Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #401 from alphagov/give-import-robot-all-the-permi…

…ssions

Add new "force publish anything" permission

https://www.pivotaltracker.com/story/show/46979963
  • Loading branch information...
commit 5b36b37871e0e7c19c8959b3da9bbacadd15219d 2 parents 08c54c5 + 5f0ebd0
@heathd heathd authored
View
5 app/models/user.rb
@@ -20,6 +20,7 @@ module Permissions
IMPORT = 'Import CSVs'
WORLD_WRITER = 'World Writer'
WORLD_EDITOR = 'World Editor'
+ FORCE_PUBLISH_ANYTHING = 'Force publish anything'
end
def role
@@ -60,6 +61,10 @@ def can_import?
has_permission?(Permissions::IMPORT)
end
+ def can_force_publish_anything?
+ has_permission?(Permissions::FORCE_PUBLISH_ANYTHING)
+ end
+
def organisation_name
organisation ? organisation.name : nil
end
View
8 db/data_migration/20130327153531_add_force_publish_anything_to_gds_inside_government_team.rb
@@ -0,0 +1,8 @@
+force_publish_robot_user = ForcePublisher::Worker.new.user
+if force_publish_robot_user.nil?
+ puts "User for Force Publisher is not present! - can't escalate permissions!"
+else
+ puts "Allowing User for Force Publisher (#{force_publish_robot_user.name}[#{force_publish_robot_user.id}]) to force publish anything"
+ force_publish_robot_user.permissions << User::Permissions::FORCE_PUBLISH_ANYTHING
+ force_publish_robot_user.save!
+end
View
4 lib/whitehall/authority/rules/edition_rules.rb
@@ -32,7 +32,9 @@ def valid_action?(action)
private
def can_with_an_instance?(action)
- if !can_see?
+ if actor.can_force_publish_anything? && action == :force_publish
+ return true
+ elsif !can_see?
return false
else
if actor.gds_editor?
View
10 test/unit/user_test.rb
@@ -95,6 +95,16 @@ class UserTest < ActiveSupport::TestCase
assert gds_editor.can_handle_fatalities?
end
+ test 'cannot force publish anything by default' do
+ user = build(:user)
+ refute user.can_force_publish_anything?
+ end
+
+ test 'can force publish imports if given permission' do
+ user = build(:user, permissions: [User::Permissions::FORCE_PUBLISH_ANYTHING])
+ assert user.can_force_publish_anything?
+ end
+
test 'can handle fatalities if our organisation is set to handle them' do
not_allowed = build(:user, organisation: build(:organisation, handles_fatalities: false))
refute not_allowed.can_handle_fatalities?
View
16 test/unit/whitehall/authority/department_editor_test.rb
@@ -3,7 +3,8 @@
class DepartmentEditorTest < ActiveSupport::TestCase
def department_editor(id = 1)
- OpenStruct.new(id: id, gds_editor?: false, departmental_editor?: true, organisation: nil)
+ OpenStruct.new(id: id, gds_editor?: false, departmental_editor?: true,
+ organisation: nil, can_force_publish_anything?: false)
end
include AuthorityTestHelper
@@ -45,7 +46,7 @@ def department_editor(id = 1)
user.stubs(:organisation).returns(org1)
edition = limited_edition([org2])
enforcer = enforcer_for(user, edition)
-
+
Whitehall::Authority::Rules::EditionRules.actions.each do |action|
refute enforcer.can?(action)
end
@@ -83,6 +84,17 @@ def department_editor(id = 1)
assert enforcer_for(department_editor, normal_edition).can?(:force_publish)
end
+ test 'can force publish a limited access edition outside their org if they can_force_publish_anything?' do
+ org1 = 'organisation_1'
+ org2 = 'organisation_2'
+ user = department_editor
+ user.stubs(:organisation).returns(org1)
+ user.stubs(:can_force_publish_anything?).returns(true)
+ edition = limited_edition([org2])
+
+ assert enforcer_for(user, edition).can?(:force_publish)
+ end
+
