aboutsummaryrefslogtreecommitdiffstats
path: root/spec
diff options
context:
space:
mode:
authorRobert2017-07-05 16:52:44 +0200
committerRobert2017-07-06 08:37:18 +0200
commitb09994a4ee79f735f9b3f43535c6d138c4b68a56 (patch)
tree92b244bc9d9d4d8e792d0129793ceb553738afd1 /spec
parente53aa88c442bd0057c4e0ae66e2684d62d3193ed (diff)
downloadchouette-core-b09994a4ee79f735f9b3f43535c6d138c4b68a56.tar.bz2
Refs:#3478@10h;
Policy Refactoring and Policy Test Completion - All policies (and all permissions) under test. - Common patterns and potential problems identified... - ... and documented in DEVNOTES.md - some simply refactorings
Diffstat (limited to 'spec')
-rw-r--r--spec/controllers/journey_patterns_collections_controller_spec.rb2
-rw-r--r--spec/controllers/routes_controller_spec.rb4
-rw-r--r--spec/features/time_tables_spec.rb5
-rw-r--r--spec/features/vehicle_journeys_spec.rb2
-rw-r--r--spec/helpers/table_builder_helper_spec.rb2
-rw-r--r--spec/policies/access_link_policy_spec.rb20
-rw-r--r--spec/policies/access_point_policy_spec.rb20
-rw-r--r--spec/policies/calendar_policy_spec.rb47
-rw-r--r--spec/policies/company_policy_spec.rb42
-rw-r--r--spec/policies/connection_link_policy_spec.rb20
-rw-r--r--spec/policies/group_of_line_policy_spec.rb42
-rw-r--r--spec/policies/journey_pattern_policy_spec.rb20
-rw-r--r--spec/policies/line_policy_spec.rb154
-rw-r--r--spec/policies/network_policy_spec.rb42
-rw-r--r--spec/policies/referential_policy_spec.rb102
-rw-r--r--spec/policies/route_policy_spec.rb4
-rw-r--r--spec/policies/routing_constraint_zone_policy_spec.rb4
-rw-r--r--spec/policies/stop_area_policy_spec.rb42
-rw-r--r--spec/policies/time_table_policy_spec.rb22
-rw-r--r--spec/support/devise.rb43
-rw-r--r--spec/support/pundit/shared_examples.rb74
21 files changed, 667 insertions, 46 deletions
diff --git a/spec/controllers/journey_patterns_collections_controller_spec.rb b/spec/controllers/journey_patterns_collections_controller_spec.rb
index 888281036..442d73fb7 100644
--- a/spec/controllers/journey_patterns_collections_controller_spec.rb
+++ b/spec/controllers/journey_patterns_collections_controller_spec.rb
@@ -1,5 +1,3 @@
-require 'rails_helper'
-
RSpec.describe JourneyPatternsCollectionsController, :type => :controller do
end
diff --git a/spec/controllers/routes_controller_spec.rb b/spec/controllers/routes_controller_spec.rb
index 18067dec7..000b799db 100644
--- a/spec/controllers/routes_controller_spec.rb
+++ b/spec/controllers/routes_controller_spec.rb
@@ -1,6 +1,4 @@
-require 'spec_helper'
-
-describe RoutesController, :type => :controller do
+RSpec.describe RoutesController, :type => :controller do
login_user
let!(:route) { create(:route) }
diff --git a/spec/features/time_tables_spec.rb b/spec/features/time_tables_spec.rb
index 58a1dc98f..0fb4bb30d 100644
--- a/spec/features/time_tables_spec.rb
+++ b/spec/features/time_tables_spec.rb
@@ -1,7 +1,4 @@
-# -*- coding: utf-8 -*-
-require 'spec_helper'
-
-describe "TimeTables", :type => :feature do
+RSpec.describe "TimeTables", :type => :feature do
login_user
let!(:time_tables) { Array.new(2) { create(:time_table) } }
diff --git a/spec/features/vehicle_journeys_spec.rb b/spec/features/vehicle_journeys_spec.rb
index 5a3a9ad7d..16a79e2c5 100644
--- a/spec/features/vehicle_journeys_spec.rb
+++ b/spec/features/vehicle_journeys_spec.rb
@@ -43,7 +43,7 @@ describe 'VehicleJourneys', type: :feature do
context 'user does not have permission to edit vehicle journeys' do
it 'does not show an edit link for vehicle journeys' do
- @user.tap { |u| u.permissions.delete('vehicle_journeys.edit') }.save
+ @user.tap { |u| u.permissions.delete('vehicle_journeys.update') }.save
visit referential_line_route_vehicle_journey_path(referential, line, route, vehicle_journey)
expect(page).not_to have_content(I18n.t('vehicle_journeys.actions.edit'))
end
diff --git a/spec/helpers/table_builder_helper_spec.rb b/spec/helpers/table_builder_helper_spec.rb
index 4afd0774c..c2c287b99 100644
--- a/spec/helpers/table_builder_helper_spec.rb
+++ b/spec/helpers/table_builder_helper_spec.rb
@@ -16,7 +16,7 @@ describe TableBuilderHelper, type: :helper do
