Refs: #3383; boiv intermediate policy speced and implmntd

  - Policy spex specific support code moved to spec/support/pundit
  - Shared Xample group for policies permitting access depening on one specific permission and organisation_match

9 files changed, 117 insertions, 108 deletions

diff --git a/app/policies/boiv_policy.rb b/app/policies/boiv_policy.rb
index bf7805aa2..e29a2e6de 100644
--- a/app/policies/boiv_policy.rb
+++ b/app/policies/boiv_policy.rb
@@ -1,3 +1,15 @@
-class BoivPolicy < BoivPolicy
+class BoivPolicy < ApplicationPolicy
+
+  def boiv_read_offer?
+    organisation_match? && user.has_permission?('boiv:read-offer')
+  end
+
+  def index?
+    boiv_read_offer?
+  end
+
+  def show?
+    boiv_read_offer?
+  end
   
 end
diff --git a/spec/policies/application_policy_spec.rb b/spec/policies/application_policy_spec.rb
index 4433e18b8..a7234461e 100644
--- a/spec/policies/application_policy_spec.rb
+++ b/spec/policies/application_policy_spec.rb
@@ -1,11 +1,5 @@
 RSpec.describe ApplicationPolicy, type: :policy do
 
-  let( :user_context ) { create_user_context(user: user, referential: referential)  }
-  let( :referentail )  { create :referential }
-  let( :user )         { create :user }
-
-  subject { described_class }
-  
   permissions :organisation_match? do
 
     it "denies a user with a different organisation" do
@@ -18,29 +12,4 @@ RSpec.describe ApplicationPolicy, type: :policy do
     end
   end
 
-  permissions :boiv_read_offer? do
-
-    context "user of a different organisation → " do
-      it "denies a user with a different organisation" do
-        expect_it.not_to permit(user_context, referential)
-      end
-      it "even if she has the permisson" do
-        add_permissions('boiv:read-offer', for_user: user)
-        expect_it.not_to permit(user_context, referential)
-      end
-    end
-
-    context "user of the same organisation → " do
-      before do
-        user.update_attribute :organisation, referential.organisation
-      end
-      it "denies if permission absent" do
-        expect_it.not_to permit(user_context, referential)
-      end
-      it "allows if permission present" do
-        add_permissions('boiv:read-offer', for_user: user)
-        expect_it.to permit(user_context, referential)
-      end
-    end
-  end
 end
diff --git a/spec/policies/boiv_policy_spec.rb b/spec/policies/boiv_policy_spec.rb
new file mode 100644
index 000000000..3af82ddfe
--- /dev/null
+++ b/spec/policies/boiv_policy_spec.rb
@@ -0,0 +1,16 @@
+RSpec.describe BoivPolicy, type: :policy do
+  
+
+  permissions :index? do
+    it_behaves_like 'permitted and same organisation', 'boiv:read-offer'
+  end
+
+  permissions :boiv_read_offer? do
+    it_behaves_like 'permitted and same organisation', 'boiv:read-offer'
+  end
+
+  permissions :show? do
+    it_behaves_like 'permitted and same organisation', 'boiv:read-offer'
+  end
+
+end
diff --git a/spec/policies/time_table_policy_spec.rb b/spec/policies/time_table_policy_spec.rb
index 63bd316e4..48beea75d 100644
--- a/spec/policies/time_table_policy_spec.rb
+++ b/spec/policies/time_table_policy_spec.rb
@@ -1,26 +1,7 @@
 RSpec.describe TimeTablePolicy, type: :policy do
 
