Refs: #3478@3h; Policy Cleanup and Providing Policy and permissions for all models and actions

 - ApplicationPolicy nondestructive permission depend on model existance
 - ApplicationPolicy destructive permission default to `false`
 - Tied Policy permissions at ApplicationPolicy Level: edit? → update?, new? → create?, index? → show?
 - ApplicationPolicy convenience methods `delete?` & `authorizes_action?(action)`
 - Refactoring of `spec/helpers/table_builder_helper_spec.rb` accordingly

 - Stubbing scope in specs (cannot switch to referential with a `build_stubbed` instance)

19 files changed, 58 insertions, 142 deletions

diff --git a/app/helpers/table_builder_helper/custom_links.rb b/app/helpers/table_builder_helper/custom_links.rb
index 7890f3d35..68cb24c7a 100644
--- a/app/helpers/table_builder_helper/custom_links.rb
+++ b/app/helpers/table_builder_helper/custom_links.rb
@@ -41,23 +41,11 @@ module TableBuilderHelper
     end
 
     def authorized_actions
-      @actions.select(&method(:action_authorized?))
-    end
-    def action_authorized?(action)
-      # TODO: Remove this guard when all resources have policies associated to them
-      return true unless policy
-      policy.public_send("#{action}?")
-    rescue NoMethodError
-      # TODO: When all action permissions are implemented for all policies remove this rescue clause
-      action_is_allowed_regardless_of_policy(action)
+      @actions.select(&policy.method(:authorizes_action?))
     end
 
     private
 
-    def action_is_allowed_regardless_of_policy(action)
-      ![:delete, :edit, :archive, :unarchive, :duplicate, :actualize].include?(action)
-    end
-
     def policy
       @__policy__ ||= Pundit.policy(user_context, object)
     end
diff --git a/app/policies/acces_point_policy.rb b/app/policies/acces_point_policy.rb
index 904b7a242..4e017eae4 100644
--- a/app/policies/acces_point_policy.rb
+++ b/app/policies/acces_point_policy.rb
@@ -9,14 +9,11 @@ class AccessPointPolicy < ApplicationPolicy
     user.has_permission?('access_points.create') # organisation match via referential is checked in the view
   end
 
-  def edit?
+  def update?
     organisation_match? && user.has_permission?('access_points.edit')
   end
 
   def destroy?
     organisation_match? && user.has_permission?('access_points.destroy')
   end
-
-  def update?  ; edit? end
-  def new?     ; create? end
 end
diff --git a/app/policies/access_link_policy.rb b/app/policies/access_link_policy.rb
index 73b2d1baa..4c6473f18 100644
--- a/app/policies/access_link_policy.rb
+++ b/app/policies/access_link_policy.rb
@@ -9,14 +9,11 @@ class AccessLinkPolicy < ApplicationPolicy
     user.has_permission?('access_links.create') # organisation match via referential is checked in the view
   end
 
-  def edit?
+  def update?
     organisation_match? && user.has_permission?('access_links.edit')
   end
 
   def destroy?
     organisation_match? && user.has_permission?('access_links.destroy')
   end
-
-  def update?  ; edit? end
-  def new?     ; create? end
 end
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
index e8d7f5f30..b23d9e0cf 100644
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@@ -6,13 +6,25 @@ class ApplicationPolicy
     destroy?
   end
 
-  # Tie edit and update together, #edit?, do not override #edit?,
+  def authorizes_action?(action)
+    public_send("#{action}?")
+  rescue NoMethodError
+    false
+  end
+
+  # Tie edit? and update? together, #edit?, do not override #edit?,
   # unless you want to break this tie on purpose
   def edit?
     update?
   end
 
-  # Tie new and create together, do not override #new?,
+  # Tie index? and show? together, do not override #new?,
+  # unless you want to break this tie on purpose
+  def index?
+    show?
+  end
+
+  # Tie new? and create? together, do not override #new?,
   # unless you want to break this tie on purpose
   def new?
     create?
@@ -39,31 +51,19 @@ class ApplicationPolicy
     record.referential if record.respond_to?(:referential)
   end
 