organisation: referential.organisation,
permissions: [
'referentials.create',
- 'referentials.edit',
+ 'referentials.update',
'referentials.destroy',
]
),
diff --git a/spec/policies/access_link_policy_spec.rb b/spec/policies/access_link_policy_spec.rb
new file mode 100644
index 000000000..6194ae55c
--- /dev/null
+++ b/spec/policies/access_link_policy_spec.rb
@@ -0,0 +1,20 @@
+RSpec.describe AccessLinkPolicy, type: :policy do
+
+ let( :record ){ build_stubbed :access_link }
+
+ permissions :create? do
+ it_behaves_like 'permitted policy and same organisation', "access_links.create", archived: true
+ end
+ permissions :destroy? do
+ it_behaves_like 'permitted policy and same organisation', "access_links.destroy", archived: true
+ end
+ permissions :edit? do
+ it_behaves_like 'permitted policy and same organisation', "access_links.update", archived: true
+ end
+ permissions :new? do
+ it_behaves_like 'permitted policy and same organisation', "access_links.create", archived: true
+ end
+ permissions :update? do
+ it_behaves_like 'permitted policy and same organisation', "access_links.update", archived: true
+ end
+end
diff --git a/spec/policies/access_point_policy_spec.rb b/spec/policies/access_point_policy_spec.rb
new file mode 100644
index 000000000..b6bc46eb4
--- /dev/null
+++ b/spec/policies/access_point_policy_spec.rb
@@ -0,0 +1,20 @@
+RSpec.describe AccessPointPolicy, type: :policy do
+
+ let( :record ){ build_stubbed :access_point }
+
+ permissions :create? do
+ it_behaves_like 'permitted policy and same organisation', "access_points.create", archived: true
+ end
+ permissions :destroy? do
+ it_behaves_like 'permitted policy and same organisation', "access_points.destroy", archived: true
+ end
+ permissions :edit? do
+ it_behaves_like 'permitted policy and same organisation', "access_points.update", archived: true
+ end
+ permissions :new? do
+ it_behaves_like 'permitted policy and same organisation', "access_points.create", archived: true
+ end
+ permissions :update? do
+ it_behaves_like 'permitted policy and same organisation', "access_points.update", archived: true
+ end
+end
diff --git a/spec/policies/calendar_policy_spec.rb b/spec/policies/calendar_policy_spec.rb
new file mode 100644
index 000000000..f4423fb82
--- /dev/null
+++ b/spec/policies/calendar_policy_spec.rb
@@ -0,0 +1,47 @@
+RSpec.describe CalendarPolicy, type: :policy do
+
+ let( :record ){ build_stubbed :calendar }
+
+ shared_examples 'authorizes on archived and same organisation only' do
+ | permission, archived: false|
+ context 'same organisation →' do
+ before do
+ user.organisation_id = referential.organisation_id
+ end
+ it "allows a user with the same organisation" do
+ expect_it.to permit(user_context, record)
+ end
+ if archived
+ it 'removes permission for archived referentials' do
+ referential.archived_at = 42.seconds.ago
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+ end
+
+ context 'different organisations →' do
+ before do
+ add_permissions(permission, for_user: user)
+ end
+ it "denies a user with a different organisation" do
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+ end
+
+ permissions :create? do
+ it_behaves_like 'authorizes on archived and same organisation only', 'calendars.create', archived: true
+ end
+ permissions :destroy? do
+ it_behaves_like 'authorizes on archived and same organisation only', 'calendars.destroy', archived: true
+ end
+ permissions :edit? do
+ it_behaves_like 'authorizes on archived and same organisation only', 'calendars.update', archived: true
+ end
+ permissions :new? do
+ it_behaves_like 'authorizes on archived and same organisation only', 'calendars.create', archived: true
+ end
+ permissions :update? do
+ it_behaves_like 'authorizes on archived and same organisation only', 'calendars.update', archived: true
+ end
+end
diff --git a/spec/policies/company_policy_spec.rb b/spec/policies/company_policy_spec.rb
new file mode 100644
index 000000000..2d249a2be
--- /dev/null
+++ b/spec/policies/company_policy_spec.rb
@@ -0,0 +1,42 @@
+RSpec.describe CompanyPolicy, type: :policy do
+