   permissions :duplicate? do
-    context "user of a different organisation" do
-      it "is denied" do
-        expect_it.not_to permit(user_context, referential)
-      end
-      it "even if she has the time_tables.create permission" do
-        add_permissions 'time_tables.create', for_user: user
-        expect_it.not_to permit(user_context, referential)
-      end
-    end
-    context "user of the same organisation" do
-      before do
-        user.update_attribute :organisation, referential.organisation
-      end
-      it "is denied" do
-        expect_it.not_to permit(user_context, referential)
-      end
-      it "unless she has the time_tables.create permission" do
-        add_permissions 'time_tables.create', for_user: user
-        expect_it.to permit(user_context, referential)
-      end
-    end
+    it_behaves_like 'permitted and same organisation', 'time_tables.create'
   end
+
 end
diff --git a/spec/support/pundit.rb b/spec/support/pundit.rb
deleted file mode 100644
index 2147c27aa..000000000
--- a/spec/support/pundit.rb
+++ /dev/null
@@ -1,35 +0,0 @@
-require 'pundit/rspec'
-
-module Support
-  module ApplicationPolicy
-    def add_permissions(*permissions, for_user:)
-      for_user.permissions ||= []
-      for_user.permissions += permissions.flatten
-    end
-
-    def create_user_context(user:, referential:)
-      OpenStruct.new(user: user, context: {referential: referential})
-    end
-
-    def add_permissions(*permissions, for_user:)
-      for_user.permissions ||= []
-      for_user.permissions += permissions.flatten
-    end
-  end
-
-  module ApplicationPolicyMacros
-    def self.extended into
-      into.module_eval do
-        subject { described_class }
-        let( :user_context ) { create_user_context(user: user, referential: referential)  }
-        let( :referentail )  { create :referential }
-        let( :user )         { create :user }
-      end
-    end
-  end
-end
-
-RSpec.configure do | c |
-  c.include Support::ApplicationPolicy, type: :policy
-  c.extend Support::ApplicationPolicyMacros, type: :policy
-end
diff --git a/spec/support/pundit/policies.rb b/spec/support/pundit/policies.rb
new file mode 100644
index 000000000..637a2a528
--- /dev/null
+++ b/spec/support/pundit/policies.rb
@@ -0,0 +1,37 @@
+require 'pundit/rspec'
+
+module Support
+  module Pundit
+    module Policies
+      def add_permissions(*permissions, for_user:)
+        for_user.permissions ||= []
+        for_user.permissions += permissions.flatten
+      end
+
+      def create_user_context(user:, referential:)
+        OpenStruct.new(user: user, context: {referential: referential})
+      end
+
+      def add_permissions(*permissions, for_user:)
+        for_user.permissions ||= []
+        for_user.permissions += permissions.flatten
+      end
+    end
+
+    module PoliciesMacros
+      def self.extended into
+        into.module_eval do
+          subject { described_class }
+          let( :user_context ) { create_user_context(user: user, referential: referential)  }
+          let( :referentail )  { create :referential }
+          let( :user )         { create :user }
+        end
+      end
+    end
+  end
+end
+
+RSpec.configure do | c |
+  c.include Support::Pundit::Policies, type: :policy
+  c.extend Support::Pundit::PoliciesMacros, type: :policy
+end
diff --git a/spec/support/pundit/pundit_view_policy.rb b/spec/support/pundit/pundit_view_policy.rb
new file mode 100644
index 000000000..b8434cac0
--- /dev/null
+++ b/spec/support/pundit/pundit_view_policy.rb
@@ -0,0 +1,22 @@
+module Pundit
+  module PunditViewPolicy
+    extend ActiveSupport::Concern
+
+    included do
+      before do
+        controller.singleton_class.class_eval do
+          def policy(instance)
+            Class.new do
+              def method_missing(*args, &block); true; end
+            end.new
+          end
+          helper_method :policy
+        end
+      end
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include Pundit::PunditViewPolicy, type: :view
+end
diff --git a/spec/support/pundit/shared_examples.rb b/spec/support/pundit/shared_examples.rb
new file mode 100644
index 000000000..9583ab30c
--- /dev/null
+++ b/spec/support/pundit/shared_examples.rb
@@ -0,0 +1,27 @@
+RSpec.shared_examples "permitted and same organisation" do |permission|
+
+  context "permission absent → " do
+    it "denies a user with a different organisation" do
+      expect_it.not_to permit(user_context, referential)
+    end
+    it "and also a user with the same organisation" do
+      user.update_attribute :organisation, referential.organisation
+      expect_it.not_to permit(user_context, referential)
+    end
+  end
+  
+  context "permission present → "  do
+    before do
+      add_permissions(permission, for_user: user)
+    end
+
+    it "denies a user with a different organisation" do
+      expect_it.not_to permit(user_context, referential)
+    end
+
+    it "but allows it for a user with the same organisation" do
+      user.update_attribute :organisation, referential.organisation
+      expect_it.to permit(user_context, referential)
+    end
+  end
+end
diff --git a/spec/support/pundit_view_policy.rb b/spec/support/pundit_view_policy.rb
deleted file mode 100644
index 2945b9aac..000000000
--- a/spec/support/pundit_view_policy.rb
+++ /dev/null
@@ -1,20 +0,0 @@
-module PunditViewPolicy
-  extend ActiveSupport::Concern
-
-  included do
-    before do
-      controller.singleton_class.class_eval do
-        def policy(instance)
-          Class.new do
-            def method_missing(*args, &block); true; end
-          end.new
-        end
-        helper_method :policy
-      end
-    end
-  end
-end
-
-RSpec.configure do |config|
-  config.include PunditViewPolicy, type: :view
-end