diff --git a/.rubocop.yml b/.rubocop.yml index 40e239f3..244cef7e 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -33,9 +33,6 @@ Metrics/BlockLength: - 'config/routes.rb' - 'spec/**/*' -Layout/LineLength: - Max: 100 - Metrics/MethodLength: Exclude: - 'db/migrate/*' diff --git a/PERMISSIONS.md b/PERMISSIONS.md index f5d9fee8..541037a8 100644 --- a/PERMISSIONS.md +++ b/PERMISSIONS.md @@ -20,4 +20,4 @@ When the user has the read permission it is able to get all groups (as always). ### Activity/Article/Photo #### Unauthenticated and without permission -When not logged in or when without permission it is possible to get activities, articles and photos which have the publicly visible property to true. +When not logged in or when without permission it is possible to get activities, articles and photos which have the visibility property to everybody. diff --git a/app/controllers/v1/photos_controller.rb b/app/controllers/v1/photos_controller.rb index 76df8ee2..d9d78c37 100644 --- a/app/controllers/v1/photos_controller.rb +++ b/app/controllers/v1/photos_controller.rb @@ -1,5 +1,4 @@ class V1::PhotosController < V1::ApplicationController - before_action :doorkeeper_authorize!, except: %i[index show get_related_resources] before_action do doorkeeper_authorize! unless %w[index show].include?(action_name) || (action_name == 'get_related_resources' && diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb index 147857f2..1dba2076 100644 --- a/app/controllers/v1/users_controller.rb +++ b/app/controllers/v1/users_controller.rb @@ -84,7 +84,7 @@ def nextcloud groups: nextcloud_groups } end - def batch_import # rubocop:disable Metrics/MethodLength, Metrics/AbcSize + def batch_import # rubocop:disable Metrics/AbcSize authorize model_class file = decode_upload_file(params['file']) @@ -93,9 +93,7 @@ def batch_import # rubocop:disable Metrics/MethodLength, Metrics/AbcSize import = Import::User.new(file, group) - unless import.valid? - return render json: { errors: import.errors }, status: :unprocessable_entity - end + return render json: { errors: import.errors }, status: :unprocessable_entity unless import.valid? import.save!(live_run) render json: { users: import.imported_users.to_json(except: excluded_display_properties), diff --git a/app/jobs/mail_moderation_reminder_job.rb b/app/jobs/mail_moderation_reminder_job.rb index 65fa9b71..5bb36b69 100644 --- a/app/jobs/mail_moderation_reminder_job.rb +++ b/app/jobs/mail_moderation_reminder_job.rb @@ -10,8 +10,6 @@ def perform(stored_mail_id) MailModerationMailer.reminder_for_moderation_email(moderator, stored_mail).deliver_later end - unless Rails.env.development? - MailModerationReminderJob.set(wait: 24.hours).perform_later(stored_mail_id) - end + MailModerationReminderJob.set(wait: 24.hours).perform_later(stored_mail_id) unless Rails.env.development? end end diff --git a/app/models/import/transaction.rb b/app/models/import/transaction.rb index 411e8902..205b8d6b 100644 --- a/app/models/import/transaction.rb +++ b/app/models/import/transaction.rb @@ -22,9 +22,7 @@ def import! def valid?(file) headers = get_headers(file) - unless headers.include?('username') - @errors.add(:import_file, 'username field must be present') - end + @errors.add(:import_file, 'username field must be present') unless headers.include?('username') headers.include?