+ let( :record ){ build_stubbed :company }
+ before { stub_policy_scope(record) }
+
+
+ #
+ # Non Destructive
+ # ---------------
+
+ context 'Non Destructive actions →' do
+ permissions :index? do
+ it_behaves_like 'always allowed', 'anything', archived: true
+ end
+ permissions :show? do
+ it_behaves_like 'always allowed', 'anything', archived: true
+ end
+ end
+
+
+ #
+ # Destructive
+ # -----------
+
+ context 'Destructive actions →' do
+ permissions :create? do
+ it_behaves_like 'always forbidden', 'companies.create', archived: true
+ end
+ permissions :destroy? do
+ it_behaves_like 'always forbidden', 'companies.destroy', archived: true
+ end
+ permissions :edit? do
+ it_behaves_like 'always forbidden', 'companies.update', archived: true
+ end
+ permissions :new? do
+ it_behaves_like 'always forbidden', 'companies.create', archived: true
+ end
+ permissions :update? do
+ it_behaves_like 'always forbidden', 'companies.update', archived: true
+ end
+ end
+end
diff --git a/spec/policies/connection_link_policy_spec.rb b/spec/policies/connection_link_policy_spec.rb
new file mode 100644
index 000000000..23e40abe3
--- /dev/null
+++ b/spec/policies/connection_link_policy_spec.rb
@@ -0,0 +1,20 @@
+RSpec.describe ConnectionLinkPolicy, type: :policy do
+
+ let( :record ){ build_stubbed :connection_link }
+
+ permissions :create? do
+ it_behaves_like 'permitted policy and same organisation', "connection_links.create", archived: true
+ end
+ permissions :destroy? do
+ it_behaves_like 'permitted policy and same organisation', "connection_links.destroy", archived: true
+ end
+ permissions :edit? do
+ it_behaves_like 'permitted policy and same organisation', "connection_links.update", archived: true
+ end
+ permissions :new? do
+ it_behaves_like 'permitted policy and same organisation', "connection_links.create", archived: true
+ end
+ permissions :update? do
+ it_behaves_like 'permitted policy and same organisation', "connection_links.update", archived: true
+ end
+end
diff --git a/spec/policies/group_of_line_policy_spec.rb b/spec/policies/group_of_line_policy_spec.rb
new file mode 100644
index 000000000..29fbb1bfb
--- /dev/null
+++ b/spec/policies/group_of_line_policy_spec.rb
@@ -0,0 +1,42 @@
+RSpec.describe GroupOfLinePolicy, type: :policy do
+
+ let( :record ){ build_stubbed :group_of_line }
+ before { stub_policy_scope(record) }
+
+
+ #
+ # Non Destructive
+ # ---------------
+
+ context 'Non Destructive actions →' do
+ permissions :index? do
+ it_behaves_like 'always allowed', 'anything', archived: true
+ end
+ permissions :show? do
+ it_behaves_like 'always allowed', 'anything', archived: true
+ end
+ end
+
+
+ #
+ # Destructive
+ # -----------
+
+ context 'Destructive actions →' do
+ permissions :create? do
+ it_behaves_like 'always forbidden', 'group_of_lines.create', archived: true
+ end
+ permissions :destroy? do
+ it_behaves_like 'always forbidden', 'group_of_lines.destroy', archived: true
+ end
+ permissions :edit? do
+ it_behaves_like 'always forbidden', 'group_of_lines.update', archived: true
+ end
+ permissions :new? do
+ it_behaves_like 'always forbidden', 'group_of_lines.create', archived: true
+ end
+ permissions :update? do
+ it_behaves_like 'always forbidden', 'group_of_lines.update', archived: true
+ end
+ end
+end
diff --git a/spec/policies/journey_pattern_policy_spec.rb b/spec/policies/journey_pattern_policy_spec.rb
new file mode 100644
index 000000000..39f849277
--- /dev/null
+++ b/spec/policies/journey_pattern_policy_spec.rb
@@ -0,0 +1,20 @@
+RSpec.describe JourneyPatternPolicy, type: :policy do
+
+ let( :record ){ build_stubbed :journey_pattern }
+
+ permissions :create? do
+ it_behaves_like 'permitted policy and same organisation', "journey_patterns.create", archived: true
+ end
+ permissions :destroy? do
+ it_behaves_like 'permitted policy and same organisation', "journey_patterns.destroy", archived: true
+ end
+ permissions :edit? do
+ it_behaves_like 'permitted policy and same organisation', "journey_patterns.update", archived: true
+ end
+ permissions :new? do
+ it_behaves_like 'permitted policy and same organisation', "journey_patterns.create", archived: true
