DGNum/demarches-normaliennes
14
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Merge pull request #4167 from tchak/fix-champ-policy

Browse source 
Fix champ policy
This commit is contained in:
Paul Chavard 2019-08-01 16:48:46 +02:00 committed by GitHub
commit 81c2aa365b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 29 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
app/controllers/application_controller.rb
View file

@ -45,13 +45,11 @@ class ApplicationController < ActionController::Base
helper_method :logged_in? helper_method :logged_in?
def pundit_user def pundit_user
if administrateur_signed_in? {
current_administrateur administrateur: current_administrateur,
elsif gestionnaire_signed_in? gestionnaire: current_gestionnaire,
current_gestionnaire user: current_user
else }.compact
current_user
end
end end
protected protected

4
app/models/gestionnaire.rb
View file

@ -225,10 +225,6 @@ class Gestionnaire < ApplicationRecord
end end
end end
def user
User.find_by(email: email)
end
private private
def annotations_hash(demande, annotations_privees, avis, messagerie) def annotations_hash(demande, annotations_privees, avis, messagerie)

8
app/policies/application_policy.rb
View file

@ -35,10 +35,12 @@ class ApplicationPolicy
end end
class Scope class Scope
attr_reader :user, :scope attr_reader :user, :gestionnaire, :administrateur, :scope
def initialize(user, scope) def initialize(account, scope)
@user = user @user = account[:user]
@gestionnaire = account[:gestionnaire]
@administrateur = account[:administrateur]
@scope = scope @scope = scope
end end

13
app/policies/champ_policy.rb
View file

@ -1,21 +1,10 @@
class ChampPolicy < ApplicationPolicy class ChampPolicy < ApplicationPolicy
class Scope < Scope class Scope < Scope
def resolve def resolve
if user.is_a?(User) if user.present?
scope scope
.joins(:dossier) .joins(:dossier)
.where({ dossiers: { user_id: user.id } }) .where({ dossiers: { user_id: user.id } })
elsif user.is_a?(Gestionnaire)
scope_with_join = scope.joins(dossier: :follows)
scope_with_left_join = scope.left_joins(dossier: :follows)
if user.user
scope_with_left_join
.where({ dossiers: { user_id: user.user.id } })
.or(scope_with_left_join.where(dossiers: { follows: { gestionnaire_id: user.id } }))
else
scope_with_join.where(dossiers: { follows: { gestionnaire_id: user.id } })
end
else else
scope.none scope.none
end end

4
app/policies/type_de_champ_policy.rb
View file

@ -1,10 +1,10 @@
class TypeDeChampPolicy < ApplicationPolicy class TypeDeChampPolicy < ApplicationPolicy
class Scope < Scope class Scope < Scope
def resolve def resolve
if user.is_a?(Administrateur) if administrateur.present?
scope scope
.joins(procedure: [:administrateurs]) .joins(procedure: [:administrateurs])
.where({ administrateurs: { id: user.id } }) .where({ administrateurs: { id: administrateur.id } })
else else
scope.none scope.none
end end

39
spec/policies/champ_policy_spec.rb
View file

@ -5,12 +5,13 @@ describe ChampPolicy do
let(:dossier) { create(:dossier, user: user) } let(:dossier) { create(:dossier, user: user) }
let!(:champ) { create(:champ_text, dossier: dossier) } let!(:champ) { create(:champ_text, dossier: dossier) }
let(:pundit_user) { user } let(:account) { { user: user } }
subject { Pundit.policy_scope(pundit_user, Champ) }
subject { Pundit.policy_scope(account, Champ) }
context 'when the user has only user rights' do context 'when the user has only user rights' do
context 'cannot access champs for other dossiers' do context 'cannot access champs for other dossiers' do
let(:pundit_user) { create(:user) } let(:account) { { user: create(:user) } }
it { expect(subject.find_by(id: champ.id)).to eq(nil) } it { expect(subject.find_by(id: champ.id)).to eq(nil) }
end end
@ -21,36 +22,4 @@ describe ChampPolicy do
} }
end end
end end
context 'when the user has only gestionnaire rights' do
context 'can access champs for dossiers it follows' do
let(:dossier) { create(:dossier, :followed) }
let(:pundit_user) { dossier.followers_gestionnaires.first }
it { expect(subject.find(champ.id)).to eq(champ) }
end
end
context 'when the user has user and gestionnaire rights' do
let(:pundit_user) { dossier.followers_gestionnaires.first }
let(:dossier) { create(:dossier, :followed) }
let(:user) { create(:user, email: pundit_user.email) }
let(:dossier2) { create(:dossier, user: user) }
let!(:champ_2) { create(:champ_text, dossier: dossier2) }
context 'can access champs for dossiers it follows' do
it do
expect(pundit_user.user).to eq(user)
expect(subject.find(champ.id)).to eq(champ)
end
end
context 'can access champs for its own dossiers' do
it do
expect(pundit_user.user).to eq(user)
expect(subject.find(champ_2.id)).to eq(champ_2)
end
end
end
end end

15
spec/policies/type_de_champ_policy_spec.rb
View file

@ -4,8 +4,17 @@ describe TypeDeChampPolicy do
let(:procedure) { create(:procedure) } let(:procedure) { create(:procedure) }
let!(:type_de_champ) { create(:type_de_champ_text, procedure: procedure) } let!(:type_de_champ) { create(:type_de_champ_text, procedure: procedure) }
let(:pundit_user) { create(:user) } let(:user) { create(:user) }
subject { Pundit.policy_scope(pundit_user, TypeDeChamp) } let(:administrateur) { nil }
let(:account) do
{
user: user,
administrateur: administrateur
}.compact
end
subject { Pundit.policy_scope(account, TypeDeChamp) }
context 'when the user has only user rights' do context 'when the user has only user rights' do
it 'can not access' do it 'can not access' do
@ -14,7 +23,7 @@ describe TypeDeChampPolicy do
end end
context 'when the user has administrateur rights' do context 'when the user has administrateur rights' do
let(:pundit_user) { procedure.administrateurs.first } let(:administrateur) { procedure.administrateurs.first }
it 'can access' do it 'can access' do
expect(subject.find(type_de_champ.id)).to eq(type_de_champ) expect(subject.find(type_de_champ.id)).to eq(type_de_champ)