Introduce admin
parent
530352bbb1
commit
560e11f24e
@ -0,0 +1,42 @@
|
||||
class ApplicationPolicy
|
||||
|
||||
attr_reader :user, :record
|
||||
|
||||
def initialize(user, record)
|
||||
@user = user
|
||||
@record = record
|
||||
end
|
||||
|
||||
def index?
|
||||
false
|
||||
end
|
||||
|
||||
def show?
|
||||
scope.where(:id => record.id).exists?
|
||||
end
|
||||
|
||||
def create?
|
||||
false
|
||||
end
|
||||
|
||||
def new?
|
||||
create?
|
||||
end
|
||||
|
||||
def update?
|
||||
false
|
||||
end
|
||||
|
||||
def edit?
|
||||
update?
|
||||
end
|
||||
|
||||
def destroy?
|
||||
false
|
||||
end
|
||||
|
||||
def scope
|
||||
Pundit.policy_scope!(user, record.class)
|
||||
end
|
||||
|
||||
end
|
@ -0,0 +1,44 @@
|
||||
class AsciicastPolicy < ApplicationPolicy
|
||||
|
||||
class Scope < Struct.new(:user, :scope)
|
||||
def resolve
|
||||
scope
|
||||
end
|
||||
end
|
||||
|
||||
def permitted_attributes
|
||||
if user.admin? || record.user == user
|
||||
attrs = [:title, :description, :theme_name]
|
||||
attrs << :featured if user.admin?
|
||||
|
||||
attrs
|
||||
else
|
||||
[]
|
||||
end
|
||||
end
|
||||
|
||||
def update?
|
||||
return false unless user
|
||||
|
||||
user.admin? || record.user == user
|
||||
end
|
||||
|
||||
def destroy?
|
||||
return false unless user
|
||||
|
||||
user.admin? || record.user == user
|
||||
end
|
||||
|
||||
def feature?
|
||||
return false unless user
|
||||
|
||||
user.admin?
|
||||
end
|
||||
|
||||
def unfeature?
|
||||
return false unless user
|
||||
|
||||
user.admin?
|
||||
end
|
||||
|
||||
end
|
@ -0,0 +1,13 @@
|
||||
class UserPolicy < ApplicationPolicy
|
||||
|
||||
class Scope < Struct.new(:user, :scope)
|
||||
def resolve
|
||||
scope
|
||||
end
|
||||
end
|
||||
|
||||
def update?
|
||||
record == user
|
||||
end
|
||||
|
||||
end
|
@ -0,0 +1,109 @@
|
||||
require 'spec_helper'
|
||||
|
||||
describe AsciicastPolicy do
|
||||
|
||||
subject { described_class }
|
||||
|
||||
describe '#permitted_attributes' do
|
||||
subject { Pundit.policy(user, asciicast).permitted_attributes }
|
||||
|
||||
let(:asciicast) { Asciicast.new }
|
||||
|
||||
context "when user is admin" do
|
||||
let(:user) { stub_model(User, admin?: true) }
|
||||
|
||||
it "includes featured" do
|
||||
expect(subject).to eq([:title, :description, :theme_name, :featured])
|
||||
end
|
||||
end
|
||||
|
||||
context "when user isn't admin" do
|
||||
let(:user) { stub_model(User, admin?: false) }
|
||||
|
||||
it "is empty" do
|
||||
expect(subject).to eq([])
|
||||
end
|
||||
|
||||
context "and is creator of the asciicast" do
|
||||
let(:asciicast) { Asciicast.new(user: user) }
|
||||
|
||||
it "doesn't include featured" do
|
||||
expect(subject).to eq([:title, :description, :theme_name])
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
permissions :update? do
|
||||
it "denies access if user is nil" do
|
||||
expect(subject).not_to permit(nil, Asciicast.new)
|
||||
end
|
||||
|
||||
it "grants access if user is admin" do
|
||||
user = stub_model(User, admin?: true)
|
||||
expect(subject).to permit(user, Asciicast.new)
|
||||
end
|
||||
|
||||
it "grants access if user is creator of the asciicast" do
|
||||
user = stub_model(User, admin?: false)
|
||||
expect(subject).to permit(user, Asciicast.new(user: user))
|
||||
end
|
||||
|
||||
it "denies access if user isn't the creator of the asciicast" do
|
||||
expect(subject).not_to permit(User.new, Asciicast.new(user: User.new))
|
||||
end
|
||||
end
|
||||
|
||||
permissions :destroy? do
|
||||
it "denies access if user is nil" do
|
||||
expect(subject).not_to permit(nil, Asciicast.new)
|
||||
end
|
||||
|
||||
it "grants access if user is admin" do
|
||||
user = stub_model(User, admin?: true)
|
||||
expect(subject).to permit(user, Asciicast.new)
|
||||
end
|
||||
|
||||
it "grants access if user is creator of the asciicast" do
|
||||
user = stub_model(User, admin?: false)
|
||||
expect(subject).to permit(user, Asciicast.new(user: user))
|
||||
end
|
||||
|
||||
it "denies access if user isn't the creator of the asciicast" do
|
||||
expect(subject).not_to permit(User.new, Asciicast.new(user: User.new))
|
||||
end
|
||||
end
|
||||
|
||||
permissions :feature? do
|
||||
it "denies access if user is nil" do
|
||||
expect(subject).not_to permit(nil, Asciicast.new)
|
||||
end
|
||||
|
||||
it "grants access if user is admin" do
|
||||
user = stub_model(User, admin?: true)
|
||||
expect(subject).to permit(user, Asciicast.new)
|
||||
end
|
||||
|
||||
it "denies access if user isn't admin" do
|
||||
user = stub_model(User, admin?: false)
|
||||
expect(subject).not_to permit(user, Asciicast.new)
|
||||
end
|
||||
end
|
||||
|
||||
permissions :unfeature? do
|
||||
it "denies access if user is nil" do
|
||||
expect(subject).not_to permit(nil, Asciicast.new)
|
||||
end
|
||||
|
||||
it "grants access if user is admin" do
|
||||
user = stub_model(User, admin?: true)
|
||||
expect(subject).to permit(user, Asciicast.new)
|
||||
end
|
||||
|
||||
it "denies access if user isn't admin" do
|
||||
user = stub_model(User, admin?: false)
|
||||
expect(subject).not_to permit(user, Asciicast.new)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
@ -0,0 +1,18 @@
|
||||
require 'spec_helper'
|
||||
|
||||
describe UserPolicy do
|
||||
|
||||
subject { described_class }
|
||||
|
||||
permissions :update? do
|
||||
it "grants access if edited user is current user" do
|
||||
user = User.new
|
||||
expect(subject).to permit(user, user)
|
||||
end
|
||||
|
||||
it "denies access if edited user is not current user" do
|
||||
expect(subject).not_to permit(User.new, User.new)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
Loading…
Reference in New Issue