diff options
| -rw-r--r-- | app/decorators/company_decorator.rb | 2 | ||||
| -rw-r--r-- | app/helpers/table_builder_helper/custom_links.rb | 19 | ||||
| -rw-r--r-- | app/policies/application_policy.rb | 7 | ||||
| -rw-r--r-- | app/policies/company_policy.rb | 13 | ||||
| -rw-r--r-- | spec/decorators/company_decorator_spec.rb | 2 | ||||
| -rw-r--r-- | spec/helpers/table_builder_helper_spec.rb | 5 |
6 files changed, 25 insertions, 23 deletions
diff --git a/app/decorators/company_decorator.rb b/app/decorators/company_decorator.rb index 51c1f3c61..030952483 100644 --- a/app/decorators/company_decorator.rb +++ b/app/decorators/company_decorator.rb @@ -19,6 +19,8 @@ class CompanyDecorator < Draper::Decorator links = [] if h.policy(Chouette::Company).create? + require 'pry' + binding.pry links << Link.new( content: h.t('companies.actions.new'), href: h.new_line_referential_company_path(context[:line_referential]) diff --git a/app/helpers/table_builder_helper/custom_links.rb b/app/helpers/table_builder_helper/custom_links.rb index e185bf77b..6f2234948 100644 --- a/app/helpers/table_builder_helper/custom_links.rb +++ b/app/helpers/table_builder_helper/custom_links.rb @@ -48,24 +48,19 @@ module TableBuilderHelper # This puts the responsability where it belongs to and allows # for easy and fast unit testing of the BL, always a goos sign. + # N.B. Does not have policy shall not apply in the future anymore + # Has policy and can destroy + # Doesn't have policy or is autorized (action == :delete && - Pundit.policy(@user_context, @obj).present? && + !Pundit.policy(@user_context, @obj).present? || Pundit.policy(@user_context, @obj).destroy?) || - # Doesn't have policy - (action == :delete && - !Pundit.policy(@user_context, @obj).present?) || - - # Has policy and can update + # Doesn't have policy or is autorized (action == :edit && - Pundit.policy(@user_context, @obj).present? && + !Pundit.policy(@user_context, @obj).present? || Pundit.policy(@user_context, @obj).update?) || - # Doesn't have policy - (action == :edit && - !Pundit.policy(@user_context, @obj).present?) || - # Object isn't archived (action == :archive && !@obj.archived?) || @@ -74,7 +69,7 @@ module TableBuilderHelper !Pundit.policy(@user_context, @obj).respond_to?("#{action}?") || Pundit.policy(@user_context, @obj).public_send("#{action}?") || - + action_is_allowed_regardless_of_policy(action) end diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb index e2c0acd8e..532004296 100644 --- a/app/policies/application_policy.rb +++ b/app/policies/application_policy.rb @@ -1,6 +1,13 @@ class ApplicationPolicy attr_reader :current_referential, :record, :user + # Make authorization by action easier + def delete? + destroy? + end + + + def initialize(user_context, record) @user = user_context.user @current_referential = user_context.context[:referential] diff --git a/app/policies/company_policy.rb b/app/policies/company_policy.rb index 95d607f3d..2983c6acc 100644 --- a/app/policies/company_policy.rb +++ b/app/policies/company_policy.rb @@ -5,11 +5,10 @@ class CompanyPolicy < BoivPolicy end end - def create? - false - end - def update? ; create? end - def new? ; create? end - def edit? ; create? end - def destroy? ; create? end + def create?; false end + def destroy?; false end + def edit?; false end + def new?; false end + def show?; true end + def update?; false end end diff --git a/spec/decorators/company_decorator_spec.rb b/spec/decorators/company_decorator_spec.rb index 42ed6a408..a1df03449 100644 --- a/spec/decorators/company_decorator_spec.rb +++ b/spec/decorators/company_decorator_spec.rb @@ -1,4 +1,2 @@ -require 'spec_helper' - describe CompanyDecorator do end diff --git a/spec/helpers/table_builder_helper_spec.rb b/spec/helpers/table_builder_helper_spec.rb index 67980fc2c..6d7b60366 100644 --- a/spec/helpers/table_builder_helper_spec.rb +++ b/spec/helpers/table_builder_helper_spec.rb @@ -17,7 +17,7 @@ describe TableBuilderHelper, type: :helper do permissions: [ 'referentials.create', 'referentials.edit', - 'referentials.destroy' + 'referentials.destroy', ] ), referential: referential @@ -299,7 +299,8 @@ describe TableBuilderHelper, type: :helper do companies = ModelDecorator.decorate( companies, - with: CompanyDecorator + with: CompanyDecorator, + context: {line_referential: line_referential} ) expected = <<-HTML |