From c7cf4921fdf78a8a0d0e048f83b8b03d82c1d8c5 Mon Sep 17 00:00:00 2001 From: Thomas Leese Date: Wed, 29 Nov 2023 14:01:41 +0000 Subject: [PATCH] Add ReferenceRequestPolicy This adds a new policy for verifying reference requests. --- .../reference_requests_controller.rb | 10 ++-- .../reference_request_policy.rb | 16 +++++ .../reference_request_policy_spec.rb | 59 +++++++++++++++++++ .../work_history_policy_spec.rb | 4 +- spec/support/shared_examples/policy.rb | 2 +- 5 files changed, 84 insertions(+), 7 deletions(-) create mode 100644 app/policies/assessor_interface/reference_request_policy.rb create mode 100644 spec/policies/assessor_interface/reference_request_policy_spec.rb diff --git a/app/controllers/assessor_interface/reference_requests_controller.rb b/app/controllers/assessor_interface/reference_requests_controller.rb index f98faabd3b..b72e5c744f 100644 --- a/app/controllers/assessor_interface/reference_requests_controller.rb +++ b/app/controllers/assessor_interface/reference_requests_controller.rb @@ -2,12 +2,12 @@ module AssessorInterface class ReferenceRequestsController < BaseController - before_action :authorize_assessor, except: %i[edit update_verify_references] - before_action :set_list_variables, only: %i[index update_verify_references] before_action :set_individual_variables, only: %i[edit update] def index + authorize %i[assessor_interface reference_request] + @form = VerifyReferencesForm.new( assessment:, @@ -18,7 +18,7 @@ def index end def update_verify_references - authorize :assessor, :update? + authorize %i[assessor_interface reference_request], :update? @form = VerifyReferencesForm.new(assessment:, **verify_references_form_params) @@ -31,12 +31,14 @@ def update_verify_references end def edit - authorize :assessor, :show? + authorize [:assessor_interface, requestable] @form = RequestableReviewForm.new(requestable:) end def update + authorize [:assessor_interface, requestable] + @form = RequestableReviewForm.new( requestable:, diff --git a/app/policies/assessor_interface/reference_request_policy.rb b/app/policies/assessor_interface/reference_request_policy.rb new file mode 100644 index 0000000000..fb2a63160b --- /dev/null +++ b/app/policies/assessor_interface/reference_request_policy.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +class AssessorInterface::ReferenceRequestPolicy < ApplicationPolicy + def index? + user.assess_permission || user.verify_permission + end + + def edit? + user.assess_permission || user.verify_permission || + user.change_work_history_permission + end + + def update? + user.assess_permission || user.verify_permission + end +end diff --git a/spec/policies/assessor_interface/reference_request_policy_spec.rb b/spec/policies/assessor_interface/reference_request_policy_spec.rb new file mode 100644 index 0000000000..cf6dba2e21 --- /dev/null +++ b/spec/policies/assessor_interface/reference_request_policy_spec.rb @@ -0,0 +1,59 @@ +# frozen_string_literal: true + +require "rails_helper" + +RSpec.describe AssessorInterface::ReferenceRequestPolicy do + it_behaves_like "a policy" + + let(:user) { nil } + let(:record) { nil } + + subject(:policy) { described_class.new(user, record) } + + describe "#index?" do + subject(:index?) { policy.index? } + it_behaves_like "a policy method requiring the assess permission" + it_behaves_like "a policy method requiring the verify permission" + end + + describe "#show?" do + subject(:show?) { policy.show? } + + let(:user) { create(:staff, :confirmed) } + it { is_expected.to be false } + end + + describe "#create?" do + subject(:create?) { policy.create? } + + let(:user) { create(:staff, :confirmed) } + it { is_expected.to be false } + end + + describe "#new?" do + subject(:new?) { policy.new? } + + let(:user) { create(:staff, :confirmed) } + it { is_expected.to be false } + end + + describe "#update?" do + subject(:update?) { policy.update? } + it_behaves_like "a policy method requiring the assess permission" + it_behaves_like "a policy method requiring the verify permission" + end + + describe "#edit?" do + subject(:edit?) { policy.edit? } + it_behaves_like "a policy method requiring the assess permission" + it_behaves_like "a policy method requiring the change work history permission" + it_behaves_like "a policy method requiring the verify permission" + end + + describe "#destroy?" do + subject(:destroy?) { policy.destroy? } + + let(:user) { create(:staff, :confirmed) } + it { is_expected.to be false } + end +end diff --git a/spec/policies/assessor_interface/work_history_policy_spec.rb b/spec/policies/assessor_interface/work_history_policy_spec.rb index f8abb593f5..b5b2ba9dc6 100644 --- a/spec/policies/assessor_interface/work_history_policy_spec.rb +++ b/spec/policies/assessor_interface/work_history_policy_spec.rb @@ -40,12 +40,12 @@ describe "#update?" do subject(:update?) { policy.update? } - it_behaves_like "a policy method requiring change the work history permission" + it_behaves_like "a policy method requiring the change work history permission" end describe "#edit?" do subject(:edit?) { policy.edit? } - it_behaves_like "a policy method requiring change the work history permission" + it_behaves_like "a policy method requiring the change work history permission" end describe "#destroy?" do diff --git a/spec/support/shared_examples/policy.rb b/spec/support/shared_examples/policy.rb index 625c23ebde..d00a09bd2f 100644 --- a/spec/support/shared_examples/policy.rb +++ b/spec/support/shared_examples/policy.rb @@ -40,7 +40,7 @@ end end -RSpec.shared_examples "a policy method requiring change the work history permission" do +RSpec.shared_examples "a policy method requiring the change work history permission" do context "without permission" do let(:user) { create(:staff) } it { is_expected.to be false }