From d3a28707478d44f94134d5dface3ff9f04500a7d Mon Sep 17 00:00:00 2001 From: Mark Moser Date: Mon, 13 Feb 2017 15:04:47 -0600 Subject: [PATCH] a simple comment policy --- app/policies/quiz_comment_policy.rb | 21 ++++++++++++++++++ test/policies/quiz_comment_policy_test.rb | 27 +++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 app/policies/quiz_comment_policy.rb create mode 100644 test/policies/quiz_comment_policy_test.rb diff --git a/app/policies/quiz_comment_policy.rb b/app/policies/quiz_comment_policy.rb new file mode 100644 index 0000000..49b850e --- /dev/null +++ b/app/policies/quiz_comment_policy.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true +class QuizCommentPolicy < ApplicationPolicy + # Quiz Comment Policy + # + # Anyone with access to the results can comment + # Only Comment owner can edit + + def create? + user.acts_as_reviewer? + end + + def update? + user.acts_as_reviewer? && user.id == record.user_id + end + + class Scope < Scope + def resolve + true + end + end +end diff --git a/test/policies/quiz_comment_policy_test.rb b/test/policies/quiz_comment_policy_test.rb new file mode 100644 index 0000000..518681f --- /dev/null +++ b/test/policies/quiz_comment_policy_test.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true +require 'test_helper' + +class QuizCommentPolicyTest < PolicyAssertions::Test + test 'should require current_user' do + assert_raise Pundit::NotAuthorizedError do + QuizCommentPolicy.new(nil, User.first).create? + end + end + + def test_create + assert_permit users(:admin), QuizComment + assert_permit users(:manager), QuizComment + assert_permit users(:reviewer), QuizComment + + refute_permit users(:recruiter), QuizComment + end + + def test_update + assert_permit users(:reviewer2), quiz_comments(:com6) + + refute_permit users(:reviewer), quiz_comments(:com6) + refute_permit users(:manager), quiz_comments(:com6) + refute_permit users(:admin), quiz_comments(:com6) + refute_permit users(:recruiter), quiz_comments(:com6) + end +end