diff options
| author | Robert | 2017-05-22 09:57:25 +0200 |
|---|---|---|
| committer | Robert | 2017-05-23 17:53:36 +0200 |
| commit | 632377b0c7bdbcd66a4a7f1aa5bc5f39410a10a3 (patch) | |
| tree | 155f6536f7e08238d5fbcf851a39852a5923e68c | |
| parent | 78b991cbab5431b94afa2df2344170d38b189d27 (diff) | |
| download | chouette-core-632377b0c7bdbcd66a4a7f1aa5bc5f39410a10a3.tar.bz2 | |
Refs: #3383; sketching stif permission for boiv:read-offer
| -rw-r--r-- | app/models/user.rb | 4 | ||||
| -rw-r--r-- | app/policies/application_policy.rb | 2 | ||||
| -rw-r--r-- | spec/policies/application_policy_spec.rb | 4 |
3 files changed, 5 insertions, 5 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 1230a64a1..14dbeb4d7 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,4 +1,3 @@ -# coding: utf-8 class User < ActiveRecord::Base # Include default devise modules. Others available are: # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable, :database_authenticatable @@ -52,7 +51,7 @@ class User < ActiveRecord::Base raise 'Rails.application.config.stif_portail_api settings is not defined' unless conf conn = Faraday.new(:url => conf[:url]) do |c| - c.headers['Authorization'] = "Token token=\"#{conf[:key]}\"" + c.headers['Authorization'] = %{Token token="#{conf[:key]}"} c.adapter Faraday.default_adapter end @@ -73,6 +72,7 @@ class User < ActiveRecord::Base user.organisation = Organisation.sync_update el['organization_code'], el['organization_name'], el['functional_scope'] user.synced_at = Time.now user.permissions = el['permissions'].include?('boiv:edit-offer') ? @@edit_offer_permissions : [] + user.permissions += el['permissions'].grep( %r{^\Aboiv:read-offer\z} ) user.save puts "✓ user #{user.username} has been updated" unless Rails.env.test? end diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb index c6b87a1c8..de8a23344 100644 --- a/app/policies/application_policy.rb +++ b/app/policies/application_policy.rb @@ -49,7 +49,7 @@ class ApplicationPolicy end def boiv_read_offer? - organisation_match? && user.has_permission?('boiv:read_offer') + organisation_match? && user.has_permission?('boiv:read-offer') end def organisation_match? diff --git a/spec/policies/application_policy_spec.rb b/spec/policies/application_policy_spec.rb index c6e5b89bf..4433e18b8 100644 --- a/spec/policies/application_policy_spec.rb +++ b/spec/policies/application_policy_spec.rb @@ -25,7 +25,7 @@ RSpec.describe ApplicationPolicy, type: :policy do expect_it.not_to permit(user_context, referential) end it "even if she has the permisson" do - add_permissions('boiv:read_offer', for_user: user) + add_permissions('boiv:read-offer', for_user: user) expect_it.not_to permit(user_context, referential) end end @@ -38,7 +38,7 @@ RSpec.describe ApplicationPolicy, type: :policy do expect_it.not_to permit(user_context, referential) end it "allows if permission present" do - add_permissions('boiv:read_offer', for_user: user) + add_permissions('boiv:read-offer', for_user: user) expect_it.to permit(user_context, referential) end end |