Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
♻️ add alias rules to PostPolicy
Browse files Browse the repository at this point in the history
karinevieira committed May 5, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 9fee389 commit 0fe6595
Showing 2 changed files with 25 additions and 72 deletions.
21 changes: 2 additions & 19 deletions app/policies/post_policy.rb
Original file line number Diff line number Diff line change
@@ -1,36 +1,19 @@
# frozen_string_literal: true

class PostPolicy < ApplicationPolicy
def index?
true
end

def new?
true
end
alias_rule :index?, :new?, to: :create?
alias_rule :edit?, :destroy?, to: :update?

def create?
true
end

def edit?
deny_non_post_creators!

true
end

def update?
deny_non_post_creators!

true
end

def destroy?
deny_non_post_creators!

true
end

def deny_non_post_creators!
deny! if user != record.user
end
76 changes: 23 additions & 53 deletions spec/policies/post_policy_spec.rb
Original file line number Diff line number Diff line change
@@ -4,33 +4,33 @@

RSpec.describe PostPolicy do
describe "#index?" do
it "allows everyone to see the posts" do
it "is an alias of :create? authorization rule" do
current_user = build_stubbed(:user)
post = build_stubbed(:post, user: current_user)
policy = described_class.new(post, user: current_user)
post = build_stubbed(:post)

result = policy.apply(:index?)
policy = described_class.new(post, user: current_user)
rule = :index?

expect(result).to be true
expect(rule).to be_an_alias_of(policy, :create?)
end
end

describe "#new?" do
it "allows everyone to access the page to create a post" do
it "is an alias of :create? authorization rule" do
current_user = build_stubbed(:user)
post = build_stubbed(:post, user: current_user)
policy = described_class.new(post, user: current_user)
post = build_stubbed(:post)

result = policy.apply(:new?)
policy = described_class.new(post, user: current_user)
rule = :new?

expect(result).to be true
expect(rule).to be_an_alias_of(policy, :create?)
end
end

describe "#create?" do
it "allows everyone to create a post" do
current_user = build_stubbed(:user)
post = build_stubbed(:post, user: current_user)
post = build_stubbed(:post)
policy = described_class.new(post, user: current_user)

result = policy.apply(:create?)
@@ -40,29 +40,14 @@
end

describe "#edit?" do
context "when current user is the post creator" do
it "allows to access the page to edit the post" do
current_user = build_stubbed(:user)
post = build_stubbed(:post, user: current_user)
policy = described_class.new(post, user: current_user)

result = policy.apply(:edit?)

expect(result).to be true
end
end

context "when current user isn't the post creator" do
it "not allow to access the page to edit the post" do
current_user = build_stubbed(:user)
creator = build_stubbed(:user)
post = build_stubbed(:post, user: creator)
policy = described_class.new(post, user: current_user)
it "is an alias of :update? authorization rule" do
current_user = build_stubbed(:user)
post = build_stubbed(:post, user: current_user)

result = policy.apply(:edit?)
policy = described_class.new(post, user: current_user)
rule = :edit?

expect(result).to be false
end
expect(rule).to be_an_alias_of(policy, :update?)
end
end

@@ -94,29 +79,14 @@
end

describe "#destroy?" do
context "when current user is the post creator" do
it "allows to destroy the post" do
current_user = build_stubbed(:user)
post = build_stubbed(:post, user: current_user)
policy = described_class.new(post, user: current_user)

result = policy.apply(:destroy?)

expect(result).to be true
end
end

context "when current user isn't the post creator" do
it "not allow to delete the post" do
current_user = build_stubbed(:user)
creator = build_stubbed(:user)
post = build_stubbed(:post, user: creator)
policy = described_class.new(post, user: current_user)
it "is an alias of :update? authorization rule" do
current_user = build_stubbed(:user)
post = build_stubbed(:post, user: current_user)

result = policy.apply(:destroy?)
policy = described_class.new(post, user: current_user)
rule = :destroy?

expect(result).to be false
end
expect(rule).to be_an_alias_of(policy, :update?)
end
end
end

0 comments on commit 0fe6595

Please sign in to comment.