test 'can make editorial remarks' do
assert enforcer_for(department_editor, normal_edition).can?(:make_editorial_remark)
end
View
24 test/unit/whitehall/authority/department_writer_test.rb
@@ -3,7 +3,9 @@
class DepartmentWriterTest < ActiveSupport::TestCase
def department_writer(id = 1)
- OpenStruct.new(id: id, department_writer?: false, departmental_editor?: false, organisation: nil)
+ OpenStruct.new(id: id, gds_editor?: false,
+ departmental_editor?: false, organisation: nil,
+ can_force_publish_anything?: false)
end
include AuthorityTestHelper
@@ -45,7 +47,7 @@ def department_writer(id = 1)
user.stubs(:organisation).returns(org1)
edition = limited_edition([org2])
enforcer = enforcer_for(user, edition)
-
+
Whitehall::Authority::Rules::EditionRules.actions.each do |action|
refute enforcer.can?(action)
end
@@ -83,6 +85,24 @@ def department_writer(id = 1)
refute enforcer_for(department_writer, normal_edition).can?(:force_publish)
end
+ test 'can force publish an edition if they can_force_publish_anything?' do
+ user = department_writer
+ user.stubs(:can_force_publish_anything?).returns(true)
+
+ assert enforcer_for(user, normal_edition).can?(:force_publish)
+ end
+
+ test 'can force publish a limited access edition outside their org if they can_force_publish_anything?' do
+ org1 = 'organisation_1'
+ org2 = 'organisation_2'
+ user = department_writer
+ user.stubs(:organisation).returns(org1)
+ user.stubs(:can_force_publish_anything?).returns(true)
+ edition = limited_edition([org2])
+
+ assert enforcer_for(user, edition).can?(:force_publish)
+ end
+
test 'can make editorial remarks' do
assert enforcer_for(department_writer, normal_edition).can?(:make_editorial_remark)
end
View
16 test/unit/whitehall/authority/gds_editor_test.rb
@@ -3,7 +3,8 @@
class GDSEditorTest < ActiveSupport::TestCase
def gds_editor(id = 1)
- OpenStruct.new(id: id, gds_editor?: true, organisation: nil)
+ OpenStruct.new(id: id, gds_editor?: true, organisation: nil,
+ can_force_publish_anything?: false)
end
include AuthorityTestHelper
@@ -45,7 +46,7 @@ def gds_editor(id = 1)
user.stubs(:organisation).returns(org1)
edition = limited_edition([org2])
enforcer = enforcer_for(user, edition)
-
+
Whitehall::Authority::Rules::EditionRules.actions.each do |action|
refute enforcer.can?(action)
end
@@ -93,6 +94,17 @@ def gds_editor(id = 1)
assert enforcer_for(me, normal_edition(me)).can?(:force_publish)
end
+ test 'can force publish a limited access edition outside their org if they can_force_publish_anything?' do
+ org1 = 'organisation_1'
+ org2 = 'organisation_2'
+ user = gds_editor
+ user.stubs(:organisation).returns(org1)
+ user.stubs(:can_force_publish_anything?).returns(true)
+ edition = limited_edition([org2])
+
+ assert enforcer_for(user, edition).can?(:force_publish)
+ end
+
test 'can make editorial remarks' do
assert enforcer_for(gds_editor, normal_edition).can?(:make_editorial_remark)
end
View
33 test/unit/whitehall/authority/world_editor_test.rb
@@ -5,7 +5,8 @@ class WorldEditorTest < ActiveSupport::TestCase
def world_editor(world_locations, id = 1)
OpenStruct.new(id: id, gds_editor?: false,
departmental_editor?: false, world_editor?: true,
- organisation: nil, world_locations: world_locations || [])
+ organisation: nil, can_force_publish_anything?: false,
+ world_locations: world_locations || [])
end
include AuthorityTestHelper
@@ -114,6 +115,36 @@ def world_editor(world_locations, id = 1)
assert enforcer_for(user, edition).can?(:force_publish)
end
