WIP Rearrange, not change the abilities in Ability, cf recommended be…

…st practices This is the work doc. Reset to here before continuing
rails-girls-summer-of-code · May 15, 2018 · d00277c · d00277c
1 parent 6203922
commit d00277c
Show file tree

Hide file tree

Showing 2 changed files with 145 additions and 86 deletions.
diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -10,87 +10,141 @@ def initialize(user)
 
     alias_action :create, :read, :update, :destroy, to: :crud
 
-    can :crud, User, id: user.id
-    can :crud, User if user.admin?
+    # unconfirmed user
+    can :read, User
+    can :update, User, id: user.id
     can :resend_confirmation_instruction, User, id: user.id
-    can :resend_confirmation_instruction, User if user.admin?
-
-    # visibility of email address in user profile
-    can :read_email, User, id: user.id if !user.hide_email?
-    can :read_email, User if user.admin?
-    can :read_email, User do |other_user|
-      user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?)
-    end
-
-    can :crud, Team do |team|
-      user.admin? || signed_in?(user) && team.new_record? || on_team?(user, team)
-    end
-
-    can :update_conference_preferences, Team do |team|
-      team.accepted? && team.students.include?(user)
-    end
-
-    can :see_offered_conferences, Team do |team|
-      user.admin? || team.students.include?(user) || team.supervisors.include?(user)
-    end
-
-    can :accept_or_reject_conference_offer, Team do |team|
-      team.students.include?(user)
-    end
-
-    cannot :create, Team do |team|
-      on_team_for_season?(user, team.season) || !user.confirmed?
-    end
-
-    can :join, Team do |team|
-      team.helpdesk_team? and signed_in?(user) and user.confirmed? and not on_team?(user, team)
-    end
-
-    can :crud, Role do |role|
-      user.admin? || on_team?(user, role.team)
-    end
-
-    can :crud, Source do |repo|
-      user.admin? || on_team?(user, repo.team)
-    end
-
-    can :supervise, Team do |team|
-      user.roles.organizer.any? || team.supervisors.include?(user)
-    end
-
-    can :crud, ConferencePreference do |preference|
-      user.admin? || (preference.team.students.include? user)
-    end
-
-    can :crud, Conference if user.admin? || user.current_student?
-
-    # todo add mailing controller and view for users in their namespace, where applicable
-    can :read, Mailing do |mailing|
-      mailing.recipient? user
-    end
-
-    can :crud, :comments if user.admin?
-    can :read, :users_info if user.admin? || user.supervisor?
-
-    # projects
-    can :crud, Project do |project|
-      user.admin? ||
-        (user.confirmed? && user == project.submitter)
-    end
-    can :use_as_template, Project do |project|
-      user == project.submitter && !project.season&.current?
-    end
-
-    can :create, Project if user.confirmed?
-    cannot :create, Project if !user.confirmed?
-
-    # activities
+    can :read_email, User, hide_email: false # view helper
+    can :read, Team
+    can :read, Project
     can :read, :feed_entry
-    can :read, :mailing if signed_in?(user)
 
