aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--DEVNOTES.md9
-rw-r--r--app/models/chouette/stop_point.rb2
-rw-r--r--app/policies/calendar_policy.rb6
-rw-r--r--app/policies/default_policy.rb5
-rw-r--r--app/policies/line_policy.rb6
-rw-r--r--app/policies/route_policy.rb2
-rw-r--r--spec/policies/calendar_policy_spec.rb37
-rw-r--r--spec/policies/line_policy_spec.rb110
-rw-r--r--spec/policies/route_policy_spec.rb4
-rw-r--r--spec/policies/stop_point_policy_spec.rb5
-rw-r--r--spec/support/pundit/shared_examples.rb25
11 files changed, 29 insertions, 182 deletions
diff --git a/DEVNOTES.md b/DEVNOTES.md
index 01f58fa0f..2a3915ed2 100644
--- a/DEVNOTES.md
+++ b/DEVNOTES.md
@@ -33,7 +33,7 @@ The following Policies are of this type.
The standard type policy inherits from `ApplicationPolicy` does not override any _Undesructive_ _Pemission_ but overrides the _Destructive_ ones.
-Normally, but not always they are overriden as follows
+They are overriden as follows
```ruby
def <destructive>?
@@ -41,21 +41,20 @@ Normally, but not always they are overriden as follows
end
```
-There are some variations (**TO BE CLARIFIED**) concerning `organisation_match?`.
+**An exception** is `Referntial` which **cannot** check for `organisation_match?` for creation as there is no referential.
The following Policies are of this type.
- `AccessLink`
- `AccessPoint`
- - `Calendar` (*)
+ - `Calendar`
- `ConnectionLink`
- `JourneyPattern`
- `Referential` + custom
- - `Route`
+ - `Route` (used by `StopPoint` too)
- `RoutingConstraintZone`
- `TimeTable` + custom
-`Calendar` is a strange exception where no user permission is checked for the _destructive_ _permissions_.
diff --git a/app/models/chouette/stop_point.rb b/app/models/chouette/stop_point.rb
index 1cc1ed7a3..3dbf6be0d 100644
--- a/app/models/chouette/stop_point.rb
+++ b/app/models/chouette/stop_point.rb
@@ -2,7 +2,7 @@ module Chouette
class StopPoint < TridentActiveRecord
def self.policy_class
- DefaultPolicy
+ RoutePolicy
end
include ForBoardingEnumerations
diff --git a/app/policies/calendar_policy.rb b/app/policies/calendar_policy.rb
index 3353988bd..d3c715d70 100644
--- a/app/policies/calendar_policy.rb
+++ b/app/policies/calendar_policy.rb
@@ -6,13 +6,13 @@ class CalendarPolicy < ApplicationPolicy
end
def create?
- !archived? && organisation_match?
+ !archived? && organisation_match? && user.has_permission?('calendars.create')
end
def destroy?
- !archived? && organisation_match?
+ !archived? && organisation_match? && user.has_permission?('calendars.destroy')
end
def update?
- !archived? && organisation_match?
+ !archived? && organisation_match? && user.has_permission?('calendars.update')
end
def share?
diff --git a/app/policies/default_policy.rb b/app/policies/default_policy.rb
deleted file mode 100644
index 1858fbe7c..000000000
--- a/app/policies/default_policy.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-class DefaultPolicy
-
- def initialize(*args); end
-
-end
diff --git a/app/policies/line_policy.rb b/app/policies/line_policy.rb
index b84c7a69f..acb0d79e7 100644
--- a/app/policies/line_policy.rb
+++ b/app/policies/line_policy.rb
@@ -7,15 +7,15 @@ class LinePolicy < ApplicationPolicy
end
def create_footnote?
- !archived? && user.has_permission?('footnotes.create')
+ !archived? && organisation_match? && user.has_permission?('footnotes.create')
end
def edit_footnote?
- !archived? && user.has_permission?('footnotes.update')
+ !archived? && organisation_match? && user.has_permission?('footnotes.update')
end
def destroy_footnote?