+ end
+ permissions :update? do
+ it_behaves_like 'permitted policy and same organisation', "journey_patterns.update", archived: true
+ end
+end
diff --git a/spec/policies/line_policy_spec.rb b/spec/policies/line_policy_spec.rb
index e720b2bc7..d9e684847 100644
--- a/spec/policies/line_policy_spec.rb
+++ b/spec/policies/line_policy_spec.rb
@@ -1,21 +1,163 @@
RSpec.describe LinePolicy, type: :policy do
let( :record ){ build_stubbed :line }
+ before { stub_policy_scope(record) }
- %w{create destroy edit}.each do | permission |
- footnote_permission = "#{permission}_footnote"
- permissions "#{footnote_permission}?".to_sym do
- it_behaves_like 'permitted policy', "footnotes.#{permission}", archived: true
+ #
+ # Non Destructive
+ # ---------------
+
+ context 'Non Destructive actions →' do
+ permissions :index? do
+ it_behaves_like 'always allowed', 'anything', archived: true
+ end
+ permissions :show? do
+ it_behaves_like 'always allowed', 'anything', archived: true
+ end
+ end
+
+
+ #
+ # Destructive
+ # -----------
+
+ context 'Destructive actions →' do
+ permissions :create? do
+ it_behaves_like 'always forbidden', 'lines.create', archived: true
+ end
+ permissions :destroy? do
+ it_behaves_like 'always forbidden', 'lines.destroy', archived: true
+ end
+ permissions :edit? do
+ it_behaves_like 'always forbidden', 'lines.update', archived: true
+ end
+ permissions :new? do
+ it_behaves_like 'always forbidden', 'lines.create', archived: true
+ end
+ permissions :update? do
+ it_behaves_like 'always forbidden', 'lines.update', archived: true
+ end
+ end
+
+
+ #
+ # Custom Footnote Permissions
+ # ---------------------------
+
+ permissions :create_footnote? do
+ context 'permission present →' do
+ before do
+ add_permissions('footnotes.create', for_user: user)
+ end
+
+ it 'authorized for unarchived referentials' do
+ expect_it.to permit(user_context, record)
+ end
+
+ it 'forbidden for archived referentials' do
+ referential.archived_at = 1.second.ago
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+
+ context 'permission absent →' do
+ it 'is forbidden' do
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+ end
+
+ permissions :destroy_footnote? do
+ context 'permission present →' do
+ before do
+ add_permissions('footnotes.destroy', for_user: user)
+ end
+
+ it 'authorized for unarchived referentials' do
+ expect_it.to permit(user_context, record)
+ end
+
+ it 'forbidden for archived referentials' do
+ referential.archived_at = 1.second.ago
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+
+ context 'permission absent →' do
+ it 'is forbidden' do
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+ end
+
+ permissions :edit_footnote? do
+ context 'permission present →' do
+ before do
+ add_permissions('footnotes.update', for_user: user)
+ end
+
+ it 'authorized for unarchived referentials' do
+ expect_it.to permit(user_context, record)
+ end
+
+ it 'forbidden for archived referentials' do
+ referential.archived_at = 1.second.ago
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+
+ context 'permission absent →' do
+ it 'is forbidden' do
+ expect_it.not_to permit(user_context, record)
+ end
end
end
permissions :new_footnote? do
- it_behaves_like 'permitted policy', 'footnotes.create', archived: true
+ context 'permission present →' do
+ before do
+ add_permissions('footnotes.create', for_user: user)
+ end
+
+ it 'authorized for unarchived referentials' do
+ expect_it.to permit(user_context, record)
+ end
+
+ it 'forbidden for archived referentials' do
+ referential.archived_at = 1.second.ago
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+
+ context 'permission absent →' do
+ it 'is forbidden' do
+ expect_it.not_to permit(user_context, record)
+ end
+ end
end
permissions :update_footnote? do
- it_behaves_like 'permitted policy', 'footnotes.edit', archived: true
+ context 'permission present →' do
+ before do
+ add_permissions('footnotes.update', for_user: user)
+ end
+
+ it 'authorized for unarchived referentials' do
+ expect_it.to permit(user_context, record)
+ end
+