-  def index?
-    show?
-  end
-
-  def show?
-    scope.where(:id => record.id).exists?
-  end
-
   def create?
     false
   end
 
-  def new?
-    create?
-  end
-
-  def update?
+  def destroy?
     false
   end
 
-  def edit?
-    update?
+  def show?
+    scope.where(:id => record.id).exists?
   end
 
-  def destroy?
+  def update?
     false
   end
 
diff --git a/app/policies/calendar_policy.rb b/app/policies/calendar_policy.rb
index 4248bccc7..927a985b3 100644
--- a/app/policies/calendar_policy.rb
+++ b/app/policies/calendar_policy.rb
@@ -5,23 +5,18 @@ class CalendarPolicy < ApplicationPolicy
     end
   end
 
-  def show?
-    organisation_match? || record.shared
+  def create? 
+    organisation_match?
+  end
+  def destroy?
+    organisation_match?
+  end
+  def update?
+    organisation_match?
   end
-
-  def new?     ; modify?  end
-  def create?  ; new? end
-
-  def edit?    ; modify? end
-  def update?  ; edit? end
-
-  def destroy? ; modify? end
 
   def share?
     user.organisation.name == 'STIF' # FIXME
   end
 
-  def modify?
-    organisation_match?
-  end
 end
diff --git a/app/policies/company_policy.rb b/app/policies/company_policy.rb
index 3cc7822a3..6106798be 100644
--- a/app/policies/company_policy.rb
+++ b/app/policies/company_policy.rb
@@ -4,11 +4,4 @@ class CompanyPolicy < ApplicationPolicy
       scope
     end
   end
-
-  def create?;   false end
-  def destroy?;  false end
-  def edit?;     false end
-  def new?;      false end
-  def show?;     true end
-  def update?;   false end
 end
diff --git a/app/policies/connection_link_policy.rb b/app/policies/connection_link_policy.rb
index abefd741c..7dccd30a9 100644
--- a/app/policies/connection_link_policy.rb
+++ b/app/policies/connection_link_policy.rb
@@ -9,14 +9,11 @@ class ConnectionLinkPolicy < ApplicationPolicy
     user.has_permission?('connection_links.create') # organisation match via referential is checked in the view
   end
 
-  def edit?
-    organisation_match? && user.has_permission?('connection_links.edit')
-  end
-
   def destroy?
     organisation_match? && user.has_permission?('connection_links.destroy')
   end
 
-  def update?  ; edit? end
-  def new?     ; create? end
+  def update?
+    organisation_match? && user.has_permission?('connection_links.edit')
+  end
 end
diff --git a/app/policies/default_policy.rb b/app/policies/default_policy.rb
index efdac1575..1858fbe7c 100644
--- a/app/policies/default_policy.rb
+++ b/app/policies/default_policy.rb
@@ -2,10 +2,4 @@ class DefaultPolicy
   
   def initialize(*args); end
 
-  def create?;   true end
-  def destroy?;  true end
-  def edit?;     true end
-  def index?;    true end
-  def show?;     true end
-  def update?;   true end
 end
diff --git a/app/policies/group_of_line_policy.rb b/app/policies/group_of_line_policy.rb
index 5d42a23bd..03e94449d 100644
--- a/app/policies/group_of_line_policy.rb
+++ b/app/policies/group_of_line_policy.rb
@@ -4,12 +4,4 @@ class GroupOfLinePolicy < ApplicationPolicy
       scope
     end
   end
-
-  def create?
-    false
-  end
-  def update?  ; create? end
-  def new?     ; create? end
-  def edit?    ; create? end
-  def destroy? ; create? end
 end
diff --git a/app/policies/journey_pattern_policy.rb b/app/policies/journey_pattern_policy.rb
index 7ce2da561..99e39eeff 100644
--- a/app/policies/journey_pattern_policy.rb
+++ b/app/policies/journey_pattern_policy.rb
@@ -11,15 +11,12 @@ class JourneyPatternPolicy < ApplicationPolicy
     user.has_permission?('journey_patterns.create')
   end
 
