diff options
| -rw-r--r-- | app/controllers/journey_patterns_controller.rb | 7 | ||||
| -rw-r--r-- | app/policies/journey_pattern_policy.rb | 22 | ||||
| -rw-r--r-- | app/views/journey_patterns/show.html.slim | 13 | ||||
| -rw-r--r-- | app/views/routes/show.html.slim | 7 | ||||
| -rw-r--r-- | db/migrate/20170117163532_give_journey_patterns_permissions_to_users.rb | 8 | ||||
| -rw-r--r-- | db/schema.rb | 2 | ||||
| -rw-r--r-- | spec/features/journey_pattern_spec.rb | 47 | ||||
| -rw-r--r-- | spec/features/routes_spec.rb | 74 | ||||
| -rw-r--r-- | spec/support/devise.rb | 6 |
9 files changed, 134 insertions, 52 deletions
diff --git a/app/controllers/journey_patterns_controller.rb b/app/controllers/journey_patterns_controller.rb index b7cdccc72..69f16321e 100644 --- a/app/controllers/journey_patterns_controller.rb +++ b/app/controllers/journey_patterns_controller.rb @@ -15,6 +15,8 @@ class JourneyPatternsController < ChouetteController alias_method :route, :parent alias_method :journey_pattern, :resource + before_action :check_policy, only: [:edit, :update, :destroy] + def index index! do |format| format.html { redirect_to referential_line_route_path(@referential,@line,@route) } @@ -51,9 +53,12 @@ class JourneyPatternsController < ChouetteController @journey_patterns ||= @q.result(:distinct => true).order(:name) end - private + def check_policy + authorize resource + end + def journey_pattern_params params.require(:journey_pattern).permit(:route_id, :objectid, :object_version, :creation_time, :creator_id, :name, :comment, :registration_number, :published_name, :departure_stop_point_id, :arrival_stop_point_id, {:stop_point_ids => []}) end diff --git a/app/policies/journey_pattern_policy.rb b/app/policies/journey_pattern_policy.rb new file mode 100644 index 000000000..95ab23318 --- /dev/null +++ b/app/policies/journey_pattern_policy.rb @@ -0,0 +1,22 @@ +class JourneyPatternPolicy < ApplicationPolicy + class Scope < Scope + def resolve + scope + end + end + + def create? + user.has_permission?('journey_patterns.create') + end + + def edit? + user.has_permission?('journey_patterns.edit') + end + + def destroy? + user.has_permission?('journey_patterns.destroy') + end + + def update? ; edit? end + def new? ; create? end +end diff --git a/app/views/journey_patterns/show.html.slim b/app/views/journey_patterns/show.html.slim index 0fee1a257..417e4dc16 100644 --- a/app/views/journey_patterns/show.html.slim +++ b/app/views/journey_patterns/show.html.slim @@ -30,11 +30,14 @@ h3.journey_pattern_stop_points = t('.stop_points') - content_for :sidebar do ul.actions li - = link_to t('journey_patterns.actions.new'), new_referential_line_route_journey_pattern_path(@referential, @line, @route), class: 'add' + - if policy(@journey_pattern).create? + = link_to t('journey_patterns.actions.new'), new_referential_line_route_journey_pattern_path(@referential, @line, @route), class: 'add' li - = link_to t('journey_patterns.actions.edit'), edit_referential_line_route_journey_pattern_path(@referential, @line, @route, @journey_pattern), class: 'edit' + - if policy(@journey_pattern).edit? + = link_to t('journey_patterns.actions.edit'), edit_referential_line_route_journey_pattern_path(@referential, @line, @route, @journey_pattern), class: 'edit' li - = link_to t('journey_patterns.actions.destroy'), referential_line_route_journey_pattern_path(@referential, @line, @route, @journey_pattern), :method => :delete, :data => {:confirm => t('journey_patterns.actions.destroy_confirm')}, class: 'remove' + - if policy(@journey_pattern).destroy? + = link_to t('journey_patterns.actions.destroy'), referential_line_route_journey_pattern_path(@referential, @line, @route, @journey_pattern), :method => :delete, :data => {:confirm => t('journey_patterns.actions.destroy_confirm')}, class: 'remove' li = link_to edit_referential_line_route_journey_pattern_route_sections_selector_path(@referential, @line, @route, @journey_pattern), class: "edit#{' control-shape' if @journey_pattern.control?}" do = t('journey_patterns.actions.edit_route_sections') @@ -43,5 +46,5 @@ h3.journey_pattern_stop_points = t('.stop_points') li = link_to t('journey_patterns.journey_pattern.vehicle_journey_at_stops'), referential_line_route_vehicle_journeys_path(@referential, @line, @route, :q => {:journey_pattern_id_eq => @journey_pattern.id}), class: 'clock' - - = creation_tag(@journey_pattern)