+ it 'forbidden for archived referentials' do
+ referential.archived_at = 1.second.ago
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+
+ context 'permission absent →' do
+ it 'is forbidden' do
+ expect_it.not_to permit(user_context, record)
+ end
+ end
end
end
diff --git a/spec/policies/network_policy_spec.rb b/spec/policies/network_policy_spec.rb
new file mode 100644
index 000000000..ae4ffa03a
--- /dev/null
+++ b/spec/policies/network_policy_spec.rb
@@ -0,0 +1,42 @@
+RSpec.describe NetworkPolicy, type: :policy do
+
+ let( :record ){ build_stubbed :network }
+ before { stub_policy_scope(record) }
+
+
+ #
+ # Non Destructive
+ # ---------------
+
+ context 'Non Destructive actions →' do
+ permissions :index? do
+ it_behaves_like 'always allowed', 'anything', archived: true
+ end
+ permissions :show? do
+ it_behaves_like 'always allowed', 'anything', archived: true
+ end
+ end
+
+
+ #
+ # Destructive
+ # -----------
+
+ context 'Destructive actions →' do
+ permissions :create? do
+ it_behaves_like 'always forbidden', 'networks.create', archived: true
+ end
+ permissions :destroy? do
+ it_behaves_like 'always forbidden', 'networks.destroy', archived: true
+ end
+ permissions :edit? do
+ it_behaves_like 'always forbidden', 'networks.update', archived: true
+ end
+ permissions :new? do
+ it_behaves_like 'always forbidden', 'networks.create', archived: true
+ end
+ permissions :update? do
+ it_behaves_like 'always forbidden', 'networks.update', archived: true
+ end
+ end
+end
diff --git a/spec/policies/referential_policy_spec.rb b/spec/policies/referential_policy_spec.rb
new file mode 100644
index 000000000..d060317f9
--- /dev/null
+++ b/spec/policies/referential_policy_spec.rb
@@ -0,0 +1,102 @@
+RSpec.describe ReferentialPolicy, type: :policy do
+
+ let( :record ){ build_stubbed :referential }
+
+
+ #
+ # Collection Based Permissions differ from standard as there is no referential yet
+ # --------------------------------------------------------------------------------
+
+ permissions :create? do
+ it 'permissions present → allowed' do
+ add_permissions('referentials.create', for_user: user)
+ expect_it.to permit(user_context, record)
+ end
+ it 'permissions absent → forbidden' do
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+
+ permissions :new? do
+ it 'permissions present → allowed' do
+ add_permissions('referentials.create', for_user: user)
+ expect_it.to permit(user_context, record)
+ end
+ it 'permissions absent → forbidden' do
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+
+ #
+ # Standard Destructive Action Permissions
+ # ---------------------------------------
+
+ permissions :destroy? do
+ it_behaves_like 'permitted policy and same organisation', 'referentials.destroy', archived: true
+ end
+ permissions :edit? do
+ it_behaves_like 'permitted policy and same organisation', 'referentials.update', archived: true
+ end
+ permissions :update? do
+ it_behaves_like 'permitted policy and same organisation', 'referentials.update', archived: true
+ end
+
+ #
+ # Custom Permissions
+ # ------------------
+
+ permissions :clone? do
+ it_behaves_like 'permitted policy and same organisation', 'referentials.create', archived: true
+ end
+
+ permissions :archive? do
+
+ context 'permission present →' do
+ before do
+ add_permissions('referentials.update', for_user: user)
+ end
+
+ it 'allowed for unarchived referentials' do
+ expect_it.to permit(user_context, record)
+ end
+
+ it 'forbidden for archived referentials' do
+ record.archived_at = 1.second.ago
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+
+ context 'permission absent →' do
+ it 'is forbidden' do
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+
+ end
+
+ permissions :unarchive? do
+
+ context 'permission present →' do
+ before do
+ add_permissions('referentials.update', for_user: user)
+ end
+
+ it 'forbidden for unarchived referentials' do
+ expect_it.not_to permit(user_context, record)
+ end
+
+ it 'allowed for archived referentials' do
+ record.archived_at = 1.second.ago
+ expect_it.to permit(user_context, record)
+ end
+ end
+
+ context 'permission absent →' do
