diff options
28 files changed, 468 insertions, 98 deletions
diff --git a/app/controllers/line_footnotes_controller.rb b/app/controllers/line_footnotes_controller.rb index 305a8fac3..3b44d087c 100644 --- a/app/controllers/line_footnotes_controller.rb +++ b/app/controllers/line_footnotes_controller.rb @@ -1,6 +1,6 @@ class LineFootnotesController < ChouetteController defaults :resource_class => Chouette::Line, :instance_name => 'line' - before_action :check_policy, :only => [:edit, :update] + before_action :check_policy, only: [:edit, :update, :destroy] belongs_to :referential def show @@ -23,11 +23,12 @@ class LineFootnotesController < ChouetteController end end - private + protected def check_policy - authorize resource, :update_footnote? + authorize resource, "#{action_name}_footnote?".to_sym end + private def resource @referential = Referential.find params[:referential_id] @line = @referential.lines.find params[:line_id] diff --git a/app/controllers/routing_constraint_zones_controller.rb b/app/controllers/routing_constraint_zones_controller.rb index 1c2c40cbb..cd8cd5aa7 100644 --- a/app/controllers/routing_constraint_zones_controller.rb +++ b/app/controllers/routing_constraint_zones_controller.rb @@ -7,6 +7,13 @@ class RoutingConstraintZonesController < ChouetteController belongs_to :line, parent_class: Chouette::Line end + before_action :check_policy, only: [:edit, :update, :destroy] + + protected + def check_policy + authorize resource + end + private def routing_constraint_zone_params params.require(:routing_constraint_zone).permit(:name, { stop_area_ids: [] }, :line_id, :objectid, :object_version, :creation_time, :creator_id) diff --git a/app/controllers/time_tables_controller.rb b/app/controllers/time_tables_controller.rb index 10e1e76dc..ec62dfb98 100644 --- a/app/controllers/time_tables_controller.rb +++ b/app/controllers/time_tables_controller.rb @@ -8,6 +8,8 @@ class TimeTablesController < ChouetteController belongs_to :referential + before_action :check_policy, only: [:edit, :update, :destroy] + def show @year = params[:year] ? params[:year].to_i : Date.today.cwyear @time_table_combination = TimeTableCombination.new @@ -112,6 +114,10 @@ class TimeTablesController < ChouetteController referential_time_tables_path(referential) end + def check_policy + authorize resource + end + private def time_table_params diff --git a/app/controllers/vehicle_journeys_controller.rb b/app/controllers/vehicle_journeys_controller.rb index d1c54827b..9b4c39d2a 100644 --- a/app/controllers/vehicle_journeys_controller.rb +++ b/app/controllers/vehicle_journeys_controller.rb @@ -9,6 +9,8 @@ class VehicleJourneysController < ChouetteController end end + before_action :check_policy, only: [:edit, :update, :destroy] + def select_journey_pattern if params[:journey_pattern_id] selected_journey_pattern = Chouette::JourneyPattern.find( params[:journey_pattern_id]) @@ -77,6 +79,12 @@ class VehicleJourneysController < ChouetteController @matrix = resource_class.matrix(@vehicle_journeys) end + protected + + def check_policy + authorize resource + end + private def vehicle_journey_params diff --git a/app/models/user.rb b/app/models/user.rb index 3debf37dc..9fefd2939 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -34,6 +34,10 @@ class User < ActiveRecord::Base self.name = extra[:full_name] self.email = extra[:email] self.organisation = Organisation.sync_update extra[:organisation_code], extra[:organisation_name], extra[:functional_scope] + self.permissions = ['routes.create', 'routes.edit', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.edit', 'journey_patterns.destroy', + 'vehicle_journeys.create', 'vehicle_journeys.edit', 'vehicle_journeys.destroy', 'time_tables.create', 'time_tables.edit', 'time_tables.destroy', + 'footnotes.edit', 'footnotes.create', 'footnotes.destroy', 'routing_constraint_zones.create', 'routing_constraint_zones.edit', + 'routing_constraint_zones.destroy'] end def self.portail_api_request diff --git a/app/policies/footnote_policy.rb b/app/policies/footnote_policy.rb new file mode 100644 index 000000000..49268ecbc --- /dev/null +++ b/app/policies/footnote_policy.rb @@ -0,0 +1,22 @@ +class FootnotePolicy < ApplicationPolicy + class Scope < Scope + def resolve + scope + end + end + + def create? + user.has_permission?('footnotes.create') + end + + def edit? + user.has_permission?('footnotes.edit') + end + + def destroy? + user.has_permission?('footnotes.destroy') + end + + def update? ; edit? end + def new? ; create? end +end diff --git a/app/policies/line_policy.rb b/app/policies/line_policy.rb index 9d1f55cf2..2ea1ecda9 100644 --- a/app/policies/line_policy.rb +++ b/app/policies/line_policy.rb @@ -12,5 +12,19 @@ class LinePolicy < ApplicationPolicy def new? ; create? end def edit? ; false end def destroy? ; create? end - def update_footnote?; true end + + def create_footnote? + user.has_permission?('footnotes.create') + end + + def edit_footnote? + user.has_permission?('footnotes.edit') + end + + def destroy_footnote? + user.has_permission?