('username') end diff --git a/app/models/photo.rb b/app/models/photo.rb index b39582cc..3c2fbb90 100644 --- a/app/models/photo.rb +++ b/app/models/photo.rb @@ -21,12 +21,15 @@ class Photo < ApplicationRecord joins(:comments).distinct } - scope :with_tags, lambda { - joins(:tags).distinct + scope :alumni_visible, lambda { |start_date, end_date| + joins(:photo_album) + .where(photo_album: { visibility: %w[alumni public] }) + .or(where.not(photo_album: { date: nil }).where(photo_album: { date: start_date..end_date })) + .or(where(photo_album: { date: nil }).where(photo_album: { created_at: start_date..end_date })) } - scope :publicly_visible, lambda { - joins(:photo_album).where(photo_albums: { publicly_visible: true }) + scope :with_tags, lambda { + joins(:tags).distinct } before_save :extract_exif diff --git a/app/models/photo_album.rb b/app/models/photo_album.rb index 549edf48..1fb60200 100644 --- a/app/models/photo_album.rb +++ b/app/models/photo_album.rb @@ -7,10 +7,16 @@ class PhotoAlbum < ApplicationRecord belongs_to :group, optional: true validates :title, presence: true - validates :publicly_visible, inclusion: [true, false] - - scope :publicly_visible, -> { where(publicly_visible: true) } + validates :visibility, inclusion: { in: %w[public alumni members] } + scope :publicly_visible, lambda { + where({ visibility: 'public' }) + } + scope :alumni_visible, lambda { |start_date, end_date| + where(visibility: %w[alumni public]) + .or(where.not(date: nil).where(date: start_date..end_date)) + .or(where(date: nil).where(created_at: start_date..end_date)) + } scope :without_photo_tags, lambda { where.not(id: Photo.joins(:tags).select(:photo_album_id).distinct) } diff --git a/app/models/photo_comment.rb b/app/models/photo_comment.rb index 642d613f..23d13a01 100644 --- a/app/models/photo_comment.rb +++ b/app/models/photo_comment.rb @@ -6,8 +6,10 @@ class PhotoComment < ApplicationRecord validates :content, presence: true, length: { minimum: 1, maximum: 500 } - scope :publicly_visible, lambda { + scope :alumni_visible, lambda { |start_date, end_date| joins(photo: :photo_album) - .where(photo_albums: { publicly_visible: true }) + .where(photo_album: { visibility: %w[alumni public] }) + .or(where.not(photo_album: { date: nil }).where(photo_album: { date: start_date..end_date })) + .or(where(photo_album: { date: nil }).where(photo_album: { created_at: start_date..end_date })) } end diff --git a/app/policies/photo_album_policy.rb b/app/policies/photo_album_policy.rb index f54a4e16..7ecaaf1b 100644 --- a/app/policies/photo_album_policy.rb +++ b/app/policies/photo_album_policy.rb @@ -1,8 +1,14 @@ class PhotoAlbumPolicy < ApplicationPolicy class Scope < ApplicationPolicy::Scope - def resolve + def resolve # rubocop:disable Metrics/AbcSize if user_can_read? - scope + membership = user.memberships.joins(:group).where(groups: { name: 'Leden' }).first + return scope.publicly_visible if membership.nil? + + scope.alumni_visible( + membership.start_date&.advance(months: -18), + membership.end_date&.advance(months: 6) + ) else scope.publicly_visible end diff --git a/app/policies/photo_comment_policy.rb b/app/policies/photo_comment_policy.rb index b3322463..97e897c1 100644 --- a/app/policies/photo_comment_policy.rb +++ b/app/policies/photo_comment_policy.rb @@ -1,18 +1,20 @@ class PhotoCommentPolicy < ApplicationPolicy class Scope < ApplicationPolicy::Scope - def resolve + def resolve # rubocop:disable Metrics/AbcSize if user_can_read? - scope + membership = user.memberships.joins(:group).where(groups: { name: 'Leden' }).first + return scope.none if membership.nil? + + scope.alumni_visible( + membership.start_date&.advance(months: -18), + membership.end_date&.advance(months: 6) + ) else - scope.publicly_visible + scope.none end end end - def index? - true - end - def show? scope.exists?