- !archived? && user.has_permission?('footnotes.destroy')
+ !archived? && organisation_match? && user.has_permission?('footnotes.destroy')
end
def update_footnote? ; edit_footnote? end
diff --git a/app/policies/route_policy.rb b/app/policies/route_policy.rb
index be3ffce4d..786b0acf4 100644
--- a/app/policies/route_policy.rb
+++ b/app/policies/route_policy.rb
@@ -6,7 +6,7 @@ class RoutePolicy < ApplicationPolicy
end
def create?
- !archived? && user.has_permission?('routes.create') # organisation match via referential is checked in the view
+ !archived? && organisation_match? && user.has_permission?('routes.create')
end
def destroy?
diff --git a/spec/policies/calendar_policy_spec.rb b/spec/policies/calendar_policy_spec.rb
index f4423fb82..57f771c54 100644
--- a/spec/policies/calendar_policy_spec.rb
+++ b/spec/policies/calendar_policy_spec.rb
@@ -1,47 +1,22 @@
RSpec.describe CalendarPolicy, type: :policy do
let( :record ){ build_stubbed :calendar }
+ before { stub_policy_scope(record) }
- shared_examples 'authorizes on archived and same organisation only' do
- | permission, archived: false|
- context 'same organisation →' do
- before do
- user.organisation_id = referential.organisation_id
- end
- it "allows a user with the same organisation" do
- expect_it.to permit(user_context, record)
- end
- if archived
- it 'removes permission for archived referentials' do
- referential.archived_at = 42.seconds.ago
- expect_it.not_to permit(user_context, record)
- end
- end
- end
-
- context 'different organisations →' do
- before do
- add_permissions(permission, for_user: user)
- end
- it "denies a user with a different organisation" do
- expect_it.not_to permit(user_context, record)
- end
- end
- end
permissions :create? do
- it_behaves_like 'authorizes on archived and same organisation only', 'calendars.create', archived: true
+ it_behaves_like 'permitted policy and same organisation', 'calendars.create', archived: true
end
permissions :destroy? do
- it_behaves_like 'authorizes on archived and same organisation only', 'calendars.destroy', archived: true
+ it_behaves_like 'permitted policy and same organisation', 'calendars.destroy', archived: true
end
permissions :edit? do
- it_behaves_like 'authorizes on archived and same organisation only', 'calendars.update', archived: true
+ it_behaves_like 'permitted policy and same organisation', 'calendars.update', archived: true
end
permissions :new? do
- it_behaves_like 'authorizes on archived and same organisation only', 'calendars.create', archived: true
+ it_behaves_like 'permitted policy and same organisation', 'calendars.create', archived: true
end
permissions :update? do
- it_behaves_like 'authorizes on archived and same organisation only', 'calendars.update', archived: true
+ it_behaves_like 'permitted policy and same organisation', 'calendars.update', archived: true
end
end
diff --git a/spec/policies/line_policy_spec.rb b/spec/policies/line_policy_spec.rb
index d9e684847..334073506 100644
--- a/spec/policies/line_policy_spec.rb
+++ b/spec/policies/line_policy_spec.rb
@@ -46,118 +46,14 @@ RSpec.describe LinePolicy, type: :policy do
# ---------------------------
permissions :create_footnote? do
- context 'permission present →' do
- before do
- add_permissions('footnotes.create', for_user: user)
- end
-
- it 'authorized for unarchived referentials' do
- expect_it.to permit(user_context, record)
- end
-
- it 'forbidden for archived referentials' do
- referential.archived_at = 1.second.ago
- expect_it.not_to permit(user_context, record)
- end
- end
-
- context 'permission absent →' do
- it 'is forbidden' do
- expect_it.not_to permit(user_context, record)
- end
- end
+ it_behaves_like 'permitted policy and same organisation', 'footnotes.create', archived: true
end
permissions :destroy_footnote? do
- context 'permission present →' do
- before do
- add_permissions('footnotes.destroy', for_user: user)
- end
-
- it 'authorized for unarchived referentials' do
- expect_it.to permit(user_context, record)
- end
-
- it 'forbidden for archived referentials' do
- referential.archived_at = 1.second.ago
- expect_it.not_to permit(user_context, record)
- end
- end
-
- context 'permission absent →' do
