diff options
| -rw-r--r-- | lib/stif/permission_translator.rb | 40 | ||||
| -rw-r--r-- | spec/lib/stif/permission_translator_spec.rb | 39 | ||||
| -rw-r--r-- | spec/support/permissions.rb | 1 |
3 files changed, 77 insertions, 3 deletions
diff --git a/lib/stif/permission_translator.rb b/lib/stif/permission_translator.rb index 7032f910a..afe69756e 100644 --- a/lib/stif/permission_translator.rb +++ b/lib/stif/permission_translator.rb @@ -1,7 +1,45 @@ module Stif module PermissionTranslator extend self + def translate(sso_extra_permissions) - %w{sessions:create} + sso_extra_permissions + .sort + .flat_map(&method(:extra_permission_translation)) + .uniq + end + + private + + def all_destructive_permissions + destructive_permissions_for( all_resources ) + end + + def all_resources + %w[ + access_points + connection_links calendars + footnotes + journey_patterns + referentials routes routing_constraint_zones + time_tables + vehicle_journeys + ] + end + + def destructive_permissions_for(models) + @__destructive_permissions_for__ ||= + models.product( %w{create destroy update} ).map{ |model_action| model_action.join('.') } + end + + def extra_permission_translation extra_permission + translation_table.fetch(extra_permission, []) + end + + def translation_table + { + "boiv:read-offer" => %w{sessions:create}, + "boiv:edit-offer" => all_destructive_permissions + %w{sessions:create}, + } end end end diff --git a/spec/lib/stif/permission_translator_spec.rb b/spec/lib/stif/permission_translator_spec.rb index 3672c7937..1af21364c 100644 --- a/spec/lib/stif/permission_translator_spec.rb +++ b/spec/lib/stif/permission_translator_spec.rb @@ -1,10 +1,45 @@ RSpec.describe Stif::PermissionTranslator do - context "SSO Permission boiv:read:offer →" do + context "No SSO Permissions" do + it { expect(described_class.translate([])).to be_empty } + end + + context "SSO Permission boiv:read-offer →" do it "sessions:create only" do - expect( described_class.translate(%w{boiv:read:offer}) ).to eq(%w{sessions:create}) + expect( described_class.translate(%w{boiv:read-offer}) ).to eq(%w{sessions:create}) + end + + end + + context "SSO Permission boiv:edit-offer →" do + + it "all permissions" do + expect( described_class.translate(%w{boiv:edit-offer}) ).to eq(Support::Permissions.all_permissions) + end + + it "all permissions, no doubletons" do + expect( described_class.translate(%w{boiv:edit-offer boiv:read-offer}) ).to eq(Support::Permissions.all_permissions) end + it "all permissions, input order agnostic" do + expect( described_class.translate(%w{boiv:read-offer boiv:edit-offer}) ).to eq(Support::Permissions.all_permissions) + end + end + + context "SSO Permission ignores garbage (no injection) →" do + it "remains empty" do + expect( described_class.translate(%w{referentials.create}) ).to be_empty + end + + it "remains at boiv:read-offer level" do + expect( described_class.translate(%w{referentials.create boiv:read-offer calendars.delete}) ).to eq(%w{sessions:create}) + end + + it "does not add garbage or doubletons for boiv:edit-offer level" do + expect( + described_class.translate(%w{xxx boiv:read-offer lines.delete boiv:edit-offer footnotes.update}) + ).to eq(Support::Permissions.all_permissions) + end end end diff --git a/spec/support/permissions.rb b/spec/support/permissions.rb index a13010f65..fcf9ae9c4 100644 --- a/spec/support/permissions.rb +++ b/spec/support/permissions.rb @@ -15,6 +15,7 @@ module Support %w[ access_points connection_links + calendars footnotes journey_patterns referentials |