('routes.destroy') + end + + def update_footnote? ; edit_footnote? end + def new_footnote? ; create_footnote? end end diff --git a/app/policies/routing_constraint_zone_policy.rb b/app/policies/routing_constraint_zone_policy.rb index c6caf4ec5..3de5080f6 100644 --- a/app/policies/routing_constraint_zone_policy.rb +++ b/app/policies/routing_constraint_zone_policy.rb @@ -5,9 +5,18 @@ class RoutingConstraintZonePolicy < ApplicationPolicy end end - def create? ; true end - def update? ; true end - def new? ; true end - def edit? ; true end - def destroy? ; true end + def create? + user.has_permission?('routing_constraint_zones.create') + end + + def edit? + user.has_permission?('routing_constraint_zones.edit') + end + + def destroy? + user.has_permission?('routing_constraint_zones.destroy') + end + + def update? ; edit? end + def new? ; create? end end diff --git a/app/policies/time_table_policy.rb b/app/policies/time_table_policy.rb new file mode 100644 index 000000000..7328748c2 --- /dev/null +++ b/app/policies/time_table_policy.rb @@ -0,0 +1,22 @@ +class TimeTablePolicy < ApplicationPolicy + class Scope < Scope + def resolve + scope + end + end + + def create? + user.has_permission?('time_tables.create') + end + + def edit? + user.has_permission?('time_tables.edit') + end + + def destroy? + user.has_permission?('time_tables.destroy') + end + + def update? ; edit? end + def new? ; create? end +end diff --git a/app/policies/vehicle_journey_policy.rb b/app/policies/vehicle_journey_policy.rb new file mode 100644 index 000000000..7aa19f1a2 --- /dev/null +++ b/app/policies/vehicle_journey_policy.rb @@ -0,0 +1,22 @@ +class VehicleJourneyPolicy < ApplicationPolicy + class Scope < Scope + def resolve + scope + end + end + + def create? + user.has_permission?('vehicle_journeys.create') + end + + def edit? + user.has_permission?('vehicle_journeys.edit') + end + + def destroy? + user.has_permission?('vehicle_journeys.destroy') + end + + def update? ; edit? end + def new? ; create? end +end diff --git a/app/views/routing_constraint_zones/index.html.slim b/app/views/routing_constraint_zones/index.html.slim index b12fbd3dd..cc1305e95 100644 --- a/app/views/routing_constraint_zones/index.html.slim +++ b/app/views/routing_constraint_zones/index.html.slim @@ -1,6 +1,7 @@ = title_tag Chouette::RoutingConstraintZone.model_name.human.pluralize(:fr) -= link_to t('routing_constraint_zones.actions.new'), new_referential_line_routing_constraint_zone_path +- if policy(Chouette::RoutingConstraintZone).create? + = link_to t('routing_constraint_zones.actions.new'), new_referential_line_routing_constraint_zone_path - if @routing_constraint_zones.any? = table_builder @routing_constraint_zones, diff --git a/app/views/time_tables/_time_table.html.slim b/app/views/time_tables/_time_table.html.slim index 1e418054e..7d066669d 100644 --- a/app/views/time_tables/_time_table.html.slim +++ b/app/views/time_tables/_time_table.html.slim @@ -2,10 +2,11 @@ .panel-heading .panel-title.clearfix span.pull-right - = link_to edit_referential_time_table_path(@referential, time_table), class: 'btn btn-default btn-sm' do - span.fa.fa-pencil + - if policy(time_table).edit? + = link_to edit_referential_time_table_path(@referential, time_table), class: 'btn btn-default btn-sm' do + span.fa.fa-pencil - - if delete + - if policy(time_table).destroy? = link_to '<span class="fa fa-trash-o"></span>'.html_safe, referential_time_table_path(@referential, time_table), :method => :delete, :data => {:confirm => t('time_tables.actions.destroy_confirm')}, class: "btn btn-danger btn-sm" h5 @@ -27,4 +28,4 @@ - unless time_table.tags.empty? div - = time_table.presenter.tag_list_shortened
\ No newline at end of file + = time_table.presenter.tag_list_shortened diff --git a/app/views/time_tables/index.html.slim b/app/views/time_tables/index.html.slim index 3a9d1c4ad..e53e1e3e2 100644 --- a/app/views/time_tables/index.html.slim +++ b/app/views/time_tables/index.html.slim @@ -31,5 +31,7 @@ - content_for :sidebar do ul.actions - li = link_to t('time_tables.actions.new'), new_referential_time_table_path(@referential), class: "add" - br
\ No newline at end of file + li + - if policy(Chouette::TimeTable).create? + = link_to t('time_tables.actions.new'), new_referential_time_table_path(@referential), class: "add" + br diff --git a/app/views/time_tables/show.html.slim b/app/views/time_tables/show.html.slim index 7eaf24a77..8154ea8e0 100644 --- a/app/views/time_tables/show.html.slim +++ b/app/views/time_tables/show.html.slim @@ -9,14 +9,19 @@ - content_for :sidebar do ul.actions li - = link_to t('time_tables.actions.new'), new_referential_time_table_path(@referential), class: 'add' + - if policy(@time_table).create? + = link_to t('time_tables.actions.new'), new_referential_time_table_path(@referential), class: 'add' li - = link_to t('time_tables.actions.edit'), edit_referential_time_table_path(@referential, @time_table), class: "edit" + - if policy(@time_table).edit? + = link_to