- it 'is forbidden' do
- expect_it.not_to permit(user_context, record)
- end
- end
- end
-
- permissions :edit_footnote? do
- context 'permission present →' do
- before do
- add_permissions('footnotes.update', for_user: user)
- end
-
- it 'authorized for unarchived referentials' do
- expect_it.to permit(user_context, record)
- end
-
- it 'forbidden for archived referentials' do
- referential.archived_at = 1.second.ago
- expect_it.not_to permit(user_context, record)
- end
- end
-
- context 'permission absent →' do
- it 'is forbidden' do
- expect_it.not_to permit(user_context, record)
- end
- end
- end
-
- permissions :new_footnote? do
- context 'permission present →' do
- before do
- add_permissions('footnotes.create', for_user: user)
- end
-
- it 'authorized for unarchived referentials' do
- expect_it.to permit(user_context, record)
- end
-
- it 'forbidden for archived referentials' do
- referential.archived_at = 1.second.ago
- expect_it.not_to permit(user_context, record)
- end
- end
-
- context 'permission absent →' do
- it 'is forbidden' do
- expect_it.not_to permit(user_context, record)
- end
- end
+ it_behaves_like 'permitted policy and same organisation', 'footnotes.destroy', archived: true
end
permissions :update_footnote? do
- context 'permission present →' do
- before do
- add_permissions('footnotes.update', for_user: user)
- end
-
- it 'authorized for unarchived referentials' do
- expect_it.to permit(user_context, record)
- end
-
- it 'forbidden for archived referentials' do
- referential.archived_at = 1.second.ago
- expect_it.not_to permit(user_context, record)
- end
- end
-
- context 'permission absent →' do
- it 'is forbidden' do
- expect_it.not_to permit(user_context, record)
- end
- end
+ it_behaves_like 'permitted policy and same organisation', 'footnotes.update', archived: true
end
-
end
diff --git a/spec/policies/route_policy_spec.rb b/spec/policies/route_policy_spec.rb
index 6be517048..243d85acb 100644
--- a/spec/policies/route_policy_spec.rb
+++ b/spec/policies/route_policy_spec.rb
@@ -3,7 +3,7 @@ RSpec.describe RoutePolicy, type: :policy do
let( :record ){ build_stubbed :route }
permissions :create? do
- it_behaves_like 'permitted policy', 'routes.create', archived: true
+ it_behaves_like 'permitted policy and same organisation', 'routes.create', archived: true
end
permissions :destroy? do
@@ -15,7 +15,7 @@ RSpec.describe RoutePolicy, type: :policy do
end
permissions :new? do
- it_behaves_like 'permitted policy', 'routes.create', archived: true
+ it_behaves_like 'permitted policy and same organisation', 'routes.create', archived: true
end
permissions :update? do
diff --git a/spec/policies/stop_point_policy_spec.rb b/spec/policies/stop_point_policy_spec.rb
new file mode 100644
index 000000000..2a8b9b905
--- /dev/null
+++ b/spec/policies/stop_point_policy_spec.rb
@@ -0,0 +1,5 @@
+RSpec.describe Chouette::StopPoint do
+ describe "using RoutePolicy" do
+ it { expect( described_class.policy_class ).to eq(RoutePolicy) }
+ end
+end
diff --git a/spec/support/pundit/shared_examples.rb b/spec/support/pundit/shared_examples.rb
index 357004f4e..b91caa479 100644
--- a/spec/support/pundit/shared_examples.rb
+++ b/spec/support/pundit/shared_examples.rb
@@ -64,6 +64,7 @@ RSpec.shared_examples 'always forbidden' do
end
end
end
+j
RSpec.shared_examples 'permitted policy and same organisation' do
| permission, archived: false|
@@ -100,27 +101,3 @@ RSpec.shared_examples 'permitted policy and same organisation' do
end
end
end
-
-RSpec.shared_examples 'permitted policy' do
- | permission, archived: false|
- context 'permission absent → ' do
- it "denies a user with a different organisation" do
- expect_it.not_to permit(user_context, record)
- end
- end
- context 'permission present → ' do
- before do
- add_permissions(permission, for_user: user)
- end
- it 'allows a user with a different organisation' do
- expect_it.to permit(user_context, record)
- end
-
- if archived
- it 'removes the permission for archived referentials' do
- referential.archived_at = 42.seconds.ago
- expect_it.not_to permit(user_context, record)
- end
- end
- end
-end
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-01 19:02:30 +0000