diff options
| -rw-r--r-- | app/policies/application_policy.rb | 4 | ||||
| -rw-r--r-- | spec/policies/application_policy_spec.rb | 33 | ||||
| -rw-r--r-- | spec/support/pundit.rb | 5 |
3 files changed, 39 insertions, 3 deletions
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb index 4a2d760fb..c6b87a1c8 100644 --- a/app/policies/application_policy.rb +++ b/app/policies/application_policy.rb @@ -48,6 +48,10 @@ class ApplicationPolicy Pundit.policy_scope!(user, record.class) end + def boiv_read_offer? + organisation_match? && user.has_permission?('boiv:read_offer') + end + def organisation_match? user.organisation == organisation end diff --git a/spec/policies/application_policy_spec.rb b/spec/policies/application_policy_spec.rb index d7e8e5e27..c6e5b89bf 100644 --- a/spec/policies/application_policy_spec.rb +++ b/spec/policies/application_policy_spec.rb @@ -1,11 +1,12 @@ RSpec.describe ApplicationPolicy, type: :policy do + let( :user_context ) { create_user_context(user: user, referential: referential) } + let( :referentail ) { create :referential } + let( :user ) { create :user } + subject { described_class } permissions :organisation_match? do - let( :user_context ) { create_user_context(user: user, referential: referential) } - let( :referentail ) { create :referential } - let( :user ) { create :user } it "denies a user with a different organisation" do expect_it.not_to permit(user_context, referential) @@ -16,4 +17,30 @@ RSpec.describe ApplicationPolicy, type: :policy do expect_it.to permit(user_context, referential) end end + + permissions :boiv_read_offer? do + + context "user of a different organisation → " do + it "denies a user with a different organisation" do + expect_it.not_to permit(user_context, referential) + end + it "even if she has the permisson" do + add_permissions('boiv:read_offer', for_user: user) + expect_it.not_to permit(user_context, referential) + end + end + + context "user of the same organisation → " do + before do + user.update_attribute :organisation, referential.organisation + end + it "denies if permission absent" do + expect_it.not_to permit(user_context, referential) + end + it "allows if permission present" do + add_permissions('boiv:read_offer', for_user: user) + expect_it.to permit(user_context, referential) + end + end + end end diff --git a/spec/support/pundit.rb b/spec/support/pundit.rb index d818ce754..f1803b632 100644 --- a/spec/support/pundit.rb +++ b/spec/support/pundit.rb @@ -10,6 +10,11 @@ module Support def create_user_context(user:, referential:) OpenStruct.new(user: user, context: {referential: referential}) end + + def add_permissions(*permissions, for_user:) + for_user.permissions ||= [] + for_user.permissions += permissions.flatten + end end module ApplicationPolicyMacros |