diff --git a/app/models/ability.rb b/app/models/ability.rb index c898119ab..d0c46f4b8 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -1,6 +1,4 @@ # frozen_string_literal: true -# See the wiki for details: -# https://github.com/ryanb/cancan/wiki/Defining-Abilities class Ability include CanCan::Ability @@ -20,130 +18,82 @@ def initialize(user) can :read, :feed_entry # confirmed user - if user.confirmed? - can :crud, User, id: user.id - can :resend_confirmation_instruction, User, id: user.id - can :read, :mailing if signed_in?(user) - # TODO is this solid? || refactor - can :read, Mailing do |mailing| - mailing.recipient? user - end - can :create, Project if user.confirmed? - - # current_student - can :crud, Conference if user.current_student? - - # team member - - # supervisor - can :read, :users_info if user.supervisor? - # CHECK is this solid? - can :read_email, User do |other_user| - user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?) - end - - - # admin - if user.admin? - can :manage, :all - cannot :create, User # this only happens through GitHub - # only add what they cannot; the following should be redundant - # can [:read, :update, :destroy], User if user.admin? - # can :manage, User if user.admin? #including resending ?? check - # can :resend_confirmation_instruction, User if user.admin? - can :read_email, User if user.admin? # even when user marked email hidden # view helper #Todo check - # can :read, :users_info if user.admin? - # can :crud, Conference if user.admin? - # can :crud, :comments if user.admin? # TODO make this work for associations - end - - - ### please don't read below this line - it's a mess - ################# OLD FILE, # = moved to or rewritten above ############# - - # can :crud, User, id: user.id - # can :crud, User if user.admin? - # can :resend_confirmation_instruction, User, id: user.id - # can :resend_confirmation_instruction, User if user.admin? - - - # visibility of email address in user profile - # can :read_email, User, id: user.id if !user.hide_email? - # can :read_email, User if user.admin? - # Refactor note: split these over abilities - # can :read_email, User do |other_user| - # user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?) - # end - - can :crud, Team do |team| - user.admin? || signed_in?(user) && team.new_record? || on_team?(user, team) - end - - can :update_conference_preferences, Team do |team| - team.accepted? && team.students.include?(user) - end - - can :see_offered_conferences, Team do |team| - user.admin? || team.students.include?(user) || team.supervisors.include?(user) - end - - can :accept_or_reject_conference_offer, Team do |team| - team.students.include?(user) - end - - cannot :create, Team do |team| - on_team_for_season?(user, team.season) || !user.confirmed? - end - - can :join, Team do |team| - team.helpdesk_team? and signed_in?(user) and user.confirmed? and not on_team?(user, team) - end - - can :crud, Role do |role| - user.admin? || on_team?(user, role.team) - end - - can :crud, Source do |repo| - user.admin? || on_team?(user, repo.team) - end - - can :supervise, Team do |team| - user.roles.organizer.any? || team.supervisors.include?(user) - end - - can :crud, ConferencePreference do |preference| - user.admin? || (preference.team.students.include? user) - end - - # can :crud, Conference if user.admin? || user.current_student? - - # todo add mailing controller and view for users in their namespace, where applicable - # can :read, Mailing do |mailing| - # mailing.recipient? user - # end - - # can :crud, :comments if user.admin? - # can :read, :users_info if user.admin? || user.supervisor? - - # projects - can :crud, Project do |project| - user.admin? || - (user.confirmed? && user == project.submitter) - end - can :use_as_template, Project do |project| - user == project.submitter && !project.season&.current? - end - - # can :create, Project if user.confirmed? - # cannot :create, Project if !user.confirmed? # not copied over, same as the one before - - # activities - # can :read, :feed_entry - # can :read, :mailing if signed_in?(user) - - # applications - can :create, :application_draft if user.student? && user.application_drafts.in_current_season.none? - end # confirmed? + can :crud, User, id: user.id + can :resend_confirmation_instruction, User, id: user.id + can :read, :mailing if signed_in?(user) + can :read, Mailing do |mailing| + mailing.recipient? user + end + can :create, Project if user.confirmed? + + # current_student + can :crud, Conference if user.current_student? + + # supervisor + can :read, :users_info if user.supervisor? + can :read_email, User do |other_user| + user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?) + end + + # project submitter + can :crud, Project, submitter_id: user.id if user.confirmed? + can :use_as_template, Project do |project| + user == project.submitter && !project.season&.current? + end + + # admin + if user.admin? + can :manage, :all + can :read_email, User if user.admin? # even when user marked email hidden # view helper + # add cannot's only; after this line + cannot :create, User # this only happens through GitHub + end + + ################# OLD FILE, # = moved to or rewritten above ############ + # NOT everything moved yet # + + can :crud, Team do |team| + user.admin? || signed_in?(user) && team.new_record? || on_team?(user, team) + end + + can :update_conference_preferences, Team do |team| + team.accepted? && team.students.include?(user) + end + + can :see_offered_conferences, Team do |team| + user.admin? || team.students.include?(user) || team.supervisors.include?(user) + end + + can :accept_or_reject_conference_offer, Team do |team| + team.students.include?(user) + end + + cannot :create, Team do |team| + on_team_for_season?(user, team.season) || !user.confirmed? + end + + can :join, Team do |team| + team.helpdesk_team? and signed_in?(user) and user.confirmed? and not on_team?(user, team) + end + + can :crud, Role do |role| + user.admin? || on_team?(user, role.team) + end + + can :crud, Source do |repo| + user.admin? || on_team?(user, repo.team) + end + + can :supervise, Team do |team| + user.roles.organizer.any? || team.supervisors.include?(user) + end + + can :crud, ConferencePreference do |preference| + user.admin? || (preference.team.students.include? user) + end + + # applications + can :create, :application_draft if user.student? && user.application_drafts.in_current_season.none? end # initializer def signed_in?(user) diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb index 9a9cd2070..62672fd6a 100644 --- a/spec/models/ability_spec.rb +++ b/spec/models/ability_spec.rb @@ -124,8 +124,8 @@ allow(user).to receive(:admin?).and_return(false) allow(user).to receive(:confirmed?).and_return(false) end - # NOTE / TODO is this testing "can? read_email" properly? - xit 'disallows to see not hidden email address' do + # NOTE / TODO is this testing "can? read_email" properly? + xit 'disallows to see not hidden email address' do other_user.hide_email = false expect(ability).not_to be_able_to(:read_email, other_user) end @@ -175,8 +175,6 @@ end end - # i am here - describe "just orga members, team's supervisor and team's students should be able to see offered conference for a team" do let(:user) { build(:student)} @@ -382,7 +380,7 @@ it 'cannot be created if I am not confirmed' do user.confirmed_at = nil user.save - expect(subject).not_to be_able_to :create, Project + expect(subject).not_to be_able_to :create, Project.new end end