-  def edit?
-    organisation_match? && user.has_permission?('journey_patterns.edit')
-  end
-
   def destroy?
     organisation_match? && user.has_permission?('journey_patterns.destroy')
   end
 
-  def update?  ; edit? end
-  def new?     ; create? end
+  def update?
+    organisation_match? && user.has_permission?('journey_patterns.edit')
+  end
 end
 
diff --git a/app/policies/line_policy.rb b/app/policies/line_policy.rb
index a557b496c..674ed9b8d 100644
--- a/app/policies/line_policy.rb
+++ b/app/policies/line_policy.rb
@@ -6,13 +6,6 @@ class LinePolicy < ApplicationPolicy
     end
   end
 
-  def show?; true end
-  def create?; false end
-  def update?  ; false end
-  def new?     ; create? end
-  def edit?    ; false end
-  def destroy? ; create? end
-
   def create_footnote?
     !archived? && user.has_permission?('footnotes.create')
   end
diff --git a/app/policies/network_policy.rb b/app/policies/network_policy.rb
index 427eace93..9f86451a5 100644
--- a/app/policies/network_policy.rb
+++ b/app/policies/network_policy.rb
@@ -4,12 +4,4 @@ class NetworkPolicy < ApplicationPolicy
       scope
     end
   end
-
-  def create?
-    false
-  end
-  def update?  ; create? end
-  def new?     ; create? end
-  def edit?    ; create? end
-  def destroy? ; create? end
 end
diff --git a/app/policies/referential_policy.rb b/app/policies/referential_policy.rb
index 8e2a8f7f7..371cae218 100644
--- a/app/policies/referential_policy.rb
+++ b/app/policies/referential_policy.rb
@@ -9,14 +9,15 @@ class ReferentialPolicy < ApplicationPolicy
     user.has_permission?('referentials.create')
   end
 
-  def edit?
-    organisation_match? && user.has_permission?('referentials.edit')
-  end
-
   def destroy?
     organisation_match? && user.has_permission?('referentials.destroy')
   end
 
+  def update?
+    organisation_match? && user.has_permission?('referentials.edit')
+  end
+
+
   def archive?
     edit?
   end
@@ -35,8 +36,6 @@ class ReferentialPolicy < ApplicationPolicy
   end
 
   def unarchive? ; archive? end
-  def update? ; edit? end
-  def new? ; create? end
 end
 
 
diff --git a/app/policies/route_policy.rb b/app/policies/route_policy.rb
index a12055aa6..a33551737 100644
--- a/app/policies/route_policy.rb
+++ b/app/policies/route_policy.rb
@@ -9,14 +9,11 @@ class RoutePolicy < ApplicationPolicy
     !archived? && user.has_permission?('routes.create') # organisation match via referential is checked in the view
   end
 
-  def edit?
-    !archived? && organisation_match? && user.has_permission?('routes.edit')
-  end
-
   def destroy?
     !archived? && organisation_match? && user.has_permission?('routes.destroy')
   end
 
-  def update?  ; edit? end
-  def new?     ; create? end
+  def update?
+    !archived? && organisation_match? && user.has_permission?('routes.edit')
+  end
 end
diff --git a/app/policies/routing_constraint_zone_policy.rb b/app/policies/routing_constraint_zone_policy.rb
index 1e7535475..a10a2c909 100644
--- a/app/policies/routing_constraint_zone_policy.rb
+++ b/app/policies/routing_constraint_zone_policy.rb
@@ -9,14 +9,11 @@ class RoutingConstraintZonePolicy < ApplicationPolicy
     !archived? && user.has_permission?('routing_constraint_zones.create') # organisation match via referential is checked in the view
   end
 