(id: record.id) end diff --git a/app/policies/photo_policy.rb b/app/policies/photo_policy.rb index 751a55ed..a8748e2d 100644 --- a/app/policies/photo_policy.rb +++ b/app/policies/photo_policy.rb @@ -1,23 +1,25 @@ class PhotoPolicy < ApplicationPolicy class Scope < ApplicationPolicy::Scope - def resolve + def resolve # rubocop:disable Metrics/AbcSize if user_can_read? - scope + membership = user.memberships.joins(:group).where(groups: { name: 'Leden' }).first + return scope.none if membership.nil? + + scope.alumni_visible( + membership.start_date&.advance(months: -18), + membership.end_date&.advance(months: 6) + ) else - scope.publicly_visible + scope.none end end end - def index? - true + def show? + scope.exists?(id: record.id) end def get_related_resources? - index? - end - - def show? - scope.exists?(id: record.id) + user&.permission?(:read, record) end end diff --git a/app/resources/v1/application_resource.rb b/app/resources/v1/application_resource.rb index 9dc43232..74419db8 100644 --- a/app/resources/v1/application_resource.rb +++ b/app/resources/v1/application_resource.rb @@ -43,7 +43,7 @@ def self.search(records, value) value.each do |val| val.split.each do |word| records = records.where( - searchable_fields.map { |field| arel[field].lower.matches("%#{word.downcase}%") }.inject(:or) # rubocop:disable Layout/LineLength + searchable_fields.map { |field| arel[field].lower.matches("%#{word.downcase}%") }.inject(:or) ) end end diff --git a/app/resources/v1/form/form_resource.rb b/app/resources/v1/form/form_resource.rb index ccc26448..8754517c 100644 --- a/app/resources/v1/form/form_resource.rb +++ b/app/resources/v1/form/form_resource.rb @@ -20,9 +20,7 @@ def current_user_response_completed end def self.records(options = {}) - if options[:context][:action] == 'index' - options[:includes] = %i[responses open_questions closed_questions] - end + options[:includes] = %i[responses open_questions closed_questions] if options[:context][:action] == 'index' super end diff --git a/app/resources/v1/form/response_resource.rb b/app/resources/v1/form/response_resource.rb index aa16300c..0b932c88 100644 --- a/app/resources/v1/form/response_resource.rb +++ b/app/resources/v1/form/response_resource.rb @@ -8,9 +8,7 @@ class V1::Form::ResponseResource < V1::ApplicationResource has_many :closed_question_answers, always_include_linkage_data: true def self.records(options = {}) - if options[:context][:action] == 'index' - options[:includes] = %i[open_question_answers closed_question_answers] - end + options[:includes] = %i[open_question_answers closed_question_answers] if options[:context][:action] == 'index' super end diff --git a/app/resources/v1/photo_album_resource.rb b/app/resources/v1/photo_album_resource.rb index a79e8910..c616b221 100644 --- a/app/resources/v1/photo_album_resource.rb +++ b/app/resources/v1/photo_album_resource.rb @@ -1,5 +1,5 @@ class V1::PhotoAlbumResource < V1::ApplicationResource - attributes :title, :date, :publicly_visible + attributes :title, :date, :visibility filter :without_photo_tags, apply: ->(records, _value, _options) { records.without_photo_tags } @@ -8,7 +8,7 @@ class V1::PhotoAlbumResource < V1::ApplicationResource has_one :group, always_include_linkage_data: true def self.creatable_fields(_context) - %i[title date publicly_visible group] + %i[title date visibility group] end def self.searchable_fields diff --git a/app/resources/v1/user_resource.rb b/app/resources/v1/user_resource.rb index bd0e08c7..5782f475 100644 --- a/app/resources/v1/user_resource.rb +++ b/app/resources/v1/user_resource.rb @@ -32,9 +32,7 @@ def avatar_thumb_url upcoming_birthdays = records.upcoming_birthdays records.find_each do |record| context[:model] = record - unless read_user_details?