diff options
| -rw-r--r-- | app/controllers/line_referentials_controller.rb | 1 | ||||
| -rw-r--r-- | app/controllers/stop_area_referentials_controller.rb | 1 | ||||
| -rw-r--r-- | app/helpers/application_helper.rb | 16 | ||||
| -rw-r--r-- | app/policies/line_referential_policy.rb | 14 | ||||
| -rw-r--r-- | app/policies/stop_area_referential_policy.rb | 14 | ||||
| -rw-r--r-- | app/views/line_referentials/show.html.slim | 5 | ||||
| -rw-r--r-- | app/views/stop_area_referentials/show.html.slim | 5 | ||||
| -rw-r--r-- | lib/stif/permission_translator.rb | 4 | ||||
| -rw-r--r-- | spec/controllers/line_referentials_controller_spec.rb | 16 | ||||
| -rw-r--r-- | spec/controllers/stop_area_referentials_controller_spec.rb | 17 | ||||
| -rw-r--r-- | spec/lib/stif/permission_translator_spec.rb | 10 | ||||
| -rw-r--r-- | spec/policies/calendar_policy_spec.rb | 3 | ||||
| -rw-r--r-- | spec/policies/line_referential_policy_spec.rb | 9 | ||||
| -rw-r--r-- | spec/policies/sto_area_referential_policy_spec.rb | 9 | ||||
| -rw-r--r-- | spec/support/controller_spec_helper.rb | 18 | ||||
| -rw-r--r-- | spec/views/line_referentials/show.html.slim_spec.rb | 22 | ||||
| -rw-r--r-- | spec/views/line_referentials/stop_area_referentials/show.html.slim_spec.rb | 22 |
17 files changed, 172 insertions, 14 deletions
diff --git a/app/controllers/line_referentials_controller.rb b/app/controllers/line_referentials_controller.rb index 39c2cdb89..03dab3f8f 100644 --- a/app/controllers/line_referentials_controller.rb +++ b/app/controllers/line_referentials_controller.rb @@ -3,6 +3,7 @@ class LineReferentialsController < ChouetteController defaults :resource_class => LineReferential def sync + authorize resource, :synchronize? @sync = resource.line_referential_syncs.build if @sync.save flash[:notice] = t('notice.line_referential_sync.created') diff --git a/app/controllers/stop_area_referentials_controller.rb b/app/controllers/stop_area_referentials_controller.rb index 85541230d..f2d375e49 100644 --- a/app/controllers/stop_area_referentials_controller.rb +++ b/app/controllers/stop_area_referentials_controller.rb @@ -2,6 +2,7 @@ class StopAreaReferentialsController < ChouetteController defaults :resource_class => StopAreaReferential def sync + authorize resource, :synchronize? @sync = resource.stop_area_referential_syncs.build if @sync.save flash[:notice] = t('notice.stop_area_referential_sync.created') diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 124604cd9..713542ff4 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -23,12 +23,18 @@ module ApplicationHelper end def page_header_meta(object) - info = t('last_update', time: l(object.updated_at, format: :short)) - if object.try(:versions) - author = object.versions.try(:last).try(:whodunnit) || t('default_whodunnit') - info = "#{info} <br/> #{t('whodunnit', author: author)}" + out = "" + display = true + display = policy(object).synchronize? if policy(object).respond_to?(:synchronize?) rescue false + if display + info = t('last_update', time: l(object.updated_at, format: :short)) + if object.try(:versions) + author = object.versions.try(:last).try(:whodunnit) || t('default_whodunnit') + info = "#{info} <br/> #{t('whodunnit', author: author)}" + end + out += content_tag :div, info.html_safe, class: 'small last-update' end - content_tag :div, info.html_safe, class: 'small' + out.html_safe end def page_header_content_for(object) diff --git a/app/policies/line_referential_policy.rb b/app/policies/line_referential_policy.rb new file mode 100644 index 000000000..ee742a083 --- /dev/null +++ b/app/policies/line_referential_policy.rb @@ -0,0 +1,14 @@ +class LineReferentialPolicy < ApplicationPolicy + class Scope < Scope + def resolve + scope + end + end + + def synchronize?; instance_permission("synchronize") end + + private + def instance_permission permission + user.has_permission?("line_referentials.#{permission}") + end +end diff --git a/app/policies/stop_area_referential_policy.rb b/app/policies/stop_area_referential_policy.rb new file mode 100644 index 000000000..e370babf8 --- /dev/null +++ b/app/policies/stop_area_referential_policy.rb @@ -0,0 +1,14 @@ +class StopAreaReferentialPolicy < ApplicationPolicy + class Scope < Scope + def resolve + scope + end + end + + def synchronize?; instance_permission("synchronize") end + + private + def instance_permission permission + user.has_permission?("stop_area_referentials.