#465: Update specs for Platforms::TokensController

app/controllers/platforms/tokens_controller.rb

@@ -1,11 +1,10 @@
 class Platforms::TokensController < Platforms::BaseController
   before_action :authenticate_user!
 
-  load_resource :platform
-  load_and_authorize_resource :through  => :platform, :shallow  => true
+  before_action :load_token, except: [:index, :create, :new]
 
   def index
-    authorize! :local_admin_manage, @platform
+    authorize @platform, :local_admin_manage?
     @tokens = @platform.tokens.includes(:creator, :updater)
                               .paginate(per_page: 20, page: params[:page])
   end
@@ -24,11 +23,13 @@ class Platforms::TokensController < Platforms::BaseController
   end
 
   def new
+    authorize @token = @platform.tokens.new
   end
 
   def create
     @token = @platform.tokens.build params[:token]
     @token.creator = current_user
+    authorize @token
     if @token.save
       flash[:notice] = t('flash.tokens.saved')
       redirect_to platform_tokens_path(@platform)
@@ -39,4 +40,11 @@ class Platforms::TokensController < Platforms::BaseController
     end
   end
 
+  protected
+
+  # Private: before_action hook which loads Repository.
+  def load_token
+    authorize @token = @platform.tokens.find(params[:id])
+  end
+
 end

app/policies/token_policy.rb

@@ -1,7 +1,8 @@
 class TokenPolicy < ApplicationPolicy
 
   def show?
-    local_admin?(record.subject)
+    # local_admin?(record.subject)
+    is_admin? || owner?(record.subject) || local_admin?(record.subject)
   end
   alias_method :create?,   :show?
   alias_method :read?,     :show?

spec/controllers/platforms/tokens_controller_spec.rb

@@ -8,22 +8,24 @@ shared_examples_for 'token of platform for owner' do
   [:index, :new].each do |action|
     it "should be able to perform #{action} action" do
       get action, platform_id: @platform
-      response.should render_template(action)
+      expect(response).to render_template(action)
     end
   end
 
   it 'should not be able to perform show action' do
     get :show, platform_id: @platform, id: @platform_token
-    response.should render_template(:show)
+    expect(response).to render_template(:show)
   end
 
   it 'should be able to perform create action' do
     post :create, @create_params
-    response.should redirect_to(platform_tokens_path(@platform))
+    expect(response).to redirect_to(platform_tokens_path(@platform))
   end
 
   it 'should create key pair into db on create action' do
-    lambda { post :create, @create_params }.should change{Token.count}.by(1)
+    expect do
+      post :create, @create_params
+    end.to change(Token, :count).by(1)
   end
 end
 
@@ -31,22 +33,24 @@ shared_examples_for 'token of platform for simple user or guest' do
   [:index, :new].each do |action|
     it "should not be able to perform #{ action } action" do
       get action, platform_id: @platform
-      response.should redirect_to(redirected_url)
+      expect(response).to redirect_to(redirected_url)
     end
   end
 
   it 'should not be able to perform show action' do
     get :show, platform_id: @platform, id: @platform_token
-    response.should redirect_to(redirected_url)
+    expect(response).to redirect_to(redirected_url)
   end
 
   it 'should not be able to perform show action' do
     post :create, @create_params
-    response.should redirect_to(redirected_url)
+    expect(response).to redirect_to(redirected_url)
   end
 
   it 'should not change objects count on create success' do
-    lambda { post :create, @create_params }.should change{ Token.count }.by(0)
+    expect do
+      post :create, @create_params
+    end.to_not change(Token, :count)
   end
 end