Add role 'owner' to users (#185)

2025-12-15 19:27:52 +01:00 · 2023-01-18 21:11:27 +01:00
parent e86748edca
commit 0e96ff7ad4
25 changed files with 482 additions and 54 deletions
--- a/spec/factories/users.rb
+++ b/spec/factories/users.rb
@@ -23,6 +23,14 @@ FactoryBot.define do
    role { 'admin' }
  end

+  factory :owner, class: User do
+    sequence(:email) { |n| "owner#{n}@example.com" }
+
+    full_name { 'First Last' }
+    password { 'password' }
+    role { 'owner' }
+  end
+
  factory :blocked, class: User do
    sequence(:email) { |n| "admin#{n}@example.com" }

--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -4,6 +4,7 @@ RSpec.describe User, type: :model do
  let(:user) { FactoryBot.build(:user) }
  let(:moderator) { FactoryBot.build(:moderator) }
  let(:admin) { FactoryBot.build(:admin) }
+  let(:owner) { FactoryBot.build(:owner) }

  it 'should be valid' do
    expect(user).to be_valid
@@ -13,14 +14,16 @@ RSpec.describe User, type: :model do
    expect(User.new.role).to eq('user')
  end

-  it 'can have the following roles: "user", "moderator" and "admin"' do
+  it 'can have the following roles: "user", "moderator", "admin" and "owner"' do
    expect(user.role).to eq('user')
    expect(moderator.role).to eq('moderator')
    expect(admin.role).to eq('admin')
+    expect(owner.role).to eq('owner')

    expect(user).to be_valid
    expect(moderator).to be_valid
    expect(admin).to be_valid
+    expect(owner).to be_valid
  end

  it 'has status "active" by default' do
@@ -67,10 +70,25 @@ RSpec.describe User, type: :model do
    expect(invalid_email_user).to be_invalid
  end

-  it 'knows if it is a power user' do
-    expect(user).not_to be_a_power_user
-    expect(moderator).to be_a_power_user
-    expect(admin).to be_a_power_user
+  it 'knows if it has moderator privileges' do
+    expect(user).not_to be_a_moderator
+    expect(moderator).to be_a_moderator
+    expect(admin).to be_a_moderator
+    expect(owner).to be_a_moderator
+  end
+
+  it 'knows if it has admin privileges' do
+    expect(user).not_to be_a_admin
+    expect(moderator).not_to be_a_admin
+    expect(admin).to be_a_admin
+    expect(owner).to be_a_admin
+  end
+
+  it 'knows if it has owner privileges' do
+    expect(user).not_to be_a_owner
+    expect(moderator).not_to be_a_owner
+    expect(admin).not_to be_a_owner
+    expect(owner).to be_a_owner
  end