t('time_tables.actions.edit'), edit_referential_time_table_path(@referential, @time_table), class: "edit" li - = link_to t('time_tables.actions.destroy'), referential_time_table_path(@referential, @time_table), :method => :delete, :data => {:confirm => t('time_tables.actions.destroy_confirm')}, class: "remove" + - if policy(@time_table).destroy? + = link_to t('time_tables.actions.destroy'), referential_time_table_path(@referential, @time_table), :method => :delete, :data => {:confirm => t('time_tables.actions.destroy_confirm')}, class: "remove" li - = link_to t('time_tables.actions.duplicate'), duplicate_referential_time_table_path(@referential, @time_table), class: "clone" + - if policy(@time_table).create? + = link_to t('time_tables.actions.duplicate'), duplicate_referential_time_table_path(@referential, @time_table), class: "clone" li + /- if policy(@time_table).create? = link_to t('time_tables.actions.combine'), new_referential_time_table_time_table_combination_path(@referential, @time_table), {:remote => true, 'data-toggle' => "modal", 'data-target' => '#modal_combine', class: "merge"} - = creation_tag(@time_table)
\ No newline at end of file + = creation_tag(@time_table) diff --git a/app/views/vehicle_journeys/_show_sidebar.html.slim b/app/views/vehicle_journeys/_show_sidebar.html.slim index 8117dd23b..44d5f8233 100644 --- a/app/views/vehicle_journeys/_show_sidebar.html.slim +++ b/app/views/vehicle_journeys/_show_sidebar.html.slim @@ -1,13 +1,19 @@ - content_for :sidebar do ul.actions - li = link_to t('vehicle_journeys.actions.new'), new_referential_line_route_vehicle_journey_path(@referential, @line, @route), class: "add" + li + - if policy(@vehicle_journey).create? + = link_to t('vehicle_journeys.actions.new'), new_referential_line_route_vehicle_journey_path(@referential, @line, @route), class: "add" li = link_to t('vehicle_journeys.actions.new_frequency'), new_referential_line_route_vehicle_journey_frequency_path(@referential, @line, @route), class: "add" - li = link_to t('vehicle_journeys.actions.edit'), edit_referential_line_route_vehicle_journey_path(@referential, @line, @route, @vehicle_journey), class: "edit" - li = link_to t('vehicle_journeys.actions.destroy'), referential_line_route_vehicle_journey_path(@referential, @line, @route, @vehicle_journey), :method => :delete, :data => {:confirm => t('vehicle_journeys.actions.destroy_confirm')}, class: "remove" - + li + - if policy(@vehicle_journey).edit? + = link_to t('vehicle_journeys.actions.edit'), edit_referential_line_route_vehicle_journey_path(@referential, @line, @route, @vehicle_journey), class: "edit" + li + - if policy(@vehicle_journey).destroy? + = link_to t('vehicle_journeys.actions.destroy'), referential_line_route_vehicle_journey_path(@referential, @line, @route, @vehicle_journey), :method => :delete, :data => {:confirm => t('vehicle_journeys.actions.destroy_confirm')}, class: "remove" + - unless @vehicle_journey.vehicle_journey_at_stops.empty? li i.fa.fa-cubes.fa-fw style="color:#D98F3B;" = link_to t('vehicle_journeys.show.translation_form'), new_referential_line_route_vehicle_journey_vehicle_translation_path(@referential, @line, @route, @vehicle_journey), {:remote => true, 'data-toggle' => "modal", 'data-target' => '#modal_translation', class: "with_fa" } - = creation_tag(@vehicle_journey)
\ No newline at end of file + = creation_tag(@vehicle_journey) diff --git a/app/views/vehicle_journeys/_sidebar.html.slim b/app/views/vehicle_journeys/_sidebar.html.slim index 8d9627ba0..187de1b08 100644 --- a/app/views/vehicle_journeys/_sidebar.html.slim +++ b/app/views/vehicle_journeys/_sidebar.html.slim @@ -1,9 +1,10 @@ ul.actions li - = link_to t('vehicle_journeys.actions.new'), new_referential_line_route_vehicle_journey_path(@referential, @line, @route), class: "add" + - if policy(Chouette::VehicleJourney).create? + = link_to t('vehicle_journeys.actions.new'), new_referential_line_route_vehicle_journey_path(@referential, @line, @route), class: "add" li = link_to t('vehicle_journeys.actions.new_frequency'), new_referential_line_route_vehicle_journey_frequency_path(@referential, @line, @route), class: "add" li = link_to t('vehicle_journey_imports.new.title'), new_referential_line_route_vehicle_journey_import_path( @referential, @line, @route ), class: "import" li - = link_to t('vehicle_journey_exports.new.title'), referential_line_route_vehicle_journey_exports_path(@referential, @line, @route, :format => :zip), class: "export"
