Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/users authorization #1

Open
wants to merge 9 commits into
base: master
from

Include Pundit into ApplicationController

This is to be able to use Pundit helpers in all our controllers.
Also, this adds the ApplicationPolicy, to use it as base.

This also adds a custom Pundit test Matcher
  • Loading branch information...
EduardoGHdez committed Mar 28, 2019
commit 8776c573238bd6ef0998da2b1bb7413e7346cd46
@@ -1,4 +1,6 @@
# frozen_string_literal: true

class ApplicationController < ActionController::Base
include Pundit
protect_from_forgery
end
@@ -0,0 +1,51 @@
# frozen_string_literal: true

class ApplicationPolicy
attr_reader :user, :record

def initialize(user, record)
@user = user
@record = record
end

def index?
false
end

def show?
false
end

def create?
false
end

def new?
create?
end

def update?
false
end

def edit?
update?
end

def destroy?
false
end

class Scope
attr_reader :user, :scope

def initialize(user, scope)
@user = user
@scope = scope
end

def resolve
scope.all
end
end
end
Copy path View file
@@ -8,8 +8,10 @@
abort('The Rails environment is running in production mode!') if Rails.env.production?
require 'rspec/rails'
# Add additional requires below this line. Rails is not loaded until this point!
require 'pundit/rspec'
require 'shoulda-matchers'
require 'support/factory_bot'
require 'support/pundit_matcher'
require 'support/shoulda_matchers'
# Requires supporting ruby files with custom matchers and macros, etc, in
# spec/support/ and its subdirectories. Files matching `spec/**/*_spec.rb` are
Copy path View file
@@ -0,0 +1,19 @@
# frozen_string_literal: true

# This matcher will help us to create nice single-line test for our Pundit policies.
# Now We are able to make test like this:
# it { should_not authorize(:create) }

RSpec::Matchers.define :authorize do |action|
match do |policy|
policy.public_send("#{action}?")
end

failure_message do |policy|
"#{policy.class} does not permit #{action} on #{policy.record} for #{policy.user.inspect}."
end

failure_message_when_negated do |policy|
"#{policy.class} does not forbid #{action} on #{policy.record} for #{policy.user.inspect}."
end
end
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.