(context) - upcoming_birthdays = upcoming_birthdays.where.not(id: record.id) - end + upcoming_birthdays = upcoming_birthdays.where.not(id: record.id) unless read_user_details?(context) end upcoming_birthdays } diff --git a/app/validators/not_renullable_validator.rb b/app/validators/not_renullable_validator.rb index 069fa701..47c9c1f2 100644 --- a/app/validators/not_renullable_validator.rb +++ b/app/validators/not_renullable_validator.rb @@ -4,8 +4,6 @@ def validate_each(record, attribute, _value) return unless changed - if !changed[0].nil? && changed[1].nil? - record.errors.add(attribute, 'changed from not-nil to nil') - end + record.errors.add(attribute, 'changed from not-nil to nil') if !changed[0].nil? && changed[1].nil? end end diff --git a/db/migrate/20250216233318_remove_null_option_boolean.rb b/db/migrate/20250216233318_remove_null_option_boolean.rb index d84e2181..4524a9fc 100644 --- a/db/migrate/20250216233318_remove_null_option_boolean.rb +++ b/db/migrate/20250216233318_remove_null_option_boolean.rb @@ -1,5 +1,5 @@ class RemoveNullOptionBoolean < ActiveRecord::Migration[7.0] - # rubocop:disable Rails/ReversibleMigration, Rails/BulkChangeTable, Metrics/AbcSize, Layout/LineLength + # rubocop:disable Rails/ReversibleMigration, Rails/BulkChangeTable, Metrics/AbcSize def change execute 'UPDATE static_pages SET publicly_visible = false WHERE publicly_visible IS NULL' execute 'UPDATE users SET sidekiq_access = false WHERE sidekiq_access IS NULL' @@ -34,5 +34,5 @@ def change change_column_default :room_adverts, :publicly_visible, false change_column_null :room_adverts, :publicly_visible, false end - # rubocop:enable Rails/ReversibleMigration, Rails/BulkChangeTable, Metrics/AbcSize, Layout/LineLength + # rubocop:enable Rails/ReversibleMigration, Rails/BulkChangeTable, Metrics/AbcSize end diff --git a/db/migrate/20250314221852_alumni_visibility.rb b/db/migrate/20250314221852_alumni_visibility.rb new file mode 100644 index 00000000..02c86083 --- /dev/null +++ b/db/migrate/20250314221852_alumni_visibility.rb @@ -0,0 +1,21 @@ +class AlumniVisibility < ActiveRecord::Migration[7.0] + def up + add_column :photo_albums, :visibility, :string, default: 'members', null: false + + PhotoAlbum.find_each do |record| + record.update!(visibility: record.publicly_visible ? 'public' : 'members') + end + + remove_column :photo_albums, :publicly_visible + end + + def down + add_column :photo_albums, :publicly_visible, :boolean, default: false, null: false + + PhotoAlbum.find_each do |record| + record.update!(publicly_visible: record.visibility == 'public') + end + + remove_column :photo_albums, :visibility + end +end diff --git a/db/schema.rb b/db/schema.rb index 2c4aaf6c..a00d48d3 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.0].define(version: 2025_02_19_195453) do +ActiveRecord::Schema[7.0].define(version: 2025_03_14_221852) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -39,7 +39,7 @@ t.string "content_type" t.text "metadata" t.bigint "byte_size", null: false - t.string "checksum", null: false + t.string "checksum" t.datetime "created_at", precision: nil, null: false t.string "service_name", null: false t.index ["key"], name: "index_active_storage_blobs_on_key", unique: true @@ -411,9 +411,9 @@ t.datetime "created_at", precision: nil, null: false t.datetime "updated_at", precision: nil, null: false t.datetime "deleted_at", precision: nil - t.boolean "publicly_visible", default: false, null: false t.bigint "author_id" t.bigint "group_id" + t.string "visibility", default: "members", null: false t.index ["author_id"], name: "index_photo_albums_on_author_id" t.index ["deleted_at"], name: "index_photo_albums_on_deleted_at" t.index ["group_id"], name: "index_photo_albums_on_group_id" diff --git a/spec/factories/photo_albums.rb b/spec/factories/photo_albums.rb index f26364c4..2e5e48f5 100644 --- a/spec/factories/photo_albums.rb +++ b/spec/factories/photo_albums.rb @@ -1,10 +1,12 @@ FactoryBot.define do factory :photo_album do title { Faker::Book.title } - publicly_visible { false } + visibility do + %w[public alumni members].sample + end author factory: %i[user] group - trait(:public) { publicly_visible { true } } + trait(:public) { visibility { 'public' } } end end diff --git a/spec/factories/photo_comments.rb b/spec/factories/photo_comments.rb index c9724282..fff0cb6e 100644 --- a/spec/factories/photo_comments.rb +++ b/spec/factories/photo_comments.rb @@ -6,7 +6,5 @@ end photo - - trait(:public) { photo factory: %i[photo public] } end end diff --git a/spec/factories/photos.rb b/spec/factories/photos.rb index 72b0761b..14e2b390 100644 --- a/spec/factories/photos.rb +++ b/spec/factories/photos.rb @@ -9,7 +9,6 @@ photo_album uploader factory: %i[user] - trait(:public) { photo_album factory: %i[photo_album public] } trait(:invalid) do image do Rack::Test::UploadedFile.new( diff --git a/spec/models/photo_album_spec.rb b/spec/models/photo_album_spec.rb index e07097e2..22c49e64 100644 --- a/spec/models/photo_album_spec.rb +++ b/spec/models/photo_album_spec.rb @@ -19,7 +19,7 @@ end context 'when without public visibility' do - subject(:photo_album) { build_stubbed(:photo_album, publicly_visible: nil) } + subject(:photo_album) { build_stubbed(:photo_album, visibility: nil) } it { expect(photo_album).not_to be_valid } end @@ -29,15 +29,16 @@ it_behaves_like 'a model with group owners' end - describe '#publicly_visible' do + describe '#visibility' do before do - create(:photo_album, publicly_visible: true) - create(:photo_album, publicly_visible: true) - create(:photo_album, publicly_visible: false) + create(:photo_album, visibility: 'public') + create(:photo_album, visibility: 'alumni') + create(:photo_album, visibility: 'members') end - it { expect(described_class.publicly_visible.count).to be 2 } - it { expect(described_class.count - described_class.publicly_visible.count).to be 1 } + it { expect(described_class.publicly_visible.count).to be 1 } + it { expect(described_class.where(visibility: %w[alumni public]).count).to be 2 } + it { expect(described_class.where.not(visibility: %w[alumni public]).count).to be 1 } end describe '#to_zip' do diff --git a/spec/models/photo_comment_spec.rb b/spec/models/photo_comment_spec.rb index 9660ad04..f5357cc5 100644 --- a/spec/models/photo_comment_spec.rb +++ b/spec/models/photo_comment_spec.rb @@ -33,14 +33,25 @@ end end - describe '#publicly_visible' do + describe '#visibilty' do + let(:alumni_album) { create(:photo_album, visibility: 'alumni') } + let(:private_album) { create(:photo_album, visibility: 'members') } + + let(:alumni_photo) { create(:photo, photo_album: alumni_album) } + let(:private_photo) { create(:photo, photo_album: private_album) } + before do - create(:photo_comment, :public) - create(:photo_comment, :public) - create(:photo_comment) + create(:photo_comment, photo: alumni_photo) + create(:photo_comment, photo: alumni_photo) + create(:photo_comment, photo: private_photo) end - it { expect(described_class.publicly_visible.count).to be 2 } - it { expect(described_class.count - described_class.publicly_visible.count).to be 1 } + it { + expect(described_class.joins(photo: :photo_album).where(photo_album: { visibility: 'alumni' }).count).to be 2 + } + + it { + expect(described_class.joins(photo: :photo_album).where.not(photo_album: { visibility: 'alumni' }).count).to be 1 + } end end diff --git a/spec/models/photo_spec.rb