\ No newline at end of file + = link_to t('vehicle_journey_exports.new.title'), referential_line_route_vehicle_journey_exports_path(@referential, @line, @route, :format => :zip), class: "export" diff --git a/app/views/vehicle_journeys/index.html.slim b/app/views/vehicle_journeys/index.html.slim index e59f2ca1b..aa18a120f 100644 --- a/app/views/vehicle_journeys/index.html.slim +++ b/app/views/vehicle_journeys/index.html.slim @@ -5,7 +5,7 @@ .panel-heading = f.label :journey_pattern_id_eq, "Missions" = f.text_field(:journey_pattern_id_eq, class: "form-control") - + button.btn.btn-default type="submit" i.fa.fa-search @@ -22,20 +22,20 @@ span.time_tables_id_eq = f.label :time_tables_id_eq, "Sélectionner calendriers" = f.text_field :time_tables_id_eq, :input_html => { :"data-pre" => [].to_json} - - - if controller_name != 'vehicle_journey_frequencies' - div - = f.label :vehicle_journey_at_stops_departure_time_not_eq, "Sans horaire" - = f.check_box :vehicle_journey_at_stops_departure_time_not_eq - span.vehicle_journey_at_stops_departure_time_gt - input name="#{q[vehicle_journey_at_stops_departure_time_gt(3i)]}" type="hidden" value="1" - input name="#{q[vehicle_journey_at_stops_departure_time_gt(2i)]}" type="hidden" value="1" - input name="#{q[vehicle_journey_at_stops_departure_time_gt(1i)]}" type="hidden" value="2000" - - = f.label :vehicle_journey_at_stops_departure_time_gt, t('.time_range') - = select_hour(@q.send( "vehicle_journey_at_stops_departure_time_gt") ? @q.send( "vehicle_journey_at_stops_departure_time_gt").hour : 0, :prefix => "q", :field_name => "vehicle_journey_at_stops_departure_time_gt(4i)") - = select_minute(@q.send( "vehicle_journey_at_stops_departure_time_gt") ? @q.send( "vehicle_journey_at_stops_departure_time_gt").min : 0, :prefix => "q", :field_name => "vehicle_journey_at_stops_departure_time_gt(5i)") + / - if controller_name != 'vehicle_journey_frequencies' + / div + / = f.label :vehicle_journey_at_stops_departure_time_not_eq, "Sans horaire" + / = f.check_box :vehicle_journey_at_stops_departure_time_not_eq + + / span.vehicle_journey_at_stops_departure_time_gt + / input name="#{q[vehicle_journey_at_stops_departure_time_gt(3i)]}" type="hidden" value="1" + / input name="#{q[vehicle_journey_at_stops_departure_time_gt(2i)]}" type="hidden" value="1" + / input name="#{q[vehicle_journey_at_stops_departure_time_gt(1i)]}" type="hidden" value="2000" + + / = f.label :vehicle_journey_at_stops_departure_time_gt, t('.time_range') + / = select_hour(@q.send( "vehicle_journey_at_stops_departure_time_gt") ? @q.send( "vehicle_journey_at_stops_departure_time_gt").hour : 0, :prefix => "q", :field_name => "vehicle_journey_at_stops_departure_time_gt(4i)") + / = select_minute(@q.send( "vehicle_journey_at_stops_departure_time_gt") ? @q.send( "vehicle_journey_at_stops_departure_time_gt").min : 0, :prefix => "q", :field_name => "vehicle_journey_at_stops_departure_time_gt(5i)") #vehicle_journeys == render "vehicle_journeys" @@ -90,4 +90,4 @@ javascript: $( 'input[name="q[vehicle_journey_at_stops_departure_time_not_eq]"]').change( function(){ $('span.vehicle_journey_at_stops_departure_time_gt').toggle( $(this).filter(":checked").val()==undefined); }); - });
\ No newline at end of file + }); diff --git a/config/locales/time_tables.fr.yml b/config/locales/time_tables.fr.yml index 46f243580..60ecfdc35 100644 --- a/config/locales/time_tables.fr.yml +++ b/config/locales/time_tables.fr.yml @@ -51,7 +51,7 @@ fr: to: " à : " start_date: "jj/mm/aaaa" end_date: "jj/mm/aaaa" - title: "calendriers" + title: "Calendriers" selection: "Sélection" selection_all: "Tous" advanced_search: "Recherche avancée" diff --git a/db/migrate/20170123131243_set_user_permissions.rb b/db/migrate/20170123131243_set_user_permissions.rb new file mode 100644 index 000000000..2a56adcca --- /dev/null +++ b/db/migrate/20170123131243_set_user_permissions.rb @@ -0,0 +1,8 @@ +class SetUserPermissions < ActiveRecord::Migration + def change + User.update_all(permissions: ['routes.create', 'routes.edit', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.edit', 'journey_patterns.destroy', + 'vehicle_journeys.create', 'vehicle_journeys.edit', 'vehicle_journeys.destroy', 'time_tables.create', 'time_tables.edit', 'time_tables.destroy', + 'footnotes.edit', 'footnotes.create', 'footnotes.destroy', 'routing_constraint_zones.create', 'routing_constraint_zones.edit', 'routing_constraint_zones.destroy']) + end +end + diff --git a/db/schema.rb b/db/schema.rb index 258fb3c22..babd35e3d 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20170118104441) do +ActiveRecord::Schema.define(version: 20170123131243) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" diff --git a/spec/features/journey_pattern_spec.rb b/spec/features/journey_pattern_spec.rb index 380241099..1efed040b 100644 --- a/spec/features/journey_pattern_spec.rb +++ b/spec/features/journey_pattern_spec.rb @@ -9,16 +9,17 @@ describe "JourneyPatterns", :type => :feature do let!