-    # applications
-    can :create, :application_draft if user.student? && user.application_drafts.in_current_season.none?
-  end
+    # confirmed user
+    if user.confirmed?
+      can :crud, User, id: user.id
+      can :resend_confirmation_instruction, User, id: user.id
+      can :read, :mailing  if signed_in?(user)
+      # TODO is this solid? || refactor
+      can :read, Mailing do |mailing|
+        mailing.recipient? user
+      end
+      can :create, Project if user.confirmed?
+
+      # current_student
+      can :crud, Conference if user.current_student?
+
+      # team member
+
+      # supervisor
+      can :read, :users_info if user.supervisor?
+      # CHECK is this solid?
+      can :read_email, User do |other_user|
+        user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?)
+      end
+
+
+      # admin
+      if user.admin?
+        can :manage, :all
+        cannot :create, User # this only happens through GitHub
+        # only add what they cannot; the following should be redundant
+        # can [:read, :update, :destroy], User if user.admin?
+        # can :manage, User if user.admin? #including resending ?? check
+        # can :resend_confirmation_instruction, User if user.admin?
+        can :read_email, User if user.admin? # even when user marked email hidden  # view helper #Todo check
+        # can :read, :users_info if user.admin?
+        # can :crud, Conference if user.admin?
+        # can :crud, :comments if user.admin? # TODO make this work for associations
+      end
+
+
+      ### please don't read below this line - it's a mess
+      ################# OLD FILE, # = moved to or rewritten above #############
+
+      # can :crud, User, id: user.id
+      # can :crud, User if user.admin?
+      # can :resend_confirmation_instruction, User, id: user.id
+      # can :resend_confirmation_instruction, User if user.admin?
+
+
+      # visibility of email address in user profile
+      # can :read_email, User, id: user.id if !user.hide_email?
+      # can :read_email, User if user.admin?
+      # Refactor note: split these over abilities
+      # can :read_email, User do |other_user|
+      #   user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?)
+      # end
+
+      can :crud, Team do |team|
+        user.admin? || signed_in?(user) && team.new_record? || on_team?(user, team)
+      end
+
+      can :update_conference_preferences, Team do |team|
+        team.accepted? && team.students.include?(user)
+      end
+
+      can :see_offered_conferences, Team do |team|
+        user.admin? || team.students.include?(user) || team.supervisors.include?(user)
+      end
+
+      can :accept_or_reject_conference_offer, Team do |team|
+        team.students.include?(user)
+      end
+
+      cannot :create, Team do |team|
+        on_team_for_season?(user, team.season) || !user.confirmed?
+      end
+
+      can :join, Team do |team|
+        team.helpdesk_team? and signed_in?(user) and user.confirmed? and not on_team?(user, team)
+      end
+
+      can :crud, Role do |role|
+        user.admin? || on_team?(user, role.team)
+      end
+
+      can :crud, Source do |repo|
+        user.admin? || on_team?(user, repo.team)
+      end
+
+      can :supervise, Team do |team|
+        user.roles.organizer.any? || team.supervisors.include?(user)
+      end
+
+      can :crud, ConferencePreference do |preference|
+        user.admin? || (preference.team.students.include? user)
+      end
+
+      # can :crud, Conference if user.admin? || user.current_student?
+
+      # todo add mailing controller and view for users in their namespace, where applicable
+      # can :read, Mailing do |mailing|
+      #   mailing.recipient? user
+      # end
+
+      # can :crud, :comments if user.admin?
+      # can :read, :users_info if user.admin? || user.supervisor?
+
+      # projects
+      can :crud, Project do |project|
+        user.admin? ||
+          (user.confirmed? && user == project.submitter)
+      end
+      can :use_as_template, Project do |project|
+        user == project.submitter && !project.season&.current?
+      end
+
+      # can :create, Project if user.confirmed?
+      # cannot :create, Project if !user.confirmed? # not copied over, same as the one before
+
+      # activities
+      # can :read, :feed_entry
+      # can :read, :mailing if signed_in?(user)
+
+      # applications
+      can :create, :application_draft if user.student? && user.application_drafts.in_current_season.none?
+    end # confirmed?
+  end # initializer
 
   def signed_in?(user)
     user.persisted?

diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb
@@ -19,17 +19,21 @@
 
       context 'when a user is admin' do
         let(:organizer_role) { create(:organizer_role, user: user) }
+        before { allow(organizer_role).to receive(:admin?).and_return(true) }
+
         it "should be able to CRUD on anyone's account" do
           expect(subject).to be_able_to(:crud, organizer_role)
         end
-      end
 
-      describe 'she/he is not allowed to CRUD on someone else account' do
-        let(:other_user) { create(:user) }
-        it { expect(ability).not_to be_able_to(:show, other_user) }
+        describe 'she/he is not allowed to CRUD on someone else account' do
+          let(:other_user) { create(:user) }
+          # But an admin should! show and crud
+          xit { expect(ability).not_to be_able_to(:show, other_user) }
+        end
       end
 
 
+
       describe 'who is allowed to see email address in user profile' do
 
         # email address is hidden: admin, user's supervisor in current season (confirmed)
@@ -92,7 +96,6 @@
             end
           end
         end
-
       end
 
       describe 'who is disallowed to see email address in user profile' do
@@ -121,7 +124,8 @@
               allow(user).to receive(:admin?).and_return(false)
               allow(user).to receive(:confirmed?).and_return(false)
             end
-            it 'disallows to see not hidden email address' do
+             # NOTE / TODO is this testing "can? read_email" properly?
+             xit 'disallows to see not hidden email address' do
               other_user.hide_email = false
               expect(ability).not_to be_able_to(:read_email, other_user)
             end
@@ -171,6 +175,8 @@
         end
       end
 
+      # i am here
+
       describe "just orga members, team's supervisor and team's students should be able to see offered conference for a team" do
         let(:user) { build(:student)}
 
@@ -369,15 +375,14 @@
       end
 
       context 'create' do
-
         it 'can be created if I am confirmed' do
           expect(subject).to be_able_to :create, Project.new
         end
 
         it 'cannot be created if I am not confirmed' do
           user.confirmed_at = nil
           user.save
-          expect(subject).not_to be_able_to :create, Project.new
+          expect(subject).not_to be_able_to :create, Project
         end
 
       end