b/spec/models/photo_spec.rb index e931031b..cc12231e 100644 --- a/spec/models/photo_spec.rb +++ b/spec/models/photo_spec.rb @@ -61,18 +61,25 @@ it { expect(described_class.with_tags.count).to be 2 } end - describe '#publicly_visible' do - let(:public_album) { create(:photo_album, publicly_visible: true) } - let(:private_album) { create(:photo_album, publicly_visible: false) } + describe '#visibilty' do + let(:alumni_album) { create(:photo_album, visibility: 'alumni') } + let(:private_album) { create(:photo_album, visibility: 'members') } before do - create(:photo, photo_album: public_album) - create(:photo, photo_album: public_album) + create(:photo, photo_album: alumni_album) + create(:photo, photo_album: alumni_album) create(:photo, photo_album: private_album) end - it { expect(described_class.publicly_visible.count).to be 2 } - it { expect(described_class.count - described_class.publicly_visible.count).to be 1 } + it { + expect(described_class.joins(:photo_album).where(photo_albums: { visibility: %w[alumni + public] }).count).to be 2 + } + + it { + expect(described_class.joins(:photo_album).where.not(photo_albums: { visibility: %w[alumni + public] }).count).to be 1 + } end describe '#extract_exif' do diff --git a/spec/policies/photo_policy_spec.rb b/spec/policies/photo_policy_spec.rb index 6d7b0a64..e9640c7e 100644 --- a/spec/policies/photo_policy_spec.rb +++ b/spec/policies/photo_policy_spec.rb @@ -1,7 +1,11 @@ require 'rails_helper' RSpec.describe PhotoPolicy, type: :policy do - subject(:policy) { described_class.new(nil, nil) } + let(:record_permission) { 'photo.read' } + let(:user) { create(:user, user_permission_list: [record_permission]) } + let(:record) { create(:photo) } + + subject(:policy) { described_class.new(user, record) } describe '#get_related_resources?' do it { expect(policy.get_related_resources?).to be true } diff --git a/spec/requests/v1/photo_albums_controller/index_spec.rb b/spec/requests/v1/photo_albums_controller/index_spec.rb index 53b58bc4..d6d3ad52 100644 --- a/spec/requests/v1/photo_albums_controller/index_spec.rb +++ b/spec/requests/v1/photo_albums_controller/index_spec.rb @@ -1,8 +1,16 @@ require 'rails_helper' describe V1::PhotoAlbumsController do + let(:user) { create(:user) } + let(:group) { create(:group, name: 'Leden') } + let(:membership) { create(:membership, user: user, group: group, start_date: 2.years.ago, end_date: nil) } + let(:records) { create_list(:photo_album, 3) } + + before do + membership + end + describe 'GET /photo_albums', version: 1 do - let(:records) { create_list(:photo_album, 3) } let(:record_url) { '/v1/photo_albums' } let(:record_permission) { 'photo_album.read' } let(:request) { get(record_url) } diff --git a/spec/requests/v1/photo_albums_controller/show_spec.rb b/spec/requests/v1/photo_albums_controller/show_spec.rb index 2af4113c..7113b2ee 100644 --- a/spec/requests/v1/photo_albums_controller/show_spec.rb +++ b/spec/requests/v1/photo_albums_controller/show_spec.rb @@ -2,15 +2,52 @@ describe V1::PhotoAlbumsController do describe 'GET /photo_albums/:id', version: 1 do - let(:record) { create(:photo_album) } - let(:record_url) { "/v1/photo_albums/#{record.id}" } let(:record_permission) { 'photo_album.read' } - subject(:request) { get(record_url) } + context 'when not publicly visible' do + let(:record) { create(:photo_album) } + let(:record_url) { "/v1/photo_albums/#{record.id}" } - it_behaves_like 'a publicly visible model' do + subject(:request) { get(record_url) } + + context 'when not authenticated' do + it_behaves_like '403 Forbidden' + end + + context 'when member' do + include_context 'when member' do + let(:user) { create(:user, user_permission_list: [record_permission]) } + end + + before do + membership + end + + it_behaves_like '200 OK' + end + end + + context 'when publicly visible' do let(:public_record) { create(:photo_album, :public) } let(:public_record_url) { "/v1/photo_albums/#{public_record.id}" } + + subject(:request) { get(public_record_url) } + + context 'when not authenticated' do + it_behaves_like '200 OK' + end + + context 'when member' do + include_context 'when member' do + let(:user) { create(:user, user_permission_list: [record_permission]) } + end + + before do + membership + end + + it_behaves_like '200 OK' + end end end end diff --git a/spec/requests/v1/photo_comments_controller/index_spec.rb b/spec/requests/v1/photo_comments_controller/index_spec.rb index 70896c6c..b75cbcaf 100644 --- a/spec/requests/v1/photo_comments_controller/index_spec.rb +++ b/spec/requests/v1/photo_comments_controller/index_spec.rb @@ -1,8 +1,16 @@ require 'rails_helper' describe V1::PhotoCommentsController do + let(:user) { create(:user) } + let(:group) { create(:group, name: 'Leden') } + let(:membership) { create(:membership, user: user, group: group, start_date: 2.years.ago, end_date: nil) } + let(:records) { create_list(:photo_comment, 3) } + + before do + membership + end + describe 'GET /photo_comments', version: 1 do - let(:records) { create_list(:photo_comment, 3) } let(:record_url) { '/v1/photo_comments' } let(:record_permission) { 'photo_comment.read' } let(:request) { get(record_url) } diff --git a/spec/requests/v1/photo_comments_controller/show_spec.rb b/spec/requests/v1/photo_comments_controller/show_spec.rb index fae8e672..1a8b2153 100644 --- a/spec/requests/v1/photo_comments_controller/show_spec.rb +++ b/spec/requests/v1/photo_comments_controller/show_spec.rb @@ -1,9 +1,17 @@ require 'rails_helper' describe V1::PhotoCommentsController do + let(:user) { create(:user) } + let(:group) { create(:group, name: 'Leden') } + let(:membership) { create(:membership, user: user, group: group, start_date: 2.years.ago, end_date: nil) } + let(:record) { create(:photo_comment) } + + before do + membership + end + describe 'GET /photo_comments/:id', version: 1 do it_behaves_like 'a permissible model' do - let(:record) { create(:photo_comment) } let(:record_url) { "/v1/photo_comments/#{record.id}" } let(:record_permission) { 'photo_comment.read' } end diff --git a/spec/requests/v1/photos_controller/get_related_resources_spec.rb b/spec/requests/v1/photos_controller/get_related_resources_spec.rb index f8877603..c5ef377f 100644 --- a/spec/requests/v1/photos_controller/get_related_resources_spec.rb +++ b/spec/requests/v1/photos_controller/get_related_resources_spec.rb @@ -3,13 +3,9 @@ describe V1::PhotosController do describe 'GET /photo-albums/:id/photos', version: 1 do let(:record) { create(:photo_album) } - let(:public_record) { create(:photo_album, :public) } let(:record_url) { "/v1/photo_albums/#{record.id}/photos" } - let(:record_permission) { 'photo_album.read' } + let(:record_permission) { 'photo.read' } - it_behaves_like 'a publicly visible model' do - let(:public_record) { create(:photo_album, :public) } - let(:public_record_url) { "/v1/photo_albums/#{public_record.id}/photos" } - end + it_behaves_like 'a permissible model' end end diff --git a/spec/requests/v1/photos_controller/index_spec.rb b/spec/requests/v1/photos_controller/index_spec.rb index 5a9b94f1..8caf1637 100644 --- a/spec/requests/v1/photos_controller/index_spec.rb +++ b/spec/requests/v1/photos_controller/index_spec.rb @@ -1,16 +1,20 @@ require 'rails_helper' describe V1::PhotosController do + let(:user) { create(:user) } + let(:group) { create(:group, name: 