(:journey_pattern) { create(:journey_pattern, :route => route) } describe 'show' do + before(:each) { visit referential_line_route_journey_pattern_path(referential, line, route, journey_pattern) } + context 'user has permission to create journey patterns' do it 'shows the create link for journey pattern' do - visit referential_line_route_journey_pattern_path(referential, line, route, journey_pattern) expect(page).to have_content(I18n.t('journey_patterns.actions.new')) end end context 'user does not have permission to create journey patterns' do it 'does not show the create link for journey pattern' do - @user.update_attribute(:permissions, ['journey_patterns.edit', 'journey_patterns.destroy']) + @user.update_attribute(:permissions, []) visit referential_line_route_journey_pattern_path(referential, line, route, journey_pattern) expect(page).not_to have_content(I18n.t('journey_patterns.actions.new')) end @@ -26,14 +27,13 @@ describe "JourneyPatterns", :type => :feature do context 'user has permission to edit journey patterns' do it 'shows the edit link for journey pattern' do - visit referential_line_route_journey_pattern_path(referential, line, route, journey_pattern) expect(page).to have_content(I18n.t('journey_patterns.actions.edit')) end end context 'user does not have permission to edit journey patterns' do it 'does not show the edit link for journey pattern' do - @user.update_attribute(:permissions, ['journey_patterns.create', 'journey_patterns.destroy']) + @user.update_attribute(:permissions, []) visit referential_line_route_journey_pattern_path(referential, line, route, journey_pattern) expect(page).not_to have_content(I18n.t('journey_patterns.actions.edit')) end @@ -41,14 +41,13 @@ describe "JourneyPatterns", :type => :feature do context 'user has permission to destroy journey patterns' do it 'shows the destroy link for journey pattern' do - visit referential_line_route_journey_pattern_path(referential, line, route, journey_pattern) expect(page).to have_content(I18n.t('journey_patterns.actions.destroy')) end end - context 'user does not have permission to edit journey patterns' do + context 'user does not have permission to destroy journey patterns' do it 'does not show the destroy link for journey pattern' do - @user.update_attribute(:permissions, ['journey_patterns.create', 'journey_patterns.edit']) + @user.update_attribute(:permissions, []) visit referential_line_route_journey_pattern_path(referential, line, route, journey_pattern) expect(page).not_to have_content(I18n.t('journey_patterns.actions.destroy')) end diff --git a/spec/features/line_footnotes_spec.rb b/spec/features/line_footnotes_spec.rb index a3eab103a..1209e96b0 100644 --- a/spec/features/line_footnotes_spec.rb +++ b/spec/features/line_footnotes_spec.rb @@ -26,5 +26,19 @@ describe 'Line Footnotes', type: :feature do expect(page).not_to have_content(I18n.t('actions.destroy')) expect(page).not_to have_content(I18n.t('actions.add')) end + + context 'user has permission to edit footnotes' do + it 'shows edit link for footnotes' do + expect(page).to have_content(I18n.t('lines.actions.edit_footnotes')) + end + end + + context 'user does not have permission to edit footnotes' do + it 'does not show edit link for footnotes' do + @user.update_attribute(:permissions, []) + visit referential_line_footnotes_path(referential.line_referential, line) + expect(page).not_to have_content(I18n.t('lines.actions.edit_footnotes')) + end + end end end diff --git a/spec/features/routes_spec.rb b/spec/features/routes_spec.rb index bc2088712..e82987811 100644 --- a/spec/features/routes_spec.rb +++ b/spec/features/routes_spec.rb @@ -9,6 +9,7 @@ describe "Routes", :type => :feature do let!(:route2) { create(:route, :line => line) } #let!(:stop_areas) { Array.new(4) { create(:stop_area) } } let!(:stop_points) { Array.new(4) { create(:stop_point, :route => route) } } + let!(:journey_pattern) { create(:journey_pattern, route: route) } describe "from lines page to a line page" do it "display line's routes" do @@ -55,48 +56,49 @@ describe "Routes", :type => :feature do end describe 'show' do + before(:each) { visit referential_line_route_path(referential, line, route) } + context 'user has permission to edit journey patterns' do it 'shows edit links for journey patterns' do - visit referential_line_route_path(referential, line, route) expect(page).to have_content(I18n.t('actions.edit')) end end context 'user does not have permission to edit journey patterns' do it 'does not show edit links for journey patterns' do - @user.update_attribute(:permissions, ['journey_patterns.create', 'journey_patterns.destroy']) + @user.update_attribute(:permissions, []) visit referential_line_route_path(referential, line, route) - expect(page).not_to have_content(I18n.t('actions.edit')) + expect(page).not_to have_link(I18n.t('actions.edit'), href: edit_referential_line_route_journey_pattern_path(referential, line, route, journey_pattern)) end end context 'user has permission to destroy journey patterns' do it 'shows destroy links for journey patterns' do - visit referential_line_route_path(referential, line, route) expect(page).to have_content(I18n.t('actions.destroy')) end end - context 'user does not have permission to edit journey patterns' do + context 'user does not have permission to destroy journey patterns' do it 'does not show destroy links for journey patterns' do - @user.update_attribute(:permissions, ['journey_patterns.create', 'journey_patterns.edit']) + @user.update_attribute(:permissions, []) visit referential_line_route_path(referential, line, route) - expect(page).not_to