diff options
| -rw-r--r-- | app/controllers/devise/cas_sessions_controller.rb | 8 | ||||
| -rw-r--r-- | app/controllers/users/login_controller.rb | 0 | ||||
| -rw-r--r-- | app/policies/application_policy.rb | 2 | ||||
| -rw-r--r-- | app/policies/boiv_policy.rb | 4 | ||||
| -rw-r--r-- | app/policies/login_policy.rb | 13 | ||||
| -rw-r--r-- | spec/policies/boiv_policy_spec.rb | 13 | ||||
| -rw-r--r-- | spec/policies/login_policy_spec.rb | 15 |
7 files changed, 36 insertions, 19 deletions
diff --git a/app/controllers/devise/cas_sessions_controller.rb b/app/controllers/devise/cas_sessions_controller.rb index ecc7e9f7e..629e209f2 100644 --- a/app/controllers/devise/cas_sessions_controller.rb +++ b/app/controllers/devise/cas_sessions_controller.rb @@ -16,7 +16,13 @@ class Devise::CasSessionsController < Devise::SessionsController end def service - redirect_to after_sign_in_path_for(warden.authenticate!(:scope => resource_name)) + warden.authenticate!(:scope => resource_name) + if LoginPolicy.new(current_user).boiv? + redirect_to after_sign_in_path_for(current_user) + else + # TODO: Set flash here + redirect_to :new + end end def unregistered diff --git a/app/controllers/users/login_controller.rb b/app/controllers/users/login_controller.rb new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/app/controllers/users/login_controller.rb diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb index a863404ae..08752cda3 100644 --- a/app/policies/application_policy.rb +++ b/app/policies/application_policy.rb @@ -8,7 +8,7 @@ class ApplicationPolicy end def archived? - !!referential.try(:archived_at) + !!referential.try( :archived_at ) end def referential diff --git a/app/policies/boiv_policy.rb b/app/policies/boiv_policy.rb index 9679d083a..4270dc686 100644 --- a/app/policies/boiv_policy.rb +++ b/app/policies/boiv_policy.rb @@ -5,10 +5,6 @@ class BoivPolicy < ApplicationPolicy organisation_match? && user.has_permission?('boiv:read-offer') end - def boiv? - !(user.permissions || []).grep(%r{\Aboiv:.}).empty? - end - def index? boiv_read_offer? end diff --git a/app/policies/login_policy.rb b/app/policies/login_policy.rb new file mode 100644 index 000000000..3364c37ac --- /dev/null +++ b/app/policies/login_policy.rb @@ -0,0 +1,13 @@ +# Headless as described here https://github.com/elabs/pundit#headless-policies +class LoginPolicy + + attr_reader :user + def initialize user + @user = user + end + + def boiv? + !(user.permissions || []).grep(%r{\Aboiv:.}).empty? + end + +end diff --git a/spec/policies/boiv_policy_spec.rb b/spec/policies/boiv_policy_spec.rb index 14f88e416..514534adc 100644 --- a/spec/policies/boiv_policy_spec.rb +++ b/spec/policies/boiv_policy_spec.rb @@ -11,17 +11,4 @@ RSpec.describe BoivPolicy, type: :policy do permissions :show? do it_behaves_like 'permitted policy and same organisation', 'boiv:read-offer' end - - permissions :boiv? do - it 'no permission starting with boiv:. → denies' do - expect_it.not_to permit(user_context, referential) - end - - with_user_permission 'boiv:anything' do - it{ expect_it.to permit(user_context, referential) } - end - with_user_permission 'boiv:' do - it{ expect_it.not_to permit(user_context, referential) } - end - end end diff --git a/spec/policies/login_policy_spec.rb b/spec/policies/login_policy_spec.rb new file mode 100644 index 000000000..132e57433 --- /dev/null +++ b/spec/policies/login_policy_spec.rb @@ -0,0 +1,15 @@ +RSpec.describe LoginPolicy, type: :policy do + permissions :boiv? do + it 'no permission starting with boiv:. → denies' do + expect( LoginPolicy.new(user_context.user) ).not_to be_boiv + end + + with_user_permission 'boiv:anything' do + it { expect( LoginPolicy.new(user_context.user) ).to be_boiv } + end + with_user_permission 'boiv:' do + it { expect( LoginPolicy.new(user_context.user) ).not_to be_boiv } + end + end + +end |