Fix champ policy

This commit is contained in:
Paul Chavard 2019-08-01 15:48:27 +02:00
parent edac358334
commit 02904f55b1
7 changed files with 29 additions and 66 deletions

View file

@ -45,13 +45,11 @@ class ApplicationController < ActionController::Base
helper_method :logged_in?
def pundit_user
if administrateur_signed_in?
current_administrateur
elsif gestionnaire_signed_in?
current_gestionnaire
else
current_user
end
{
administrateur: current_administrateur,
gestionnaire: current_gestionnaire,
user: current_user
}.compact
end
protected

View file

@ -225,10 +225,6 @@ class Gestionnaire < ApplicationRecord
end
end
def user
User.find_by(email: email)
end
private
def annotations_hash(demande, annotations_privees, avis, messagerie)

View file

@ -35,10 +35,12 @@ class ApplicationPolicy
end
class Scope
attr_reader :user, :scope
attr_reader :user, :gestionnaire, :administrateur, :scope
def initialize(user, scope)
@user = user
def initialize(account, scope)
@user = account[:user]
@gestionnaire = account[:gestionnaire]
@administrateur = account[:administrateur]
@scope = scope
end

View file

@ -1,21 +1,10 @@
class ChampPolicy < ApplicationPolicy
class Scope < Scope
def resolve
if user.is_a?(User)
if user.present?
scope
.joins(:dossier)
.where({ dossiers: { user_id: user.id } })
elsif user.is_a?(Gestionnaire)
scope_with_join = scope.joins(dossier: :follows)
scope_with_left_join = scope.left_joins(dossier: :follows)
if user.user
scope_with_left_join
.where({ dossiers: { user_id: user.user.id } })
.or(scope_with_left_join.where(dossiers: { follows: { gestionnaire_id: user.id } }))
else
scope_with_join.where(dossiers: { follows: { gestionnaire_id: user.id } })
end
else
scope.none
end

View file

@ -1,10 +1,10 @@
class TypeDeChampPolicy < ApplicationPolicy
class Scope < Scope
def resolve
if user.is_a?(Administrateur)
if administrateur.present?
scope
.joins(procedure: [:administrateurs])
.where({ administrateurs: { id: user.id } })
.where({ administrateurs: { id: administrateur.id } })
else
scope.none
end

View file

@ -5,12 +5,13 @@ describe ChampPolicy do
let(:dossier) { create(:dossier, user: user) }
let!(:champ) { create(:champ_text, dossier: dossier) }
let(:pundit_user) { user }
subject { Pundit.policy_scope(pundit_user, Champ) }
let(:account) { { user: user } }
subject { Pundit.policy_scope(account, Champ) }
context 'when the user has only user rights' do
context 'cannot access champs for other dossiers' do
let(:pundit_user) { create(:user) }
let(:account) { { user: create(:user) } }
it { expect(subject.find_by(id: champ.id)).to eq(nil) }
end
@ -21,36 +22,4 @@ describe ChampPolicy do
}
end
end
context 'when the user has only gestionnaire rights' do
context 'can access champs for dossiers it follows' do
let(:dossier) { create(:dossier, :followed) }
let(:pundit_user) { dossier.followers_gestionnaires.first }
it { expect(subject.find(champ.id)).to eq(champ) }
end
end
context 'when the user has user and gestionnaire rights' do
let(:pundit_user) { dossier.followers_gestionnaires.first }
let(:dossier) { create(:dossier, :followed) }
let(:user) { create(:user, email: pundit_user.email) }
let(:dossier2) { create(:dossier, user: user) }
let!(:champ_2) { create(:champ_text, dossier: dossier2) }
context 'can access champs for dossiers it follows' do
it do
expect(pundit_user.user).to eq(user)
expect(subject.find(champ.id)).to eq(champ)
end
end
context 'can access champs for its own dossiers' do
it do
expect(pundit_user.user).to eq(user)
expect(subject.find(champ_2.id)).to eq(champ_2)
end
end
end
end

View file

@ -4,8 +4,17 @@ describe TypeDeChampPolicy do
let(:procedure) { create(:procedure) }
let!(:type_de_champ) { create(:type_de_champ_text, procedure: procedure) }
let(:pundit_user) { create(:user) }
subject { Pundit.policy_scope(pundit_user, TypeDeChamp) }
let(:user) { create(:user) }
let(:administrateur) { nil }
let(:account) do
{
user: user,
administrateur: administrateur
}.compact
end
subject { Pundit.policy_scope(account, TypeDeChamp) }
context 'when the user has only user rights' do
it 'can not access' do
@ -14,7 +23,7 @@ describe TypeDeChampPolicy do
end
context 'when the user has administrateur rights' do
let(:pundit_user) { procedure.administrateurs.first }
let(:administrateur) { procedure.administrateurs.first }
it 'can access' do
expect(subject.find(type_de_champ.id)).to eq(type_de_champ)