diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 5d47e5892..1ad775675 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -3,40 +3,33 @@ class GroupPolicy < ApplicationPolicy def index? !user.guest? end + alias_method :create?, :index? + alias_method :remove_user?, :index? def show? true end - def create? - !user.guest? - end - def reader? - is_admin? || local_reader? + !user.guest? && ( is_admin? || local_reader? ) end def write? - is_admin? || owner? || local_writer? + !user.guest? && ( is_admin? || owner? || local_writer? ) end def update? - is_admin? || owner? || local_admin? + !user.guest? && ( is_admin? || owner? || local_admin? ) end alias_method :add_member?, :update? alias_method :manage_members?, :update? alias_method :members?, :update? alias_method :remove_member?, :update? alias_method :remove_members?, :update? - alias_method :remove_user?, :update? alias_method :update_member?, :update? def destroy? - is_admin? || owner? - end - - def remove_user? - !user.guest? + !user.guest? && ( is_admin? || owner? ) end class Scope < Scope diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb new file mode 100644 index 000000000..587207d8d --- /dev/null +++ b/spec/policies/group_policy_spec.rb @@ -0,0 +1,107 @@ +require 'spec_helper' + +RSpec.describe GroupPolicy, type: :policy do + let(:group) { FactoryGirl.build(:group) } + let(:user) { FactoryGirl.create(:user) } + subject { described_class } + + + %i(index? create? remove_user?).each do |perm| + permissions perm do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, group) + end + + it "grants access to user" do + expect(subject).to permit(user, group) + end + end + end + + permissions :show? do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, group) + end + end + + permissions :reader? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, group) + end + + it "denies access to user" do + expect(subject).to_not permit(user, group) + end + + it "grants access to group reader" do + allow_any_instance_of(GroupPolicy).to receive(:local_reader?).and_return(true) + expect(subject).to permit(user, group) + end + end + + permissions :write? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, group) + end + + it "denies access to user" do + expect(subject).to_not permit(user, group) + end + + it "grants access to group writer" do + allow_any_instance_of(GroupPolicy).to receive(:local_writer?).and_return(true) + expect(subject).to permit(user, group) + end + end + + %i(update? add_member? manage_members? members? remove_member? remove_members? update_member?).each do |perm| + permissions perm do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, group) + end + + it "denies access to user" do + expect(subject).to_not permit(user, group) + end + + it "grants access to group owner" do + group.save! + expect(subject).to permit(group.owner, group) + end + + it "grants access to group admin" do + allow_any_instance_of(GroupPolicy).to receive(:local_admin?).and_return(true) + expect(subject).to permit(user, group) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.create(:admin), group) + end + end + end + + permissions :destroy? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, group) + end + + it "denies access to user" do + expect(subject).to_not permit(user, group) + end + + it "denies access to group admin" do + allow_any_instance_of(GroupPolicy).to receive(:local_admin?).and_return(true) + expect(subject).to_not permit(user, group) + end + + it "grants access to group owner" do + group.save! + expect(subject).to permit(group.owner, group) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.create(:admin), group) + end + end + +end