#{permission}") + end +end diff --git a/app/views/line_referentials/show.html.slim b/app/views/line_referentials/show.html.slim index b4b32bc52..763eb076e 100644 --- a/app/views/line_referentials/show.html.slim +++ b/app/views/line_referentials/show.html.slim @@ -1,7 +1,8 @@ - breadcrumb :line_referential, @line_referential - page_header_content_for @line_referential -- content_for :page_header_actions do - = link_to(t('actions.sync'), sync_line_referential_path(@line_referential), method: :post, class: 'btn btn-default') +- if policy(@line_referential).synchronize? + - content_for :page_header_actions do + = link_to(t('actions.sync'), sync_line_referential_path(@line_referential), method: :post, class: 'btn btn-default') - content_for :page_header_content do .row.mb-md diff --git a/app/views/stop_area_referentials/show.html.slim b/app/views/stop_area_referentials/show.html.slim index b562df5d5..911006c39 100644 --- a/app/views/stop_area_referentials/show.html.slim +++ b/app/views/stop_area_referentials/show.html.slim @@ -1,6 +1,7 @@ - breadcrumb :stop_area_referential, @stop_area_referential -- content_for :page_header_actions do - = link_to(t('actions.sync'), sync_stop_area_referential_path(@stop_area_referential), method: :post, class: 'btn btn-default') +- if policy(@stop_area_referential).synchronize? + - content_for :page_header_actions do + = link_to(t('actions.sync'), sync_stop_area_referential_path(@stop_area_referential), method: :post, class: 'btn btn-default') - content_for :page_header_content do .row.mb-md diff --git a/lib/stif/permission_translator.rb b/lib/stif/permission_translator.rb index 4a1c3ec8c..4acf42884 100644 --- a/lib/stif/permission_translator.rb +++ b/lib/stif/permission_translator.rb @@ -51,7 +51,9 @@ module Stif end def extra_organisation_permissions organisation - return %w(calendars.share) if organisation&.name&.downcase == "stif" + if organisation&.name&.downcase == "stif" + return %w{calendars.share stop_area_referentials.synchronize line_referentials.synchronize} + end [] end end diff --git a/spec/controllers/line_referentials_controller_spec.rb b/spec/controllers/line_referentials_controller_spec.rb index aee24b0fa..17ffb670d 100644 --- a/spec/controllers/line_referentials_controller_spec.rb +++ b/spec/controllers/line_referentials_controller_spec.rb @@ -1,3 +1,19 @@ RSpec.describe LineReferentialsController, :type => :controller do + login_user + let(:line_referential) { create :line_referential } + + describe 'PUT sync' do + let(:request){ put :sync, id: line_referential.id } + + it 'should redirect to 403' do + expect(request).to redirect_to "/403" + end + + with_permission "line_referentials.synchronize" do + it 'returns HTTP success' do + expect(request).to redirect_to [line_referential] + end + end + end end diff --git a/spec/controllers/stop_area_referentials_controller_spec.rb b/spec/controllers/stop_area_referentials_controller_spec.rb new file mode 100644 index 000000000..c8d7e1736 --- /dev/null +++ b/spec/controllers/stop_area_referentials_controller_spec.rb @@ -0,0 +1,17 @@ +RSpec.describe StopAreaReferentialsController, :type => :controller do + login_user + + let(:stop_area_referential) { create :stop_area_referential } + + describe 'PUT sync' do + let(:request){ put :sync, id: stop_area_referential.id } + + it { request.should redirect_to "/403" } + + with_permission "stop_area_referentials.synchronize" do + it 'returns HTTP success' do + expect(request).to redirect_to [stop_area_referential] + end + end + end +end diff --git a/spec/lib/stif/permission_translator_spec.rb b/spec/lib/stif/permission_translator_spec.rb index 355b0e336..9771af187 100644 --- a/spec/lib/stif/permission_translator_spec.rb +++ b/spec/lib/stif/permission_translator_spec.rb @@ -1,3 +1,4 @@ +# coding: utf-8 RSpec.describe Stif::PermissionTranslator do context "No SSO Permissions" do @@ -45,14 +46,15 @@ RSpec.describe Stif::PermissionTranslator do context "For the STIF organisation" do let(:organisation){ build_stubbed :organisation, name: "STIF" } - it "adds the calendars.share permission" do - expect( described_class.translate([], organisation) ).to eq(%w{calendars.share}) + let(:permissions){ %w{calendars.share stop_area_referentials.synchronize line_referentials.synchronize}.sort } + it "adds the STIF permission" do + expect(described_class.translate([], organisation).sort).to eq permissions end context "with the case changed" do let(:organisation){ build_stubbed :organisation, name: "StiF" } - it "adds the calendars.share permission" do - expect( described_class.translate([], organisation) ).to eq(%w{calendars.share}) + it "adds the STIF permission" do + expect(described_class.translate([], organisation).sort).to