  it 'knows if it is active or blocked' do
--- a/spec/policies/board_policy_spec.rb
+++ b/spec/policies/board_policy_spec.rb
@@ -0,0 +1,43 @@
+require 'rails_helper'
+
+RSpec.describe BoardPolicy do
+  subject { BoardPolicy.new(user, record) }
+
+  let(:record) { FactoryBot.build_stubbed(:board) }
+
+  context 'being a user' do
+    let(:user) { FactoryBot.build_stubbed(:user) }
+
+    it { should_not permit(:create) }
+    it { should_not permit(:update) }
+    it { should_not permit(:destroy) }
+    it { should_not permit(:update_order) }
+  end
+
+  context 'being a moderator' do
+    let(:user) { FactoryBot.build_stubbed(:moderator) }
+
+    it { should_not permit(:create) }
+    it { should_not permit(:update) }
+    it { should_not permit(:destroy) }
+    it { should_not permit(:update_order) }
+  end
+
+  context 'being a admin' do
+    let(:user) { FactoryBot.build_stubbed(:admin) }
+
+    it { should permit(:create) }
+    it { should permit(:update) }
+    it { should permit(:destroy) }
+    it { should permit(:update_order) }
+  end
+
+  context 'being a owner' do
+    let(:user) { FactoryBot.build_stubbed(:owner) }
+
+    it { should permit(:create) }
+    it { should permit(:update) }
+    it { should permit(:destroy) }
+    it { should permit(:update_order) }
+  end
+end
--- a/spec/policies/comment_policy_spec.rb
+++ b/spec/policies/comment_policy_spec.rb
@@ -0,0 +1,60 @@
+require 'rails_helper'
+
+RSpec.describe CommentPolicy do
+  subject { CommentPolicy.new(user, record) }
+
+  let(:record) { FactoryBot.create(:comment) }
+
+  context 'being a user' do
+    context 'not being the comment author' do
+      let(:user) { FactoryBot.build_stubbed(:user) }
+
+      it { should_not permit(:update) }
+      it { should_not permit(:destroy) }
+    end
+
+    context 'being the post author' do
+      let(:user) { FactoryBot.build(:user, id: record.user_id) }
+
+      it { should permit(:update) }
+      it { should permit(:destroy) }
+
+      it 'permits "body" and "parent_id" attributes for create' do
+        expect(subject.permitted_attributes_for_create).to eq([:body, :parent_id])
+      end
+
+      it 'permits "body" attribute for update' do
+        expect(subject.permitted_attributes_for_update).to eq([:body])
+      end
+    end
+  end
+
+  context 'being a moderator' do
+    let(:user) { FactoryBot.build_stubbed(:moderator) }
+
+    it { should permit(:update) }
+    it { should permit(:destroy) }
+
+    it 'permits "body", "parent_id" and "is_post_update" attributes for create' do
+      expect(subject.permitted_attributes_for_create).to eq([:body, :parent_id, :is_post_update])
+    end
+
+    it 'permits "body" and "is_post_update" attribute for update' do
+      expect(subject.permitted_attributes_for_update).to eq([:body, :is_post_update])
+    end
+  end
+
+  context 'being a admin' do
+    let(:user) { FactoryBot.build_stubbed(:admin) }
+
+    it { should permit(:update) }
+    it { should permit(:destroy) }
+  end
+
+  context 'being a owner' do
+    let(:user) { FactoryBot.build_stubbed(:owner) }
+
+    it { should permit(:update) }
+    it { should permit(:destroy) }
+  end
+end
--- a/spec/policies/o_auth_policy_spec.rb
+++ b/spec/policies/o_auth_policy_spec.rb
@@ -0,0 +1,43 @@
+require 'rails_helper'
+
+RSpec.describe OAuthPolicy do
+  subject { OAuthPolicy.new(user, record) }
+
+  let(:record) { FactoryBot.build_stubbed(:o_auth) }
+
+  context 'being a user' do
+    let(:user) { FactoryBot.build(:user) }
+
+    it { should_not permit(:index) }
+    it { should_not permit(:create) }
+    it { should_not permit(:update) }
+    it { should_not permit(:destroy) }
+  end
+
+  context 'being a moderator' do
+    let(:user) { FactoryBot.build(:moderator) }
+
+    it { should_not permit(:index) }