+ it 'is forbidden' do
+ record.archived_at = 1.second.ago
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+
+ end
+end
diff --git a/spec/policies/route_policy_spec.rb b/spec/policies/route_policy_spec.rb
index cc949ff45..6be517048 100644
--- a/spec/policies/route_policy_spec.rb
+++ b/spec/policies/route_policy_spec.rb
@@ -11,7 +11,7 @@ RSpec.describe RoutePolicy, type: :policy do
end
permissions :edit? do
- it_behaves_like 'permitted policy and same organisation', 'routes.edit', archived: true
+ it_behaves_like 'permitted policy and same organisation', 'routes.update', archived: true
end
permissions :new? do
@@ -19,6 +19,6 @@ RSpec.describe RoutePolicy, type: :policy do
end
permissions :update? do
- it_behaves_like 'permitted policy and same organisation', 'routes.edit', archived: true
+ it_behaves_like 'permitted policy and same organisation', 'routes.update', archived: true
end
end
diff --git a/spec/policies/routing_constraint_zone_policy_spec.rb b/spec/policies/routing_constraint_zone_policy_spec.rb
index f91313390..2ef15fa95 100644
--- a/spec/policies/routing_constraint_zone_policy_spec.rb
+++ b/spec/policies/routing_constraint_zone_policy_spec.rb
@@ -12,7 +12,7 @@ RSpec.describe RoutingConstraintZonePolicy, type: :policy do
end
permissions :edit? do
- it_behaves_like 'permitted policy and same organisation', 'routing_constraint_zones.edit', archived: true
+ it_behaves_like 'permitted policy and same organisation', 'routing_constraint_zones.update', archived: true
end
permissions :new? do
@@ -20,6 +20,6 @@ RSpec.describe RoutingConstraintZonePolicy, type: :policy do
end
permissions :update? do
- it_behaves_like 'permitted policy and same organisation', 'routing_constraint_zones.edit', archived: true
+ it_behaves_like 'permitted policy and same organisation', 'routing_constraint_zones.update', archived: true
end
end
diff --git a/spec/policies/stop_area_policy_spec.rb b/spec/policies/stop_area_policy_spec.rb
new file mode 100644
index 000000000..8fe59c8e3
--- /dev/null
+++ b/spec/policies/stop_area_policy_spec.rb
@@ -0,0 +1,42 @@
+RSpec.describe StopAreaPolicy, type: :policy do
+
+ let( :record ){ build_stubbed :stop_area }
+ before { stub_policy_scope(record) }
+
+
+ #
+ # Non Destructive
+ # ---------------
+
+ context 'Non Destructive actions →' do
+ permissions :index? do
+ it_behaves_like 'always allowed', 'anything', archived: true
+ end
+ permissions :show? do
+ it_behaves_like 'always allowed', 'anything', archived: true
+ end
+ end
+
+
+ #
+ # Destructive
+ # -----------
+
+ context 'Destructive actions →' do
+ permissions :create? do
+ it_behaves_like 'always forbidden', 'stop_areas.create', archived: true
+ end
+ permissions :destroy? do
+ it_behaves_like 'always forbidden', 'stop_areas.destroy', archived: true
+ end
+ permissions :edit? do
+ it_behaves_like 'always forbidden', 'stop_areas.update', archived: true
+ end
+ permissions :new? do
+ it_behaves_like 'always forbidden', 'stop_areas.create', archived: true
+ end
+ permissions :update? do
+ it_behaves_like 'always forbidden', 'stop_areas.update', archived: true
+ end
+ end
+end
diff --git a/spec/policies/time_table_policy_spec.rb b/spec/policies/time_table_policy_spec.rb
index 6c19362d2..dad3c13bc 100644
--- a/spec/policies/time_table_policy_spec.rb
+++ b/spec/policies/time_table_policy_spec.rb
@@ -2,17 +2,23 @@ RSpec.describe TimeTablePolicy, type: :policy do
let( :record ){ build_stubbed :time_table }
+ permissions :create? do
+ it_behaves_like 'permitted policy and same organisation', 'time_tables.create', archived: true
+ end
+
+ permissions :destroy? do
+ it_behaves_like 'permitted policy and same organisation', 'time_tables.destroy', archived: true
+ end
- %w{create duplicate}.each do | permission |
- permissions "#{permission}?".to_sym do
- it_behaves_like 'permitted policy and same organisation', 'time_tables.create', archived: true
- end
+ permissions :edit? do
+ it_behaves_like 'permitted policy and same organisation', 'time_tables.update', archived: true
end
- %w{destroy edit}.each do | permission |
- permissions "#{permission}?".to_sym do