have_content(I18n.t('actions.destroy')) + expect(page).not_to have_link(I18n.t('actions.destroy'), href: referential_line_route_journey_pattern_path(referential, line, route, journey_pattern)) end end end describe 'referential line show' do + before(:each) { visit referential_line_path(referential, line) } + context 'user has permission to edit routes' do it 'shows edit buttons for routes' do - visit referential_line_path(referential, line) expect(page).to have_css('span.fa.fa-pencil') end end context 'user does not have permission to edit routes' do it 'does not show edit buttons for routes' do - @user.update_attribute(:permissions, ['routes.create', 'routes.destroy']) + @user.update_attribute(:permissions, []) visit referential_line_path(referential, line) expect(page).not_to have_css('span.fa.fa-pencil') end @@ -104,14 +106,13 @@ describe "Routes", :type => :feature do context 'user has permission to create routes' do it 'shows link to a create route page' do - visit referential_line_path(referential, line) expect(page).to have_content(I18n.t('routes.actions.new')) end end context 'user does not have permission to create routes' do it 'does not show link to a create route page' do - @user.update_attribute(:permissions, ['routes.edit', 'routes.destroy']) + @user.update_attribute(:permissions, []) visit referential_line_path(referential, line) expect(page).not_to have_content(I18n.t('routes.actions.new')) end @@ -119,14 +120,13 @@ describe "Routes", :type => :feature do context 'user has permission to destroy routes' do it 'shows destroy buttons for routes' do - visit referential_line_path(referential, line) expect(page).to have_css('span.fa.fa-trash-o') end end context 'user does not have permission to destroy routes' do it 'does not show destroy buttons for routes' do - @user.update_attribute(:permissions, ['routes.edit', 'routes.create']) + @user.update_attribute(:permissions, []) visit referential_line_path(referential, line) expect(page).not_to have_css('span.fa.fa-trash-o') end diff --git a/spec/features/routing_constraint_zone_spec.rb b/spec/features/routing_constraint_zone_spec.rb deleted file mode 100644 index 6d82323e1..000000000 --- a/spec/features/routing_constraint_zone_spec.rb +++ /dev/null @@ -1,26 +0,0 @@ -# -*- coding: utf-8 -*- -require 'spec_helper' - -describe 'RoutingConstraintZones', type: :feature do - login_user - - let(:referential) { Referential.first } - let!(:line) { create :line } - let!(:routing_constraint_zones) { Array.new(2) { create :routing_constraint_zone, line: line } } - - describe 'index' do - before(:each) { visit referential_line_routing_constraint_zones_path(referential, line) } - - it 'displays referential routing constraint zones' do - expect(page).to have_content(routing_constraint_zones.first.name) - expect(page).to have_content(routing_constraint_zones.last.name) - end - end - - describe 'show' do - it 'displays referential routing constraint zone' do - visit referential_line_routing_constraint_zone_path(referential, line, routing_constraint_zones.first) - expect(page).to have_content(routing_constraint_zones.first.name) - end - end -end diff --git a/spec/features/routing_constraint_zones_spec.rb b/spec/features/routing_constraint_zones_spec.rb new file mode 100644 index 000000000..d1c39e211 --- /dev/null +++ b/spec/features/routing_constraint_zones_spec.rb @@ -0,0 +1,69 @@ +# -*- coding: utf-8 -*- +require 'spec_helper' + +describe 'RoutingConstraintZones', type: :feature do + login_user + + let(:referential) { Referential.first } + let!(:line) { create :line } + let!(:routing_constraint_zones) { Array.new(2) { create :routing_constraint_zone, line: line } } + let(:routing_constraint_zone) { routing_constraint_zones.first } + + describe 'index' do + before(:each) { visit referential_line_routing_constraint_zones_path(referential, line) } + + it 'displays referential routing constraint zones' do + expect(page).to have_content(routing_constraint_zones.first.name) + expect(page).to have_content(routing_constraint_zones.last.name) + end + + context 'user has permission to create routing_constraint_zones' do + it 'shows a create link for routing_constraint_zones' do + expect(page).to have_content(I18n.t('routing_constraint_zones.actions.new')) + end + end + + context 'user does not have permission to create routing_constraint_zones' do + it 'does not show a create link for routing_constraint_zones' do + @user.update_attribute(:permissions, []) + visit referential_line_routing_constraint_zones_path(referential, line) + expect(page).not_to have_content(I18n.t('routing_constraint_zones.actions.new')) + end + end + + context 'user has permission to edit routing_constraint_zones' do + it 'shows an edit button for routing_constraint_zones' do + expect(page).to have_link(I18n.t('actions.edit'), href: edit_referential_line_routing_constraint_zone_path(referential, line, routing_constraint_zone)) + end + end + + context 'user does not have permission to edit routing_constraint_zones' do + it 'does not show a edit link for routing_constraint_zones' do + @user.update_attribute(:permissions, []) + visit referential_line_routing_constraint_zones_path(referential, line) + expect(page).not_to have_link(I18n.t('actions.edit'), href: edit_referential_line_routing_constraint_zone_path(referential, line, routing_constraint_zone)) + end + end + + context 'user has permission to destroy routing_constraint_zones' do + it 'shows a destroy link for routing_constraint_zones' do + expect(page).to have_link(I18n.t('actions.destroy'), href: referential_line_routing_constraint_zone_path(referential, line, routing_constraint_zone)) + end + end + + context 'user does not have permission to destroy routing_constraint_zones' do + it 'does not show a destroy button for routing_constraint_zones' do + @user.update_attribute(:permissions, []) + visit referential_line_routing_constraint_zones_path(referential, line) + expect(page).not_to have_link(I18n.t('actions.destroy'), href: referential_line_routing_constraint_zone_path(referential, line, routing_constraint_zone)) + end + end + end + + describe 'show' do + it 'displays referential routing constraint zone' do + visit referential_line_routing_constraint_zone_path(referential, line, routing_constraint_zone) + expect(page).to have_content(routing_constraint_zone.name) + end + end +end diff --git a/spec/features/time_tables_spec.rb b/spec/features/time_tables_spec.rb index 9b99ad8a3..de0d33a9d 100644 --- a/spec/features/time_tables_spec.rb +++ b/spec/features/time_tables_spec.rb @@ -5,24 +5,119 @@ describe "TimeTables", :type => :feature do login_user let!(:time_tables) { Array.new(2) { create(:time_table) } } + let(:time_table) { time_tables.first } subject { time_tables.first } - describe "list" do - it "display time_tables" do - visit referential_time_tables_path(referential) + describe "index" do + before(:each) { visit referential_time_tables_path(referential) } + + it "displays time_tables" do expect(page).to have_content(time_tables.first.comment) expect(page).to have_content(time_tables.last.comment) end + context 'user has permission to create time tables' do + it 'shows a create link for time tables' do + expect(page).to have_content(I18n.t('time_tables.actions.new')) + end + end + + context 'user does not have permission to create time tables' do + it 'does not show a create link for time tables' do + @user.update_attribute(:permissions, []) + visit referential_time_tables_path(referential) + expect(page).not_to have_content(I18n.t('time_tables.actions.new')) + end + end + + context 'user has permission to edit time tables' do + it 'shows an edit button for time tables' do + expect(page).to have_css('span.fa.fa-pencil') + end + end + + context 'user does not have permission to edit time tables' do + it 'does not show a edit link for time tables' do + @user.update_attribute(:permissions, []) + visit referential_time_tables_path(referential) + expect(page).not_to have_css('span.fa.fa-pencil') + end + end + + context 'user has permission to destroy time tables' do + it 'shows a destroy button for time tables' do + expect(page).to have_css('span.fa.fa-trash-o') + end + end + + context 'user does not have permission to destroy time tables' do + it 'does not show a destroy button for time tables' do + @user.update_attribute(:permissions, []) + visit referential_time_tables_path(referential) + expect(page).not_to have_css('span.fa.fa-trash-o') + end + end + end describe "show" do - it "display time_table" do - visit referential_time_tables_path(referential) - click_link "#{time_tables.first.comment}" + before(:each) { visit referential_time_table_path(referential, time_table) } + + it "displays time_table" do expect(page).to have_content(time_tables.first.comment) end + context 'user has permission to create time tables' do + it 'shows a create link for time tables' do + expect(page).to have_content(I18n.t('time_tables.actions.new')) + end + + it 'does not show link to duplicate the time table' do + expect(page).to have_content(I18n.t('time_tables.actions.duplicate')) + end + end + + context 'user does not have permission to create time tables' do + it 'does not show a create link for time tables' do + @user.update_attribute(:permissions, []) + visit referential_time_table_path(referential, time_table) + expect(page).not_to have_content(I18n.t('time_tables.actions.new')) + end + + it 'does not show link to duplicate the time table' do + @user.update_attribute(:permissions, []) + visit referential_time_table_path(referential, time_table) + expect(page).not_to have_content(I18n.t('time_tables.actions.duplicate')) + end + end + + context 'user has permission to edit time tables' do + it 'shows the edit link for time table' do + expect(page).to have_content(I18n.t('time_tables.actions.edit')) + end + end + + context 'user does not have permission to edit time tables' do + it 'does not show the edit link for time table' do + @user.update_attribute(:permissions, []) + visit