+    it { should_not permit(:create) }
+    it { should_not permit(:update) }
+    it { should_not permit(:destroy) }
+  end
+
+  context 'being a admin' do
+    let(:user) { FactoryBot.build(:admin) }
+
+    it { should permit(:index) }
+    it { should permit(:create) }
+    it { should permit(:update) }
+    it { should permit(:destroy) }
+  end
+
+  context 'being a owner' do
+    let(:user) { FactoryBot.build(:owner) }
+
+    it { should permit(:index) }
+    it { should permit(:create) }
+    it { should permit(:update) }
+    it { should permit(:destroy) }
+  end
+end
--- a/spec/policies/post_policy_spec.rb
+++ b/spec/policies/post_policy_spec.rb
@@ -0,0 +1,53 @@
+require 'rails_helper'
+
+RSpec.describe PostPolicy do
+  subject { PostPolicy.new(user, record) }
+
+  let(:record) { FactoryBot.create(:post) }
+
+  context 'being a user' do
+    context 'not being the post author' do
+      let(:user) { FactoryBot.build_stubbed(:user) }
+
+      it { should_not permit(:update) }
+      it { should_not permit(:destroy) }
+    end
+
+    context 'being the post author' do
+      let(:user) { FactoryBot.build(:user, id: record.user_id) }
+
+      it { should permit(:update) }
+      it { should permit(:destroy) }
+
+      it 'permits "title" and "description" attributes' do
+        expect(subject.permitted_attributes_for_update).to eq([:title, :description])
+      end
+    end
+  end
+
+  context 'being a moderator' do
+    let(:user) { FactoryBot.build_stubbed(:moderator) }
+
+    it { should permit(:update) }
+    it { should permit(:destroy) }
+
+    it 'permits "title", "description", "board_id" and "post_status_id" attributes' do
+      permitted_attributes = [:title, :description, :board_id, :post_status_id]
+      expect(subject.permitted_attributes_for_update).to eq(permitted_attributes)
+    end
+  end
+
+  context 'being a admin' do
+    let(:user) { FactoryBot.build_stubbed(:admin) }
+
+    it { should permit(:update) }
+    it { should permit(:destroy) }
+  end
+
+  context 'being a owner' do
+    let(:user) { FactoryBot.build_stubbed(:owner) }
+
+    it { should permit(:update) }
+    it { should permit(:destroy) }
+  end
+end
--- a/spec/policies/post_status_policy_spec.rb
+++ b/spec/policies/post_status_policy_spec.rb
@@ -0,0 +1,43 @@
+require 'rails_helper'
+
+RSpec.describe PostStatusPolicy do
+  subject { PostStatusPolicy.new(user, record) }
+
+  let(:record) { FactoryBot.build_stubbed(:post_status) }
+
+  context 'being a user' do
+    let(:user) { FactoryBot.build(:user) }
+
+    it { should_not permit(:create) }
+    it { should_not permit(:update) }
+    it { should_not permit(:destroy) }
+    it { should_not permit(:update_order) }
+  end
+
+  context 'being a moderator' do
+    let(:user) { FactoryBot.build(:moderator) }
+
+    it { should_not permit(:create) }
+    it { should_not permit(:update) }
+    it { should_not permit(:destroy) }
+    it { should_not permit(:update_order) }
+  end
+
+  context 'being a admin' do
+    let(:user) { FactoryBot.build(:admin) }
+
+    it { should permit(:create) }
+    it { should permit(:update) }
+    it { should permit(:destroy) }
+    it { should permit(:update_order) }
+  end
+
+  context 'being a owner' do
+    let(:user) { FactoryBot.build(:owner) }
+
+    it { should permit(:create) }
+    it { should permit(:update) }
+    it { should permit(:destroy) }
+    it { should permit(:update_order) }
+  end
+end
--- a/spec/policies/tenant_policy_spec.rb
+++ b/spec/policies/tenant_policy_spec.rb
@@ -0,0 +1,34 @@
+require 'rails_helper'
+
+RSpec.describe TenantPolicy do
+  subject { TenantPolicy.new(user, record) }
+
+  let(:record) { FactoryBot.build_stubbed(:tenant) }
+  let(:user) { nil }
+  
+  it { should permit(:create) }
+
+  context 'being a user' do