- it_behaves_like 'permitted policy and same organisation', "time_tables.#{permission}", archived: true
- end
+ permissions :new? do
+ it_behaves_like 'permitted policy and same organisation', 'time_tables.create', archived: true
end
+ permissions :update? do
+ it_behaves_like 'permitted policy and same organisation', 'time_tables.update', archived: true
+ end
end
diff --git a/spec/support/devise.rb b/spec/support/devise.rb
index d4a279a41..28703c072 100644
--- a/spec/support/devise.rb
+++ b/spec/support/devise.rb
@@ -4,12 +4,12 @@ module DeviseRequestHelper
def login_user
organisation = Organisation.where(:code => "first").first_or_create(attributes_for(:organisation))
@user ||= create(:user, :organisation => organisation,
- :permissions => ['routes.create', 'routes.edit', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.edit', 'journey_patterns.destroy',
- 'vehicle_journeys.create', 'vehicle_journeys.edit', 'vehicle_journeys.destroy', 'time_tables.create', 'time_tables.edit', 'time_tables.destroy',
- 'footnotes.edit', 'footnotes.create', 'footnotes.destroy', 'routing_constraint_zones.create', 'routing_constraint_zones.edit', 'routing_constraint_zones.destroy',
- 'access_points.create', 'access_points.edit', 'access_points.destroy', 'access_links.create', 'access_links.edit', 'access_links.destroy',
- 'connection_links.create', 'connection_links.edit', 'connection_links.destroy', 'route_sections.create', 'route_sections.edit', 'route_sections.destroy',
- 'referentials.create', 'referentials.edit', 'referentials.destroy'])
+ :permissions => ['routes.create', 'routes.update', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.update', 'journey_patterns.destroy',
+ 'vehicle_journeys.create', 'vehicle_journeys.update', 'vehicle_journeys.destroy', 'time_tables.create', 'time_tables.update', 'time_tables.destroy',
+ 'footnotes.update', 'footnotes.create', 'footnotes.destroy', 'routing_constraint_zones.create', 'routing_constraint_zones.update', 'routing_constraint_zones.destroy',
+ 'access_points.create', 'access_points.update', 'access_points.destroy', 'access_links.create', 'access_links.update', 'access_links.destroy',
+ 'connection_links.create', 'connection_links.update', 'connection_links.destroy', 'route_sections.create', 'route_sections.update', 'route_sections.destroy',
+ 'referentials.create', 'referentials.update', 'referentials.destroy'])
login_as @user, :scope => :user
# post_via_redirect user_session_path, 'user[email]' => @user.email, 'user[password]' => @user.password
end
@@ -36,25 +36,42 @@ module DeviseRequestHelper
end
module DeviseControllerHelper
+
def setup_user
+ _all_actions = %w{create destroy update}
+ _all_resources = %w{ access_links
+ access_points
+ connection_links
+ footnotes
+ journey_patterns
+ referentials
+ route_sections
+ routes
+ routing_constraint_zones
+ time_tables
+ vehicle_journeys }
+ join_with = -> (separator) do
+ -> (ary) { ary.join(separator) }
+ end
+
before do
@request.env["devise.mapping"] = Devise.mappings[:user]
organisation = Organisation.where(:code => "first").first_or_create(attributes_for(:organisation))
- @user = create(:user, :organisation => organisation,
- :permissions => ['routes.create', 'routes.edit', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.edit', 'journey_patterns.destroy',
- 'vehicle_journeys.create', 'vehicle_journeys.edit', 'vehicle_journeys.destroy', 'time_tables.create', 'time_tables.edit', 'time_tables.destroy',
- 'footnotes.edit', 'footnotes.create', 'footnotes.destroy', 'routing_constraint_zones.create', 'routing_constraint_zones.edit', 'routing_constraint_zones.destroy',
- 'access_points.create', 'access_points.edit', 'access_points.destroy', 'access_links.create', 'access_links.edit', 'access_links.destroy',
- 'connection_links.create', 'connection_links.edit', 'connection_links.destroy', 'route_sections.create', 'route_sections.edit', 'route_sections.destroy',
- 'referentials.create', 'referentials.edit', 'referentials.destroy'])
+ @user = create(:user,
+ organisation: organisation,
+ permissions: _all_resources.product( _all_actions ).map(&join_with.('.')))
