diff options
| -rw-r--r-- | app/models/user.rb | 2 | ||||
| -rw-r--r-- | app/policies/calendar_policy.rb | 19 | ||||
| -rw-r--r-- | lib/stif/permission_translator.rb | 13 | ||||
| -rw-r--r-- | spec/lib/stif/permission_translator_spec.rb | 14 | ||||
| -rw-r--r-- | spec/policies/calendar_policy_spec.rb | 13 |
5 files changed, 40 insertions, 21 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 37d35209a..1342f60ed 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -36,7 +36,7 @@ class User < ActiveRecord::Base self.name = extra[:full_name] self.email = extra[:email] self.organisation = Organisation.sync_update extra[:organisation_code], extra[:organisation_name], extra[:functional_scope] - self.permissions = Stif::PermissionTranslator.translate(extra[:permissions]) + self.permissions = Stif::PermissionTranslator.translate(extra[:permissions], self.organisation) end def self.portail_api_request diff --git a/app/policies/calendar_policy.rb b/app/policies/calendar_policy.rb index 074c41d8d..c2da8c924 100644 --- a/app/policies/calendar_policy.rb +++ b/app/policies/calendar_policy.rb @@ -5,18 +5,15 @@ class CalendarPolicy < ApplicationPolicy end end - def create? - !archived? && user.has_permission?('calendars.create') - end - def destroy? - !archived? & organisation_match? && user.has_permission?('calendars.destroy') - end - def update? - !archived? && organisation_match? && user.has_permission?('calendars.update') + def create? + user.has_permission?('calendars.create') end + def destroy?; instance_permission("destroy") end + def update?; instance_permission("update") end + def share?; instance_permission("share") end - def share? - user.organisation.name == 'STIF' # FIXME + private + def instance_permission permission + organisation_match? && user.has_permission?("calendars.#{permission}") end - end diff --git a/lib/stif/permission_translator.rb b/lib/stif/permission_translator.rb index 2d267bc7b..4a1c3ec8c 100644 --- a/lib/stif/permission_translator.rb +++ b/lib/stif/permission_translator.rb @@ -1,11 +1,11 @@ module Stif module PermissionTranslator extend self - def translate(sso_extra_permissions) - sso_extra_permissions - .sort + def translate(sso_extra_permissions, organisation=nil) + permissions = sso_extra_permissions.sort .flat_map(&method(:extra_permission_translation)) - .uniq + permissions += extra_organisation_permissions(organisation) + permissions.uniq end private @@ -49,5 +49,10 @@ module Stif "boiv:edit-offer" => all_destructive_permissions + %w{sessions.create}, } end + + def extra_organisation_permissions organisation + return %w(calendars.share) if organisation&.name&.downcase == "stif" + [] + end end end diff --git a/spec/lib/stif/permission_translator_spec.rb b/spec/lib/stif/permission_translator_spec.rb index ae1a2d1d5..355b0e336 100644 --- a/spec/lib/stif/permission_translator_spec.rb +++ b/spec/lib/stif/permission_translator_spec.rb @@ -42,4 +42,18 @@ RSpec.describe Stif::PermissionTranslator do ).to match_array(Support::Permissions.all_permissions) end end + + context "For the STIF organisation" do + let(:organisation){ build_stubbed :organisation, name: "STIF" } + it "adds the calendars.share permission" do + expect( described_class.translate([], organisation) ).to eq(%w{calendars.share}) + end + + context "with the case changed" do + let(:organisation){ build_stubbed :organisation, name: "StiF" } + it "adds the calendars.share permission" do + expect( described_class.translate([], organisation) ).to eq(%w{calendars.share}) + end + end + end end diff --git a/spec/policies/calendar_policy_spec.rb b/spec/policies/calendar_policy_spec.rb index 294be8198..5fd1eca47 100644 --- a/spec/policies/calendar_policy_spec.rb +++ b/spec/policies/calendar_policy_spec.rb @@ -5,18 +5,21 @@ RSpec.describe CalendarPolicy, type: :policy do permissions :create? do - it_behaves_like 'permitted policy', 'calendars.create', archived: true + it_behaves_like 'permitted policy', 'calendars.create' + end + permissions :share? do + it_behaves_like 'permitted policy and same organisation', 'calendars.share' end permissions :destroy? do - it_behaves_like 'permitted policy and same organisation', 'calendars.destroy', archived: true + it_behaves_like 'permitted policy and same organisation', 'calendars.destroy' end permissions :edit? do - it_behaves_like 'permitted policy and same organisation', 'calendars.update', archived: true + it_behaves_like 'permitted policy and same organisation', 'calendars.update' end permissions :new? do - it_behaves_like 'permitted policy', 'calendars.create', archived: true + it_behaves_like 'permitted policy', 'calendars.create' end permissions :update? do - it_behaves_like 'permitted policy and same organisation', 'calendars.update', archived: true + it_behaves_like 'permitted policy and same organisation', 'calendars.update' end end |