\ No newline at end of file + + = creation_tag(@journey_pattern) diff --git a/app/views/routes/show.html.slim b/app/views/routes/show.html.slim index 6a1d16c66..e18ec295d 100644 --- a/app/views/routes/show.html.slim +++ b/app/views/routes/show.html.slim @@ -84,7 +84,12 @@ p.after_map span.caret ul.dropdown-menu li = link_to 'Voir', [@referential, @line, @route, journey_pattern], title: "#{Chouette::JourneyPattern.model_name.human.capitalize} #{journey_name(journey_pattern)}" - li = link_to 'Supprimer', referential_line_route_journey_pattern_path(@referential, @line, @route, journey_pattern), method: :delete, data: {confirm: t('journey_patterns.actions.destroy_confirm')} + li + - if policy(journey_pattern).edit? + = link_to t('actions.edit'), edit_referential_line_route_journey_pattern_path(@referential, @line, @route, journey_pattern) + li + - if policy(journey_pattern).destroy? + = link_to t('actions.destroy'), referential_line_route_journey_pattern_path(@referential, @line, @route, journey_pattern), method: :delete, data: {confirm: t('journey_patterns.actions.destroy_confirm')} / .panel-body / .journey_patterns.paginated_content diff --git a/db/migrate/20170117163532_give_journey_patterns_permissions_to_users.rb b/db/migrate/20170117163532_give_journey_patterns_permissions_to_users.rb new file mode 100644 index 000000000..8e403d5cb --- /dev/null +++ b/db/migrate/20170117163532_give_journey_patterns_permissions_to_users.rb @@ -0,0 +1,8 @@ +class GiveJourneyPatternsPermissionsToUsers < ActiveRecord::Migration + def change + User.find_each do |user| + user.permissions += ['journey_patterns.create', 'journey_patterns.edit', 'journey_patterns.destroy'] + user.save! + end + end +end diff --git a/db/schema.rb b/db/schema.rb index 880597573..5fb6cd164 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20170116140623) do +ActiveRecord::Schema.define(version: 20170117163532) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" diff --git a/spec/features/journey_pattern_spec.rb b/spec/features/journey_pattern_spec.rb index 1dbd2752d..380241099 100644 --- a/spec/features/journey_pattern_spec.rb +++ b/spec/features/journey_pattern_spec.rb @@ -8,6 +8,53 @@ describe "JourneyPatterns", :type => :feature do let!(:route) { create(:route, :line => line) } let!(:journey_pattern) { create(:journey_pattern, :route => route) } + describe 'show' do + context 'user has permission to create journey patterns' do + it 'shows the create link for journey pattern' do + visit referential_line_route_journey_pattern_path(referential, line, route, journey_pattern) + expect(page).to have_content(I18n.t('journey_patterns.actions.new')) + end + end + + context 'user does not have permission to create journey patterns' do + it 'does not show the create link for journey pattern' do + @user.update_attribute(:permissions, ['journey_patterns.edit', 'journey_patterns.destroy']) + visit referential_line_route_journey_pattern_path(referential, line, route, journey_pattern) + expect(page).not_to have_content(I18n.t('journey_patterns.actions.new')) + end + end + + context 'user has permission to edit journey patterns' do + it 'shows the edit link for journey pattern' do + visit referential_line_route_journey_pattern_path(referential, line, route, journey_pattern) + expect(page).to have_content(I18n.t('journey_patterns.actions.edit')) + end + end + + context 'user does not have permission to edit journey patterns' do + it 'does not show the edit link for journey pattern' do + @user.update_attribute(:permissions, ['journey_patterns.create', 'journey_patterns.destroy']) + visit referential_line_route_journey_pattern_path(referential, line, route, journey_pattern) + expect(page).not_to