end
end
+
def login_user()
setup_user
before do
sign_in @user
end
end
+
+ private
+
end
RSpec.configure do |config|
diff --git a/spec/support/pundit/shared_examples.rb b/spec/support/pundit/shared_examples.rb
index 33ed1ffae..357004f4e 100644
--- a/spec/support/pundit/shared_examples.rb
+++ b/spec/support/pundit/shared_examples.rb
@@ -1,3 +1,69 @@
+
+RSpec.shared_examples 'always allowed' do
+ | permission, archived: false|
+ context 'same organisation →' do
+ before do
+ user.organisation_id = referential.organisation_id
+ end
+ it "allows a user with the same organisation" do
+ expect_it.to permit(user_context, record)
+ end
+ if archived
+ it 'does not remove permission for archived referentials' do
+ referential.archived_at = 42.seconds.ago
+ expect_it.to permit(user_context, record)
+ end
+ end
+ end
+
+ context 'different organisations →' do
+ before do
+ add_permissions(permission, for_user: user)
+ end
+ it "allows a user with a different organisation" do
+ expect_it.to permit(user_context, record)
+ end
+ if archived
+ it 'does not remove permission for archived referentials' do
+ referential.archived_at = 42.seconds.ago
+ expect_it.to permit(user_context, record)
+ end
+ end
+ end
+end
+
+RSpec.shared_examples 'always forbidden' do
+ | permission, archived: false|
+ context 'same organisation →' do
+ before do
+ user.organisation_id = referential.organisation_id
+ end
+ it "allows a user with the same organisation" do
+ expect_it.not_to permit(user_context, record)
+ end
+ if archived
+ it 'still no permission for archived referentials' do
+ referential.archived_at = 42.seconds.ago
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+ end
+
+ context 'different organisations →' do
+ before do
+ add_permissions(permission, for_user: user)
+ end
+ it "denies a user with a different organisation" do
+ expect_it.not_to permit(user_context, record)
+ end
+ if archived
+ it 'still no permission for archived referentials' do
+ referential.archived_at = 42.seconds.ago
+ expect_it.not_to permit(user_context, record)
+ end
+ end
+ end
+end
RSpec.shared_examples 'permitted policy and same organisation' do
| permission, archived: false|
@@ -6,11 +72,11 @@ RSpec.shared_examples 'permitted policy and same organisation' do
expect_it.not_to permit(user_context, record)
end
it 'and also a user with the same organisation' do
- user.organisation = referential.organisation
+ user.organisation_id = referential.organisation_id
expect_it.not_to permit(user_context, record)
end
end
-
+
context 'permission present → ' do
before do
add_permissions(permission, for_user: user)
@@ -21,13 +87,13 @@ RSpec.shared_examples 'permitted policy and same organisation' do
end
it 'but allows it for a user with the same organisation' do
- user.organisation = referential.organisation
+ user.organisation_id = referential.organisation_id
expect_it.to permit(user_context, record)
end
if archived
it 'removes the permission for archived referentials' do
- user.organisation = referential.organisation
+ user.organisation_id = referential.organisation_id
referential.archived_at = 42.seconds.ago
expect_it.not_to permit(user_context, record)
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 12:17:27 +0000