+    let(:user) { FactoryBot.build(:user, tenant_id: record.id) }
+
+    it { should_not permit(:update) }
+  end
+
+  context 'being a moderator' do
+    let(:user) { FactoryBot.build(:moderator, tenant_id: record.id) }
+
+    it { should_not permit(:update) }
+  end
+
+  context 'being a admin' do
+    let(:user) { FactoryBot.build(:admin, tenant_id: record.id) }
+
+    it { should permit(:update) }
+
+    context 'having a tenant_id different from the tenant being updated' do
+      let(:user) { FactoryBot.build(:admin, tenant_id: record.id + 1) }
+
+      it { should_not permit(:update) }
+    end
+  end
+end
--- a/spec/policies/user_policy_spec.rb
+++ b/spec/policies/user_policy_spec.rb
@@ -0,0 +1,106 @@
+require 'rails_helper'
+
+RSpec.describe UserPolicy do
+  subject { UserPolicy.new(user, record) }
+
+  context 'being a user' do
+    let(:user) { FactoryBot.build(:user) }
+    let(:record) { FactoryBot.build(:user) }
+
+    it { should_not permit(:index) }
+    it { should_not permit(:edit) }
+  end
+
+  context 'being a moderator' do
+    let(:user) { FactoryBot.build(:moderator) }
+    let(:record) { User }
+
+    it { should permit(:index) }
+
+    context 'acting on a user of role "user"' do
+      let(:record) { FactoryBot.build(:user) }
+
+      it { should permit(:edit) }
+    end
+
+    context 'acting on a user of role "moderator"' do
+      let(:record) { FactoryBot.build(:moderator) }
+
+      it { should_not permit(:edit) }
+    end
+
+    context 'acting on a user of role "admin"' do
+      let(:record) { FactoryBot.build(:admin) }
+
+      it { should_not permit(:edit) }
+    end
+
+    context 'acting on a user of role "owner"' do
+      let(:record) { FactoryBot.build(:owner) }
+
+      it { should_not permit(:edit) }
+    end
+  end
+
+  context 'being an admin' do
+    let(:user) { FactoryBot.build(:admin) }
+    let(:record) { User }
+
+    it { should permit(:index) }
+
+    context 'acting on a user of role "user"' do
+      let(:record) { FactoryBot.build(:user) }
+
+      it { should permit(:edit) }
+    end
+
+    context 'acting on a user of role "moderator"' do
+      let(:record) { FactoryBot.build(:moderator) }
+
+      it { should permit(:edit) }
+    end
+
+    context 'acting on a user of role "admin"' do
+      let(:record) { FactoryBot.build(:admin) }
+
+      it { should_not permit(:edit) }
+    end
+
+    context 'acting on a user of role "owner"' do
+      let(:record) { FactoryBot.build(:owner) }
+
+      it { should_not permit(:edit) }
+    end
+  end
+
+  context 'being a owner' do
+    let(:user) { FactoryBot.build(:owner) }
+    let(:record) { User }
+
+    it { should permit(:index) }
+
+    context 'acting on a user of role "user"' do
+      let(:record) { FactoryBot.build(:user) }
+
+      it { should permit(:edit) }
+    end
+
+    context 'acting on a user of role "moderator"' do
+      let(:record) { FactoryBot.build(:moderator) }
+
+      it { should permit(:edit) }
+    end
+
+    context 'acting on a user of role "admin"' do
+      let(:record) { FactoryBot.build(:admin) }
+
+      it { should permit(:edit) }
+    end
+
+    context 'acting on a user of role "owner"' do
+      let(:record) { FactoryBot.build(:owner) }
+
+      it { should permit(:edit) }
+    end
+  end
+end
--- a/spec/support/pundit_matcher.rb
+++ b/spec/support/pundit_matcher.rb
@@ -0,0 +1,13 @@
+RSpec::Matchers.define :permit do |action|
+  match do |policy|
+    policy.public_send("#{action}?")
+  end
+
+  failure_message do |policy|
+    "#{policy.class} does not permit #{action} on #{policy.record} for #{policy.user.inspect}."
+  end
+
+  failure_message_when_negated do |policy|
+    "#{policy.class} does not forbid #{action} on #{policy.record} for #{policy.user.inspect}."
+  end
+end