Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UFRGSP-16 - fix(ability-anonymous) #29

Merged
merged 2 commits into from
Dec 14, 2021
Merged

UFRGSP-16 - fix(ability-anonymous) #29

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
70d6e16
fix(ability-anonymous): restrict profile show to anonymous users
christopherpottesc Dec 6, 2021
e1028da
fix(ability-anonymous): adaptation of tests according to changes
christopherpottesc Dec 14, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions app/models/abilities/anonymous_ability.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ def register_abilities(user=nil)
end
end

can [:index], User # restricted through Space and/or manage
can [:show, :current], User, disabled: false
can :index, User # restricted through Space and/or manage
can :current, User, disabled: false

can [:index, :select], Space
can [:show, :webconference, :recordings], Space, public: true
Expand Down
22 changes: 18 additions & 4 deletions spec/controllers/users_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,9 +103,15 @@
}.to raise_error(ActiveRecord::RecordNotFound)
end

it "should return OK status for existing user" do
get :show, id: FactoryGirl.create(:superuser).to_param
response.response_code.should == 200
context "for non-anonymous users" do
before {
user = FactoryGirl.create(:user)
sign_in(user)
}
it "should return OK status for existing user" do
get :show, id: FactoryGirl.create(:superuser).to_param
response.response_code.should == 200
end
end

it { should_authorize an_instance_of(User), :show, id: FactoryGirl.create(:user).to_param }
Expand Down Expand Up @@ -186,14 +192,22 @@
it { assigns(:recent_activities).should include(RecentActivity.find_by(id: @activities[0])) }
end

context 'a logged out user' do
context 'a logged user' do
before {
user3 = FactoryGirl.create(:user)
sign_in(user3)
get :show, id: user.to_param
}

it { assigns(:recent_activities).count.should be(1) }
it { assigns(:recent_activities).should include(RecentActivity.find_by(id: @activities[0])) }
end

context 'a not logged user' do
before { get :show, id: user.to_param }

it { should redirect_to(login_path) }
end
end
end

Expand Down
5 changes: 4 additions & 1 deletion spec/features/users/not_found_errors_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@

context 'does exist' do
let(:user) { FactoryGirl.create(:user) }
before { visit user_path(user) }
before {
login_as(user)
visit user_path(user)
}
subject { page }

it { should have_title(user.name) }
Expand Down
2 changes: 1 addition & 1 deletion spec/models/user_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1714,7 +1714,7 @@ def default_enrollments

context "when is an anonymous user" do
let(:user) { User.new }
it { should_not be_able_to_do_anything_to(target).except([:show, :index, :current]) }
it { should_not be_able_to_do_anything_to(target).except([:index, :current]) }

context "and the target user is disabled" do
before { target.disable() }
Expand Down