+ test 'can force publish an edition not about their location if they can_force_publish_anything?' do
+ user = world_editor(['hat land', 'tie land'])
+ user.stubs(:can_force_publish_anything?).returns(true)
+ edition = with_locations(normal_edition, ['shirt land', 'hat land'])
+
+ assert enforcer_for(user, edition).can?(:force_publish)
+ end
+
+ test 'can force publish an edition about their location that is limited to another org if they can_force_publish_anything?' do
+ org1 = 'organisation_1'
+ org2 = 'organisation_2'
+ user = world_editor(['hat land', 'tie land'])
+ user.stubs(:organisation).returns(org1)
+ user.stubs(:can_force_publish_anything?).returns(true)
+ edition = with_locations(limited_edition([org2]), ['shirt land', 'hat land'])
+
+ assert enforcer_for(user, edition).can?(:force_publish)
+ end
+
+ test 'can force publish a limited access edition outside their location and org if they can_force_publish_anything?' do
+ org1 = 'organisation_1'
+ org2 = 'organisation_2'
+ user = world_editor(['hat land', 'tie land'])
+ user.stubs(:organisation).returns(org1)
+ user.stubs(:can_force_publish_anything?).returns(true)
+ edition = with_locations(limited_edition([org2]), ['shirt land'])
+
+ assert enforcer_for(user, edition).can?(:force_publish)
+ end
+
test 'can make editorial remarks that is about their location and not access limited' do
user = world_editor(['hat land', 'tie land'])
edition = with_locations(normal_edition, ['shirt land', 'hat land'])
View
31 test/unit/whitehall/authority/world_writer_test.rb
@@ -6,6 +6,7 @@ def world_writer(world_locations, id = 1)
OpenStruct.new(id: id, gds_editor?: false,
departmental_editor?: false, world_editor?: false,
world_writer?: true, organisation: nil,
+ can_force_publish_anything?: false,
world_locations: world_locations || [])
end
@@ -115,6 +116,36 @@ def world_writer(world_locations, id = 1)
refute enforcer_for(user, edition).can?(:force_publish)
end
+ test 'can force publish an edition not about their location if they can_force_publish_anything?' do
+ user = world_writer(['hat land', 'tie land'])
+ user.stubs(:can_force_publish_anything?).returns(true)
+ edition = with_locations(normal_edition, ['shirt land', 'hat land'])
+
+ assert enforcer_for(user, edition).can?(:force_publish)
+ end
+
+ test 'can force publish an edition about their location that is limited to another org if they can_force_publish_anything?' do
+ org1 = 'organisation_1'
+ org2 = 'organisation_2'
+ user = world_writer(['hat land', 'tie land'])
+ user.stubs(:organisation).returns(org1)
+ user.stubs(:can_force_publish_anything?).returns(true)
+ edition = with_locations(limited_edition([org2]), ['shirt land', 'hat land'])
+
+ assert enforcer_for(user, edition).can?(:force_publish)
+ end
+
+ test 'can force publish a limited access edition outside their location and org if they can_force_publish_anything?' do
+ org1 = 'organisation_1'
+ org2 = 'organisation_2'
+ user = world_writer(['hat land', 'tie land'])
+ user.stubs(:organisation).returns(org1)
+ user.stubs(:can_force_publish_anything?).returns(true)
+ edition = with_locations(limited_edition([org2]), ['shirt land'])
+
+ assert enforcer_for(user, edition).can?(:force_publish)
+ end
+
test 'can make editorial remarks that is about their location and not access limited' do
user = world_writer(['hat land', 'tie land'])
edition = with_locations(normal_edition, ['shirt land', 'hat land'])

0 comments on commit 5b36b37

Please sign in to comment.
Something went wrong with that request. Please try again.