Merge pull request #4167 from tchak/fix-champ-policy

Fix champ policy
2019-08-01 16:48:46 +02:00 · 2019-08-01 16:48:46 +02:00 · 81c2aa365b
commit 81c2aa365b
parent edac358334 02904f55b1
7 changed files with 29 additions and 66 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -45,13 +45,11 @@ class ApplicationController < ActionController::Base
  helper_method :logged_in?

  def pundit_user
-    if administrateur_signed_in?
-      current_administrateur
-    elsif gestionnaire_signed_in?
-      current_gestionnaire
-    else
-      current_user
-    end
+    {
+      administrateur: current_administrateur,
+      gestionnaire: current_gestionnaire,
+      user: current_user
+    }.compact
  end

  protected
--- a/app/models/gestionnaire.rb
+++ b/app/models/gestionnaire.rb
@ -225,10 +225,6 @@ class Gestionnaire < ApplicationRecord
    end
  end

-  def user
-    User.find_by(email: email)
-  end
-
  private

  def annotations_hash(demande, annotations_privees, avis, messagerie)
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@ -35,10 +35,12 @@ class ApplicationPolicy
  end

  class Scope
-    attr_reader :user, :scope
+    attr_reader :user, :gestionnaire, :administrateur, :scope

-    def initialize(user, scope)
-      @user = user
+    def initialize(account, scope)
+      @user = account[:user]
+      @gestionnaire = account[:gestionnaire]
+      @administrateur = account[:administrateur]
      @scope = scope
    end

--- a/app/policies/champ_policy.rb
+++ b/app/policies/champ_policy.rb
@ -1,21 +1,10 @@
 class ChampPolicy < ApplicationPolicy
  class Scope < Scope
    def resolve
-      if user.is_a?(User)
+      if user.present?
        scope
          .joins(:dossier)
          .where({ dossiers: { user_id: user.id } })
-      elsif user.is_a?(Gestionnaire)
-        scope_with_join = scope.joins(dossier: :follows)
-        scope_with_left_join = scope.left_joins(dossier: :follows)
-
-        if user.user
-          scope_with_left_join
-            .where({ dossiers: { user_id: user.user.id } })
-            .or(scope_with_left_join.where(dossiers: { follows: { gestionnaire_id: user.id } }))
-        else
-          scope_with_join.where(dossiers: { follows: { gestionnaire_id: user.id } })
-        end
      else
        scope.none
      end
--- a/app/policies/type_de_champ_policy.rb
+++ b/app/policies/type_de_champ_policy.rb
@ -1,10 +1,10 @@
 class TypeDeChampPolicy < ApplicationPolicy
  class Scope < Scope
    def resolve
-      if user.is_a?(Administrateur)
+      if administrateur.present?
        scope
          .joins(procedure: [:administrateurs])
-          .where({ administrateurs: { id: user.id } })
+          .where({ administrateurs: { id: administrateur.id } })
      else
        scope.none
      end
--- a/spec/policies/champ_policy_spec.rb
+++ b/spec/policies/champ_policy_spec.rb
@ -5,12 +5,13 @@ describe ChampPolicy do
  let(:dossier) { create(:dossier, user: user) }
  let!(:champ) { create(:champ_text, dossier: dossier) }

-  let(:pundit_user) { user }
-  subject { Pundit.policy_scope(pundit_user, Champ) }
+  let(:account) { { user: user } }
+
+  subject { Pundit.policy_scope(account, Champ) }

  context 'when the user has only user rights' do
    context 'cannot access champs for other dossiers' do
-      let(:pundit_user) { create(:user) }
+      let(:account) { { user: create(:user) } }

      it { expect(subject.find_by(id: champ.id)).to eq(nil) }
    end
@ -21,36 +22,4 @@ describe ChampPolicy do
      }
    end
  end
-
-  context 'when the user has only gestionnaire rights' do
-    context 'can access champs for dossiers it follows' do
-      let(:dossier) { create(:dossier, :followed) }
-      let(:pundit_user) { dossier.followers_gestionnaires.first }
-
-      it { expect(subject.find(champ.id)).to eq(champ) }
-    end
-  end
-
-  context 'when the user has user and gestionnaire rights' do
-    let(:pundit_user) { dossier.followers_gestionnaires.first }
-    let(:dossier) { create(:dossier, :followed) }
-
-    let(:user) { create(:user, email: pundit_user.email) }
-    let(:dossier2) { create(:dossier, user: user) }
-    let!(:champ_2) { create(:champ_text, dossier: dossier2) }
-
-    context 'can access champs for dossiers it follows' do
-      it do
-        expect(pundit_user.user).to eq(user)
-        expect(subject.find(champ.id)).to eq(champ)
-      end
-    end
-
-    context 'can access champs for its own dossiers' do
-      it do
-        expect(pundit_user.user).to eq(user)
-        expect(subject.find(champ_2.id)).to eq(champ_2)
-      end
-    end
-  end
 end
--- a/spec/policies/type_de_champ_policy_spec.rb
+++ b/spec/policies/type_de_champ_policy_spec.rb
@ -4,8 +4,17 @@ describe TypeDeChampPolicy do
  let(:procedure) { create(:procedure) }
  let!(:type_de_champ) { create(:type_de_champ_text, procedure: procedure) }

-  let(:pundit_user) { create(:user) }
-  subject { Pundit.policy_scope(pundit_user, TypeDeChamp) }
+  let(:user) { create(:user) }
+  let(:administrateur) { nil }
+
+  let(:account) do
+    {
+      user: user,
+      administrateur: administrateur
+    }.compact
+  end
+
+  subject { Pundit.policy_scope(account, TypeDeChamp) }

  context 'when the user has only user rights' do
    it 'can not access' do
@ -14,7 +23,7 @@ describe TypeDeChampPolicy do
  end

  context 'when the user has administrateur rights' do
-    let(:pundit_user) { procedure.administrateurs.first }
+    let(:administrateur) { procedure.administrateurs.first }

    it 'can access' do
      expect(subject.find(type_de_champ.id)).to eq(type_de_champ)