be created from controller + end + + def destroy? + false # Asynchronous operations must not be deleted + end + + def update? + false # ComplianceCheckSet can not be updated from controller + end end -end
\ No newline at end of file +end diff --git a/app/policies/import_policy.rb b/app/policies/import_policy.rb index b12dcc167..b5e8c5b7e 100644 --- a/app/policies/import_policy.rb +++ b/app/policies/import_policy.rb @@ -6,14 +6,14 @@ class ImportPolicy < ApplicationPolicy end def create? - !archived? && user.has_permission?('imports.create') + user.has_permission?('imports.create') end def destroy? - !archived? && user.has_permission?('imports.destroy') + false # Asynchronous operations must not be deleted end def update? - !archived? && user.has_permission?('imports.update') + user.has_permission?('imports.update') end end diff --git a/spec/policies/import_policy_spec.rb b/spec/policies/import_policy_spec.rb index fd9f3172c..9c7fca8a5 100644 --- a/spec/policies/import_policy_spec.rb +++ b/spec/policies/import_policy_spec.rb @@ -9,10 +9,10 @@ RSpec.describe ImportPolicy, type: :policy do context 'Non Destructive actions →' do permissions :index? do - it_behaves_like 'always allowed', 'anything', archived: true + it_behaves_like 'always allowed', 'anything' end permissions :show? do - it_behaves_like 'always allowed', 'anything', archived: true + it_behaves_like 'always allowed', 'anything' end end @@ -23,19 +23,19 @@ RSpec.describe ImportPolicy, type: :policy do context 'Destructive actions →' do permissions :create? do - it_behaves_like 'permitted policy', 'imports.create', archived: true + it_behaves_like 'permitted policy', 'imports.create' end permissions :destroy? do - it_behaves_like 'permitted policy', 'imports.destroy', archived: true + it_behaves_like 'always forbidden', 'imports.destroy' end permissions :edit? do - it_behaves_like 'permitted policy', 'imports.update', archived: true + it_behaves_like 'permitted policy', 'imports.update' end permissions :new? do - it_behaves_like 'permitted policy', 'imports.create', archived: true + it_behaves_like 'permitted policy', 'imports.create' end permissions :update? do - it_behaves_like 'permitted policy', 'imports.update', archived: true + it_behaves_like 'permitted policy', 'imports.update' end end end |