2 files changed, 43 insertions, 13 deletions

diff --git a/spec/support/pundit/policies.rb b/spec/support/pundit/policies.rb
index a3489d9db..d8d12d735 100644
--- a/spec/support/pundit/policies.rb
+++ b/spec/support/pundit/policies.rb
@@ -12,11 +12,14 @@ module Support
         UserContext.new(user, referential: referential)
       end
 
+      def finalise_referential
+        referential.referential_suite_id = random_int 
+      end
+
       def remove_permissions(*permissions, from_user:, save: false)
         from_user.permissions -= permissions.flatten
         from_user.save! if save
       end
-
     end
 
     module PoliciesMacros
diff --git a/spec/support/pundit/shared_examples.rb b/spec/support/pundit/shared_examples.rb
index 49f915626..13f537c6d 100644
--- a/spec/support/pundit/shared_examples.rb
+++ b/spec/support/pundit/shared_examples.rb
@@ -1,6 +1,6 @@
 
 RSpec.shared_examples 'always allowed' do
-  | permission, archived: false|
+  | permission, archived_and_finalised: false |
   context 'same organisation →' do
     before do
       user.organisation_id = referential.organisation_id
@@ -8,11 +8,16 @@ RSpec.shared_examples 'always allowed' do
     it "allows a user with the same organisation" do
       expect_it.to permit(user_context, record)
     end
-    if archived
+    if archived_and_finalised
       it 'does not remove permission for archived referentials' do
         referential.archived_at = 42.seconds.ago
         expect_it.to permit(user_context, record)
       end
+
+      it 'does not remove permission for finalised referentials' do
+        finalise_referential
+        expect_it.to permit(user_context, record)
+      end
     end
   end
 
@@ -23,27 +28,33 @@ RSpec.shared_examples 'always allowed' do
     it "allows a user with a different organisation" do
       expect_it.to permit(user_context, record)
     end
-    if archived
+    if archived_and_finalised
       it 'does not remove permission for archived referentials' do
         referential.archived_at = 42.seconds.ago
         expect_it.to permit(user_context, record)
       end
+      it 'does not remove permission for finalised referentials' do
+        finalise_referential
+        expect_it.to permit(user_context, record)
+      end
     end
   end
 end
 
 RSpec.shared_examples 'always forbidden' do
-  | permission, archived: false|
+  | permission, archived_and_finalised: false|
   context 'same organisation →' do
     before do
       user.organisation_id = referential.organisation_id
     end
+
     it "allows a user with the same organisation" do
       expect_it.not_to permit(user_context, record)
     end
-    if archived
+
+    if archived_and_finalised
       it 'still no permission for archived referentials' do
-        referential.archived_at = 42.seconds.ago
+        finalise_referential
         expect_it.not_to permit(user_context, record)
       end
     end
@@ -56,17 +67,22 @@ RSpec.shared_examples 'always forbidden' do
     it "denies a user with a different organisation" do
       expect_it.not_to permit(user_context, record)
     end
-    if archived
+    if archived_and_finalised
       it 'still no permission for archived referentials' do
         referential.archived_at = 42.seconds.ago
         expect_it.not_to permit(user_context, record)
       end
+
+      it 'still no permission for finalised referentials' do
+        finalise_referential
+        expect_it.not_to permit(user_context, record)
+      end
     end
   end
 end
 
 RSpec.shared_examples 'permitted policy and same organisation' do
-  | permission, archived: false|
+  | permission, archived_and_finalised: false |
 
   context 'permission absent → ' do
     it "denies a user with a different organisation" do
@@ -92,18 +108,24 @@ RSpec.shared_examples 'permitted policy and same organisation' do
       expect_it.to permit(user_context, record)
     end
 
-    if archived
+    if archived_and_finalised
       it 'removes the permission for archived referentials' do
         user.organisation_id = referential.organisation_id
         referential.archived_at = 42.seconds.ago
         expect_it.not_to permit(user_context, record)
       end
+
+      it 'removes the permission for finalised referentials' do
+        user.organisation_id = referential.organisation_id
+        finalise_referential
+        expect_it.not_to permit(user_context, record)
+      end
     end
   end
 end
 
 RSpec.shared_examples 'permitted policy' do
-  | permission, archived: false|
+  | permission, archived_and_finalised: false|
 
   context 'permission absent → ' do
     it "denies user" do
@@ -120,12 +142,17 @@ RSpec.shared_examples 'permitted policy' do
       expect_it.to permit(user_context, record)
     end
 
-    if archived
+    if archived_and_finalised
       it 'removes the permission for archived referentials' do
         user.organisation_id = referential.organisation_id
         referential.archived_at = 42.seconds.ago
         expect_it.not_to permit(user_context, record)
       end
+      it 'removes the permission for finalised referentials' do
+        user.organisation_id = referential.organisation_id
+        finalise_referential
+        expect_it.not_to permit(user_context, record)
+      end
     end
   end
 end
@@ -148,4 +175,4 @@ RSpec.shared_examples 'permitted policy outside referential' do
       expect_it.to permit(user_context, record)
     end
   end
-end
\ No newline at end of file
+end