have_content(I18n.t('journey_patterns.actions.edit')) + end + end + + context 'user has permission to destroy journey patterns' do + it 'shows the destroy link for journey pattern' do + visit referential_line_route_journey_pattern_path(referential, line, route, journey_pattern) + expect(page).to have_content(I18n.t('journey_patterns.actions.destroy')) + end + end + + context 'user does not have permission to edit journey patterns' do + it 'does not show the destroy link for journey pattern' do + @user.update_attribute(:permissions, ['journey_patterns.create', 'journey_patterns.edit']) + visit referential_line_route_journey_pattern_path(referential, line, route, journey_pattern) + expect(page).not_to have_content(I18n.t('journey_patterns.actions.destroy')) + end + end + end + # describe "from routes page to a journey_pattern page" do # it "display route's journey_patterns" do # visit referential_line_route_path(referential,line,route) diff --git a/spec/features/routes_spec.rb b/spec/features/routes_spec.rb index 70d32c777..bc2088712 100644 --- a/spec/features/routes_spec.rb +++ b/spec/features/routes_spec.rb @@ -54,6 +54,38 @@ describe "Routes", :type => :feature do end end + describe 'show' do + context 'user has permission to edit journey patterns' do + it 'shows edit links for journey patterns' do + visit referential_line_route_path(referential, line, route) + expect(page).to have_content(I18n.t('actions.edit')) + end + end + + context 'user does not have permission to edit journey patterns' do + it 'does not show edit links for journey patterns' do + @user.update_attribute(:permissions, ['journey_patterns.create', 'journey_patterns.destroy']) + visit referential_line_route_path(referential, line, route) + expect(page).not_to have_content(I18n.t('actions.edit')) + end + end + + context 'user has permission to destroy journey patterns' do + it 'shows destroy links for journey patterns' do + visit referential_line_route_path(referential, line, route) + expect(page).to have_content(I18n.t('actions.destroy')) + end + end + + context 'user does not have permission to edit journey patterns' do + it 'does not show destroy links for journey patterns' do + @user.update_attribute(:permissions, ['journey_patterns.create', 'journey_patterns.edit']) + visit referential_line_route_path(referential, line, route) + expect(page).not_to have_content(I18n.t('actions.destroy')) + end + end + end + describe 'referential line show' do context 'user has permission to edit routes' do it 'shows edit buttons for routes' do @@ -101,45 +133,3 @@ describe "Routes", :type => :feature do end end end - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/spec/support/devise.rb b/spec/support/devise.rb index ae166d284..7cfa17f44 100644 --- a/spec/support/devise.rb +++ b/spec/support/devise.rb @@ -3,7 +3,8 @@ module DeviseRequestHelper def login_user organisation = Organisation.where(:code => "first").first_or_create(attributes_for(:organisation)) - @user ||= create(:user, :organisation => organisation, :permissions => ['routes.create', 'routes.edit', 'routes.destroy']) + @user ||= create(:user, :organisation => organisation, + :permissions => ['routes.create', 'routes.edit', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.edit', 'journey_patterns.destroy']) login_as @user, :scope => :user # post_via_redirect user_session_path, 'user[email]' => @user.email, 'user[password]' => @user.password end @@ -34,7 +35,8 @@ module DeviseControllerHelper before(:each) do @request.env["devise.mapping"] = Devise.mappings[:user] organisation = Organisation.where(:code => "first").first_or_create(attributes_for(:organisation)) - user = create(:user, :organisation => organisation, :permissions => ['routes.create', 'routes.edit', 'routes.destroy']) + user = create(:user, :organisation => organisation, + :permissions => ['routes.create', 'routes.edit', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.edit', 'journey_patterns.destroy']) sign_in user end end |