'Leden') } + let(:membership) { create(:membership, user: user, group: group, start_date: 2.years.ago, end_date: nil) } + let(:records) { create_list(:photo, 3) } + + before do + membership + end + describe 'GET /photos', version: 1 do - let(:records) { create_list(:photo, 3) } let(:record_url) { '/v1/photos' } let(:record_permission) { 'photo.read' } let(:request) { get(record_url) } it_behaves_like 'an indexable model' - - it_behaves_like 'a publicly visible index request' do - let(:model_name) { :photo } - end end end diff --git a/spec/requests/v1/photos_controller/show_spec.rb b/spec/requests/v1/photos_controller/show_spec.rb index 6db3e887..42c9600f 100644 --- a/spec/requests/v1/photos_controller/show_spec.rb +++ b/spec/requests/v1/photos_controller/show_spec.rb @@ -1,13 +1,19 @@ require 'rails_helper' describe V1::PhotosController do - describe 'GET /photos/:id', version: 1 do - let(:record) { create(:photo) } - let(:record_url) { "/v1/photos/#{record.id}" } - let(:public_record) { create(:photo, :public) } - let(:public_record_url) { "/v1/photos/#{public_record.id}" } - let(:record_permission) { 'photo.read' } + let(:user) { create(:user) } + let(:group) { create(:group, name: 'Leden') } + let(:membership) { create(:membership, user: user, group: group, start_date: 2.years.ago, end_date: nil) } + let(:record) { create(:photo) } + + before do + membership + end - it_behaves_like 'a publicly visible model' + describe 'GET /photos/:id', version: 1 do + it_behaves_like 'a permissible model' do + let(:record_url) { "/v1/photos/#{record.id}" } + let(:record_permission) { 'photo.read' } + end end end diff --git a/spec/support/behaviors/requests/model_with_conditionally_updatable_attributes.rb b/spec/support/behaviors/requests/model_with_conditionally_updatable_attributes.rb index 6c4e98fe..462a01b4 100644 --- a/spec/support/behaviors/requests/model_with_conditionally_updatable_attributes.rb +++ b/spec/support/behaviors/requests/model_with_conditionally_updatable_attributes.rb @@ -1,4 +1,4 @@ -shared_examples 'a model with conditionally updatable attributes' do |unrestricted_attrs, permissible_attrs, response| # rubocop:disable Layout/LineLength +shared_examples 'a model with conditionally updatable attributes' do |unrestricted_attrs, permissible_attrs, response| let(:new_attrs) do attrs = record.attributes.symbolize_keys.transform_values do |value| case value diff --git a/spec/support/contexts/requests/when_alumni.rb b/spec/support/contexts/requests/when_alumni.rb new file mode 100644 index 00000000..fc10e779 --- /dev/null +++ b/spec/support/contexts/requests/when_alumni.rb @@ -0,0 +1,10 @@ +shared_context 'when alumni' do + let(:user) { create(:user) } + let(:group) { create(:group, name: 'Leden') } + let(:membership) { create(:membership, user: user, group: group, start_date: 4.years.ago, end_date: 2.years.ago) } + let(:access_token) { Doorkeeper::AccessToken.create!(resource_owner_id: user.id) } + + before do + header('Authorization', "Bearer #{access_token.plaintext_token}") + end +end diff --git a/spec/support/contexts/requests/when_member.rb b/spec/support/contexts/requests/when_member.rb new file mode 100644 index 00000000..09cde513 --- /dev/null +++ b/spec/support/contexts/requests/when_member.rb @@ -0,0 +1,10 @@ +shared_context 'when member' do + let(:user) { create(:user) } + let(:group) { create(:group, name: 'Leden') } + let(:membership) { create(:membership, user: user, group: group, start_date: 2.years.ago, end_date: nil) } + let(:access_token) { Doorkeeper::AccessToken.create!(resource_owner_id: user.id) } + + before do + header('Authorization', "Bearer #{access_token.plaintext_token}") + end +end