cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Implement the cancan filters for diary entries

Browse source 
Access logic is not _entirely_ exported from the controller,
unfortunately.  For interface reasons, some actions which require admin
have to be listed within the controller's deny_access method.

This is required because, being a default-deny system, cancancan
_cannot_ tell you the reason you were denied access; and so
the "nice" feedback presenting next steps can't be gleaned from
the exception
This commit is contained in:
Chris Flipse 2018-06-09 16:35:17 -04:00
parent 6b44a1976c
commit 5232914427
3 changed files with 64 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

36
test/models/abilities_test.rb
View file

@ -4,4 +4,40 @@ require "test_helper"
class AbilityTest < ActiveSupport::TestCase
test "diary permissions for a guest" do
ability = Ability.new(nil, [])
[:list, :rss, :view, :comments].each do |action|
assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
end
[:create, :edit, :comment, :subscribe, :unsubscribe, :hide, :hidecomment].each do |action|
assert ability.cannot?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
assert ability.cannot?(action, DiaryComment), "should be able to #{action} DiaryEntries"
end
end
test "Diary permissions for a normal user" do
ability = Ability.new(create(:user), [])
[:list, :rss, :view, :comments, :create, :edit, :comment, :subscribe, :unsubscribe].each do |action|
assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
end
[:hide, :hidecomment].each do |action|
assert ability.cannot?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
assert ability.cannot?(action, DiaryComment), "should be able to #{action} DiaryEntries"
end
end
test "Diary for an administrator" do
ability = Ability.new(create(:administrator_user), [])
[:list, :rss, :view, :comments, :create, :edit, :comment, :subscribe, :unsubscribe, :hide, :hidecomment].each do |action|
assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
end
[:hide, :hidecomment].each do |action|
assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComment"
end
end
end