referential_time_table_path(referential, time_table) + expect(page).not_to have_content(I18n.t('time_tables.actions.edit')) + end + end + + context 'user has permission to destroy time tables' do + it 'shows the destroy link for time table' do + expect(page).to have_content(I18n.t('time_tables.actions.destroy')) + end + end + + context 'user does not have permission to destroy time tables' do + it 'does not show a destroy link for time table' do + @user.update_attribute(:permissions, []) + visit referential_time_table_path(referential, time_table) + expect(page).not_to have_content(I18n.t('time_tables.actions.destroy')) + end + end end describe "new" do diff --git a/spec/features/vehicle_journeys_spec.rb b/spec/features/vehicle_journeys_spec.rb new file mode 100644 index 000000000..aa600da40 --- /dev/null +++ b/spec/features/vehicle_journeys_spec.rb @@ -0,0 +1,78 @@ +require 'spec_helper' + +describe 'VehicleJourneys', type: :feature do + login_user + + let(:referential) { Referential.first } + let!(:line) { create(:line) } + let!(:route) { create(:route, line: line) } + let!(:journey_pattern) { create(:journey_pattern, route: route) } + let!(:vehicle_journey) { create(:vehicle_journey, journey_pattern: journey_pattern) } + + describe 'show' do + context 'user has permissions' do + before(:each) { visit referential_line_route_vehicle_journey_path(referential, line, route, vehicle_journey) } + + context 'user has permission to create vehicle journeys' do + it 'shows a create link for vehicle journeys' do + expect(page).to have_content(I18n.t('vehicle_journeys.actions.new')) + end + end + + context 'user has permission to edit vehicle journeys' do + it 'shows an edit link for vehicle journeys' do + expect(page).to have_content(I18n.t('vehicle_journeys.actions.edit')) + end + end + + context 'user has permission to destroy vehicle journeys' do + it 'shows a destroy link for vehicle journeys' do + expect(page).to have_content(I18n.t('vehicle_journeys.actions.destroy')) + end + end + end + + context 'user does not have permissions' do + context 'user does not have permission to create vehicle journeys' do + it 'does not show a create link for vehicle journeys' do + @user.tap { |u| u.permissions.delete('vehicle_journeys.create') }.save + visit referential_line_route_vehicle_journey_path(referential, line, route, vehicle_journey) + expect(page).not_to have_content(I18n.t('vehicle_journeys.actions.new')) + end + end + + context 'user does not have permission to edit vehicle journeys' do + it 'does not show an edit link for vehicle journeys' do + @user.tap { |u| u.permissions.delete('vehicle_journeys.edit') }.save + visit referential_line_route_vehicle_journey_path(referential, line, route, vehicle_journey) + expect(page).not_to have_content(I18n.t('vehicle_journeys.actions.edit')) + end + end + + context 'user does not have permission to edit vehicle journeys' do + it 'does not show a destroy link for vehicle journeys' do + @user.tap { |u| u.permissions.delete('vehicle_journeys.destroy') }.save + visit referential_line_route_vehicle_journey_path(referential, line, route, vehicle_journey) + expect(page).not_to have_content(I18n.t('vehicle_journeys.actions.destroy')) + end + end + end + end + + describe 'index' do + context 'user has permission to create vehicle journeys' do + it 'shows a create link for vehicle journeys' do + visit referential_line_route_vehicle_journeys_path(referential, line, route) + expect(page).to have_content(I18n.t('vehicle_journeys.actions.new')) + end + end + + context 'user does not have permission to create vehicle journeys' do + it 'does not show a create link for vehicle journeys' do + @user.tap { |u| u.permissions.delete('vehicle_journeys.create') }.save + visit referential_line_route_vehicle_journeys_path(referential, line, route) + expect(page).not_to have_content(I18n.t('vehicle_journeys.actions.new')) + end + end + end +end diff --git a/spec/support/devise.rb b/spec/support/devise.rb index 7cfa17f44..0eba265ac 100644 --- a/spec/support/devise.rb +++ b/spec/support/devise.rb @@ -4,7 +4,9 @@ module DeviseRequestHelper def login_user organisation = Organisation.where(:code => "first").first_or_create(attributes_for(:organisation)) @user ||= create(:user, :organisation => organisation, - :permissions => ['routes.create', 'routes.edit', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.edit', 'journey_patterns.destroy']) + :permissions => ['routes.create', 'routes.edit', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.edit', 'journey_patterns.destroy', + 'vehicle_journeys.create', 'vehicle_journeys.edit', 'vehicle_journeys.destroy', 'time_tables.create', 'time_tables.edit', 'time_tables.destroy', + 'footnotes.edit', 'footnotes.create', 'footnotes.destroy', 'routing_constraint_zones.create', 'routing_constraint_zones.edit', 'routing_constraint_zones.destroy']) login_as @user, :scope => :user # post_via_redirect user_session_path, 'user[email]' => @user.email, 'user[password]' => @user.password end |