eq permissions end end end diff --git a/spec/policies/calendar_policy_spec.rb b/spec/policies/calendar_policy_spec.rb index 5fd1eca47..a881d0e80 100644 --- a/spec/policies/calendar_policy_spec.rb +++ b/spec/policies/calendar_policy_spec.rb @@ -10,6 +10,9 @@ RSpec.describe CalendarPolicy, type: :policy do permissions :share? do it_behaves_like 'permitted policy and same organisation', 'calendars.share' end + permissions :share? do + it_behaves_like 'permitted policy and same organisation', 'calendars.share', archived: true + end permissions :destroy? do it_behaves_like 'permitted policy and same organisation', 'calendars.destroy' end diff --git a/spec/policies/line_referential_policy_spec.rb b/spec/policies/line_referential_policy_spec.rb new file mode 100644 index 000000000..7e0a9da8e --- /dev/null +++ b/spec/policies/line_referential_policy_spec.rb @@ -0,0 +1,9 @@ +RSpec.describe LineReferentialPolicy, type: :policy do + + let( :record ){ build_stubbed :line_referential } + before { stub_policy_scope(record) } + + permissions :synchronize? do + it_behaves_like 'permitted policy', 'line_referentials.synchronize' + end +end diff --git a/spec/policies/sto_area_referential_policy_spec.rb b/spec/policies/sto_area_referential_policy_spec.rb new file mode 100644 index 000000000..5bd6da427 --- /dev/null +++ b/spec/policies/sto_area_referential_policy_spec.rb @@ -0,0 +1,9 @@ +RSpec.describe StopAreaReferentialPolicy, type: :policy do + + let( :record ){ build_stubbed :stop_area_referential } + before { stub_policy_scope(record) } + + permissions :synchronize? do + it_behaves_like 'permitted policy', 'stop_area_referentials.synchronize' + end +end diff --git a/spec/support/controller_spec_helper.rb b/spec/support/controller_spec_helper.rb new file mode 100644 index 000000000..1d0288dea --- /dev/null +++ b/spec/support/controller_spec_helper.rb @@ -0,0 +1,18 @@ +module ControllerSpecHelper + def with_permission permission, &block + context "with permission #{permission}" do + login_user + before(:each) do + @user.permissions << permission + @user.save! + sign_in @user + end + context('', &block) if block_given? + end + end + +end + +RSpec.configure do |config| + config.extend ControllerSpecHelper, type: :controller +end diff --git a/spec/views/line_referentials/show.html.slim_spec.rb b/spec/views/line_referentials/show.html.slim_spec.rb new file mode 100644 index 000000000..0516677cb --- /dev/null +++ b/spec/views/line_referentials/show.html.slim_spec.rb @@ -0,0 +1,22 @@ +require 'spec_helper' + +describe "/line_referentials/show", :type => :view do + + let!(:line_referential) { assign :line_referential, create(:line_referential) } + + before :each do + render + end + + it "should not present syncing infos and button" do + expect(view.content_for(:page_header_actions)).to_not have_selector("a[href=\"#{view.sync_line_referential_path(line_referential)}\"]") + expect(view.content_for(:page_header_meta)).to_not have_selector(".last-update") + end + + with_permission "line_referentials.synchronize" do + it "should present syncing infos and button" do + expect(view.content_for(:page_header_actions)).to have_selector("a[href=\"#{view.sync_line_referential_path(line_referential)}\"]", count: 1) + expect(view.content_for(:page_header_meta)).to have_selector(".last-update", count: 1) + end + end +end diff --git a/spec/views/line_referentials/stop_area_referentials/show.html.slim_spec.rb b/spec/views/line_referentials/stop_area_referentials/show.html.slim_spec.rb new file mode 100644 index 000000000..71a8d16f5 --- /dev/null +++ b/spec/views/line_referentials/stop_area_referentials/show.html.slim_spec.rb @@ -0,0 +1,22 @@ +require 'spec_helper' + +describe "/stop_area_referentials/show", :type => :view do + + let!(:stop_area_referential) { assign :stop_area_referential, create(:stop_area_referential) } + + before :each do + render + end + + it "should not present syncing infos and button" do + expect(view.content_for(:page_header_actions)).to_not have_selector("a[href=\"#{view.sync_stop_area_referential_path(stop_area_referential)}\"]") + expect(view.content_for(:page_header_meta)).to_not have_selector(".last-update") + end + + with_permission "stop_area_referentials.synchronize" do + it "should present syncing infos and button" do + expect(view.content_for(:page_header_actions)).to have_selector("a[href=\"#{view.sync_stop_area_referential_path(stop_area_referential)}\"]", count: 1) + expect(view.content_for(:page_header_meta)).to have_selector(".last-update", count: 1) + end + end +end |