Refs #5325@0.5h; Use policies for calendar sharing

Use policies to determine if a user is allowed to share a calendar,
instead of a hardcoded string

5 files changed, 34 insertions, 15 deletions

diff --git a/app/models/user.rb b/app/models/user.rb
index 37d35209a..1342f60ed 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -36,7 +36,7 @@ class User < ActiveRecord::Base
     self.name         = extra[:full_name]
     self.email        = extra[:email]
     self.organisation = Organisation.sync_update extra[:organisation_code], extra[:organisation_name], extra[:functional_scope]
-    self.permissions  = Stif::PermissionTranslator.translate(extra[:permissions])
+    self.permissions  = Stif::PermissionTranslator.translate(extra[:permissions], self.organisation)
   end
 
   def self.portail_api_request
diff --git a/app/policies/calendar_policy.rb b/app/policies/calendar_policy.rb
index 074c41d8d..3ba708ec9 100644
--- a/app/policies/calendar_policy.rb
+++ b/app/policies/calendar_policy.rb
@@ -5,18 +5,15 @@ class CalendarPolicy < ApplicationPolicy
     end
   end
 
-  def create? 
+  def create?
     !archived? && user.has_permission?('calendars.create')
   end
-  def destroy?
-    !archived? & organisation_match? && user.has_permission?('calendars.destroy')
-  end
-  def update?
-    !archived? && organisation_match? && user.has_permission?('calendars.update')
-  end
+  def destroy?; instance_permission("destroy") end
+  def update?; instance_permission("update") end
+  def share?; instance_permission("share") end
 
-  def share?
-    user.organisation.name == 'STIF' # FIXME
+  private
+  def instance_permission permission
+    !archived? & organisation_match? && user.has_permission?("calendars.#{permission}")
   end
-
 end
diff --git a/lib/stif/permission_translator.rb b/lib/stif/permission_translator.rb
index 2d267bc7b..4a1c3ec8c 100644
--- a/lib/stif/permission_translator.rb
+++ b/lib/stif/permission_translator.rb
@@ -1,11 +1,11 @@
 module Stif
   module PermissionTranslator extend self
 
-    def translate(sso_extra_permissions)
-      sso_extra_permissions
-        .sort
+    def translate(sso_extra_permissions, organisation=nil)
+      permissions = sso_extra_permissions.sort
         .flat_map(&method(:extra_permission_translation))
-        .uniq
+      permissions += extra_organisation_permissions(organisation)
+      permissions.uniq
     end
 
     private
@@ -49,5 +49,10 @@ module Stif
         "boiv:edit-offer" => all_destructive_permissions + %w{sessions.create},
       }
     end
+
+    def extra_organisation_permissions organisation
+      return %w(calendars.share) if organisation&.name&.downcase == "stif"
+      []
+    end
   end
 end
diff --git a/spec/lib/stif/permission_translator_spec.rb b/spec/lib/stif/permission_translator_spec.rb
index ae1a2d1d5..355b0e336 100644
--- a/spec/lib/stif/permission_translator_spec.rb
+++ b/spec/lib/stif/permission_translator_spec.rb
@@ -42,4 +42,18 @@ RSpec.describe Stif::PermissionTranslator do
       ).to match_array(Support::Permissions.all_permissions)
     end
   end
+
+  context "For the STIF organisation" do
+    let(:organisation){ build_stubbed :organisation, name: "STIF" }
+    it "adds the calendars.share permission" do
+      expect( described_class.translate([], organisation) ).to eq(%w{calendars.share})
+    end
+
+    context "with the case changed" do
+      let(:organisation){ build_stubbed :organisation, name: "StiF" }
+      it "adds the calendars.share permission" do
+        expect( described_class.translate([], organisation) ).to eq(%w{calendars.share})
+      end
+    end
+  end
 end
diff --git a/spec/policies/calendar_policy_spec.rb b/spec/policies/calendar_policy_spec.rb
index 294be8198..8b1facc71 100644
--- a/spec/policies/calendar_policy_spec.rb
+++ b/spec/policies/calendar_policy_spec.rb
@@ -7,6 +7,9 @@ RSpec.describe CalendarPolicy, type: :policy do
   permissions :create? do
     it_behaves_like 'permitted policy', 'calendars.create', archived: true
   end
+  permissions :share? do
+    it_behaves_like 'permitted policy and same organisation', 'calendars.share', archived: true
+  end
   permissions :destroy? do
     it_behaves_like 'permitted policy and same organisation', 'calendars.destroy', archived: true
   end