Skip to content
This repository has been archived by the owner on Jun 27, 2023. It is now read-only.

Commit

Permalink
Clean file, without todo's and check comments
Browse files Browse the repository at this point in the history
  • Loading branch information
emcoding committed May 15, 2018
1 parent d00277c commit 27ead4d
Show file tree
Hide file tree
Showing 2 changed files with 79 additions and 131 deletions.
202 changes: 76 additions & 126 deletions app/models/ability.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
# frozen_string_literal: true
# See the wiki for details:
# https://github.com/ryanb/cancan/wiki/Defining-Abilities

class Ability
include CanCan::Ability
Expand All @@ -20,130 +18,82 @@ def initialize(user)
can :read, :feed_entry

# confirmed user
if user.confirmed?
can :crud, User, id: user.id
can :resend_confirmation_instruction, User, id: user.id
can :read, :mailing if signed_in?(user)
# TODO is this solid? || refactor
can :read, Mailing do |mailing|
mailing.recipient? user
end
can :create, Project if user.confirmed?

# current_student
can :crud, Conference if user.current_student?

# team member

# supervisor
can :read, :users_info if user.supervisor?
# CHECK is this solid?
can :read_email, User do |other_user|
user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?)
end


# admin
if user.admin?
can :manage, :all
cannot :create, User # this only happens through GitHub
# only add what they cannot; the following should be redundant
# can [:read, :update, :destroy], User if user.admin?
# can :manage, User if user.admin? #including resending ?? check
# can :resend_confirmation_instruction, User if user.admin?
can :read_email, User if user.admin? # even when user marked email hidden # view helper #Todo check
# can :read, :users_info if user.admin?
# can :crud, Conference if user.admin?
# can :crud, :comments if user.admin? # TODO make this work for associations
end


### please don't read below this line - it's a mess
################# OLD FILE, # = moved to or rewritten above #############

# can :crud, User, id: user.id
# can :crud, User if user.admin?
# can :resend_confirmation_instruction, User, id: user.id
# can :resend_confirmation_instruction, User if user.admin?


# visibility of email address in user profile
# can :read_email, User, id: user.id if !user.hide_email?
# can :read_email, User if user.admin?
# Refactor note: split these over abilities
# can :read_email, User do |other_user|
# user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?)
# end

can :crud, Team do |team|
user.admin? || signed_in?(user) && team.new_record? || on_team?(user, team)
end

can :update_conference_preferences, Team do |team|
team.accepted? && team.students.include?(user)
end

can :see_offered_conferences, Team do |team|
user.admin? || team.students.include?(user) || team.supervisors.include?(user)
end

can :accept_or_reject_conference_offer, Team do |team|
team.students.include?(user)
end

cannot :create, Team do |team|
on_team_for_season?(user, team.season) || !user.confirmed?
end

can :join, Team do |team|
team.helpdesk_team? and signed_in?(user) and user.confirmed? and not on_team?(user, team)
end

can :crud, Role do |role|
user.admin? || on_team?(user, role.team)
end

can :crud, Source do |repo|
user.admin? || on_team?(user, repo.team)
end

can :supervise, Team do |team|
user.roles.organizer.any? || team.supervisors.include?(user)
end

can :crud, ConferencePreference do |preference|
user.admin? || (preference.team.students.include? user)
end

# can :crud, Conference if user.admin? || user.current_student?

# todo add mailing controller and view for users in their namespace, where applicable
# can :read, Mailing do |mailing|
# mailing.recipient? user
# end

# can :crud, :comments if user.admin?
# can :read, :users_info if user.admin? || user.supervisor?

# projects
can :crud, Project do |project|
user.admin? ||
(user.confirmed? && user == project.submitter)
end
can :use_as_template, Project do |project|
user == project.submitter && !project.season&.current?
end

# can :create, Project if user.confirmed?
# cannot :create, Project if !user.confirmed? # not copied over, same as the one before

# activities
# can :read, :feed_entry
# can :read, :mailing if signed_in?(user)

# applications
can :create, :application_draft if user.student? && user.application_drafts.in_current_season.none?
end # confirmed?
can :crud, User, id: user.id
can :resend_confirmation_instruction, User, id: user.id
can :read, :mailing if signed_in?(user)
can :read, Mailing do |mailing|
mailing.recipient? user
end
can :create, Project if user.confirmed?

# current_student
can :crud, Conference if user.current_student?

# supervisor
can :read, :users_info if user.supervisor?
can :read_email, User do |other_user|
user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?)
end

# project submitter
can :crud, Project, submitter_id: user.id if user.confirmed?
can :use_as_template, Project do |project|
user == project.submitter && !project.season&.current?
end

# admin
if user.admin?
can :manage, :all
can :read_email, User if user.admin? # even when user marked email hidden # view helper
# add cannot's only; after this line
cannot :create, User # this only happens through GitHub
end

################# OLD FILE, # = moved to or rewritten above ############
# NOT everything moved yet #

can :crud, Team do |team|
user.admin? || signed_in?(user) && team.new_record? || on_team?(user, team)
end

can :update_conference_preferences, Team do |team|
team.accepted? && team.students.include?(user)
end

can :see_offered_conferences, Team do |team|
user.admin? || team.students.include?(user) || team.supervisors.include?(user)
end

can :accept_or_reject_conference_offer, Team do |team|
team.students.include?(user)
end

cannot :create, Team do |team|
on_team_for_season?(user, team.season) || !user.confirmed?
end

can :join, Team do |team|
team.helpdesk_team? and signed_in?(user) and user.confirmed? and not on_team?(user, team)
end

can :crud, Role do |role|
user.admin? || on_team?(user, role.team)
end

can :crud, Source do |repo|
user.admin? || on_team?(user, repo.team)
end

can :supervise, Team do |team|
user.roles.organizer.any? || team.supervisors.include?(user)
end

can :crud, ConferencePreference do |preference|
user.admin? || (preference.team.students.include? user)
end

# applications
can :create, :application_draft if user.student? && user.application_drafts.in_current_season.none?
end # initializer

def signed_in?(user)
Expand Down
8 changes: 3 additions & 5 deletions spec/models/ability_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -124,8 +124,8 @@
allow(user).to receive(:admin?).and_return(false)
allow(user).to receive(:confirmed?).and_return(false)
end
# NOTE / TODO is this testing "can? read_email" properly?
xit 'disallows to see not hidden email address' do
# NOTE / TODO is this testing "can? read_email" properly?
xit 'disallows to see not hidden email address' do
other_user.hide_email = false
expect(ability).not_to be_able_to(:read_email, other_user)
end
Expand Down Expand Up @@ -175,8 +175,6 @@
end
end

# i am here

describe "just orga members, team's supervisor and team's students should be able to see offered conference for a team" do
let(:user) { build(:student)}

Expand Down Expand Up @@ -382,7 +380,7 @@
it 'cannot be created if I am not confirmed' do
user.confirmed_at = nil
user.save
expect(subject).not_to be_able_to :create, Project
expect(subject).not_to be_able_to :create, Project.new
end

end
Expand Down

0 comments on commit 27ead4d

Please sign in to comment.