-  def edit?
-    !archived? && organisation_match? && user.has_permission?('routing_constraint_zones.edit')
-  end
-
   def destroy?
     !archived? && organisation_match? && user.has_permission?('routing_constraint_zones.destroy')
   end
 
-  def update?  ; edit? end
-  def new?     ; create? end
+  def update?
+    !archived? && organisation_match? && user.has_permission?('routing_constraint_zones.edit')
+  end
 end
diff --git a/app/policies/stop_area_policy.rb b/app/policies/stop_area_policy.rb
index 4fa426ff6..de8ecda8d 100644
--- a/app/policies/stop_area_policy.rb
+++ b/app/policies/stop_area_policy.rb
@@ -4,12 +4,4 @@ class StopAreaPolicy < ApplicationPolicy
       scope
     end
   end
-
-  def create?
-    false
-  end
-  def update?  ; create? end
-  def new?     ; create? end
-  def edit?    ; create? end
-  def destroy? ; create? end
 end
diff --git a/app/policies/time_table_policy.rb b/app/policies/time_table_policy.rb
index 30df8939b..acd31e9b1 100644
--- a/app/policies/time_table_policy.rb
+++ b/app/policies/time_table_policy.rb
@@ -6,26 +6,23 @@ class TimeTablePolicy < ApplicationPolicy
     end
   end
 
-  def actualize?
-    !archived? && organisation_match? && edit?
-  end
-
   def create?
     !archived? && user.has_permission?('time_tables.create') # organisation match via referential is checked in the view
   end
 
-  def edit?
+  def destroy?
+    !archived? && organisation_match? && user.has_permission?('time_tables.destroy')
+  end
+
+  def update?
     !archived? && organisation_match? && user.has_permission?('time_tables.edit')
   end
 
-  def destroy?
-    !archived? && organisation_match? && user.has_permission?('time_tables.destroy')
+  def actualize?
+    !archived? && organisation_match? && edit?
   end
 
   def duplicate?
     !archived? && organisation_match? && create?
   end
-
-  def update?  ; edit? end
-  def new?     ; create? end
 end
diff --git a/app/policies/vehicle_journey_policy.rb b/app/policies/vehicle_journey_policy.rb
index ae3680adf..7737f6d7e 100644
--- a/app/policies/vehicle_journey_policy.rb
+++ b/app/policies/vehicle_journey_policy.rb
@@ -9,14 +9,11 @@ class VehicleJourneyPolicy < ApplicationPolicy
     user.has_permission?('vehicle_journeys.create') # organisation match via referential is checked in the view
   end
 
-  def edit?
-    organisation_match? && user.has_permission?('vehicle_journeys.edit')
-  end
-
   def destroy?
     organisation_match? && user.has_permission?('vehicle_journeys.destroy')
   end
 
-  def update?  ; edit? end
-  def new?     ; create? end
+  def update?
+    organisation_match? && user.has_permission?('vehicle_journeys.edit')
+  end
 end
diff --git a/spec/helpers/table_builder_helper_spec.rb b/spec/helpers/table_builder_helper_spec.rb
index 6d7b60366..6b505c940 100644
--- a/spec/helpers/table_builder_helper_spec.rb
+++ b/spec/helpers/table_builder_helper_spec.rb
@@ -193,6 +193,7 @@ describe TableBuilderHelper, type: :helper do
         companies,
         with: CompanyDecorator
       )
+      allow(CompanyDecorator).to receive(:where).with(id: company.id).and_return double.as_null_object
 
       expected = <<-HTML
 <table class="table has-search">
@@ -302,6 +303,7 @@ describe TableBuilderHelper, type: :helper do
         with: CompanyDecorator,
         context: {line_referential: line_referential}
       )
+      allow(CompanyDecorator).to receive(:where).with(id: company.id).and_return double.as_null_object
 
       expected = <<-HTML
 <table class="table has-search">