Refs: #3383; boiv intermediate policy speced and implmntd

  - Policy spex specific support code moved to spec/support/pundit
  - Shared Xample group for policies permitting access depening on one specific permission and organisation_match

3 files changed, 86 insertions, 0 deletions

diff --git a/spec/support/pundit/policies.rb b/spec/support/pundit/policies.rb
new file mode 100644
index 000000000..637a2a528
--- /dev/null
+++ b/spec/support/pundit/policies.rb
@@ -0,0 +1,37 @@
+require 'pundit/rspec'
+
+module Support
+  module Pundit
+    module Policies
+      def add_permissions(*permissions, for_user:)
+        for_user.permissions ||= []
+        for_user.permissions += permissions.flatten
+      end
+
+      def create_user_context(user:, referential:)
+        OpenStruct.new(user: user, context: {referential: referential})
+      end
+
+      def add_permissions(*permissions, for_user:)
+        for_user.permissions ||= []
+        for_user.permissions += permissions.flatten
+      end
+    end
+
+    module PoliciesMacros
+      def self.extended into
+        into.module_eval do
+          subject { described_class }
+          let( :user_context ) { create_user_context(user: user, referential: referential)  }
+          let( :referentail )  { create :referential }
+          let( :user )         { create :user }
+        end
+      end
+    end
+  end
+end
+
+RSpec.configure do | c |
+  c.include Support::Pundit::Policies, type: :policy
+  c.extend Support::Pundit::PoliciesMacros, type: :policy
+end
diff --git a/spec/support/pundit/pundit_view_policy.rb b/spec/support/pundit/pundit_view_policy.rb
new file mode 100644
index 000000000..b8434cac0
--- /dev/null
+++ b/spec/support/pundit/pundit_view_policy.rb
@@ -0,0 +1,22 @@
+module Pundit
+  module PunditViewPolicy
+    extend ActiveSupport::Concern
+
+    included do
+      before do
+        controller.singleton_class.class_eval do
+          def policy(instance)
+            Class.new do
+              def method_missing(*args, &block); true; end
+            end.new
+          end
+          helper_method :policy
+        end
+      end
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include Pundit::PunditViewPolicy, type: :view
+end
diff --git a/spec/support/pundit/shared_examples.rb b/spec/support/pundit/shared_examples.rb
new file mode 100644
index 000000000..9583ab30c
--- /dev/null
+++ b/spec/support/pundit/shared_examples.rb
@@ -0,0 +1,27 @@
+RSpec.shared_examples "permitted and same organisation" do |permission|
+
+  context "permission absent → " do
+    it "denies a user with a different organisation" do
+      expect_it.not_to permit(user_context, referential)
+    end
+    it "and also a user with the same organisation" do
+      user.update_attribute :organisation, referential.organisation
+      expect_it.not_to permit(user_context, referential)
+    end
+  end
+  
+  context "permission present → "  do
+    before do
+      add_permissions(permission, for_user: user)
+    end
+
+    it "denies a user with a different organisation" do
+      expect_it.not_to permit(user_context, referential)
+    end
+
+    it "but allows it for a user with the same organisation" do
+      user.update_attribute :organisation, referential.organisation
+      expect_it.to permit(user_context, referential)
+    end
+  end
+end