Merge pull request #14909 from danidoni/add-report-specs

Add report specs
openSUSE · Sep 15, 2023 · 0db94dd · 0db94dd
2 parents 74f3178 + 2c7afdf
commit 0db94dd
Show file tree

Hide file tree

Showing 3 changed files with 116 additions and 16 deletions.
diff --git a/src/api/app/policies/report_policy.rb b/src/api/app/policies/report_policy.rb
@@ -1,14 +1,4 @@
 class ReportPolicy < ApplicationPolicy
-  attr_reader :user, :record, :reportable
-
-  def initialize(user, record)
-    super(user, record)
-
-    @user = user
-    @record = record
-    @reportable = record.reportable
-  end
-
   def show?
     user.is_admin? || record.user == user
   end
@@ -17,18 +7,18 @@ def create?
     return false unless Flipper.enabled?(:content_moderation, user)
 
     # We don't want reports twice...
-    return false if user.submitted_reports.where(reportable: reportable).any?
+    return false if user.submitted_reports.where(reportable: record.reportable).any?
 
     # We don't want reports for things you can change yourself...
-    case reportable.class.name
+    case record.reportable_type
     when 'Package'
-      !PackagePolicy.new(user, reportable).update?
+      !PackagePolicy.new(user, record.reportable).update?
     when 'Project'
-      !ProjectPolicy.new(user, reportable).update?
+      !ProjectPolicy.new(user, record.reportable).update?
     when 'Comment'
-      !CommentPolicy.new(user, reportable).update?
+      !CommentPolicy.new(user, record.reportable).update?
     when 'User'
-      !UserPolicy.new(user, reportable).update?
+      !UserPolicy.new(user, record.reportable).update?
     end
   end
 end
diff --git a/src/api/spec/factories/reports.rb b/src/api/spec/factories/reports.rb
@@ -0,0 +1,6 @@
+FactoryBot.define do
+  factory :report do
+    user
+    reportable { association :comment_package }
+  end
+end
diff --git a/src/api/spec/policies/report_policy_spec.rb b/src/api/spec/policies/report_policy_spec.rb
@@ -0,0 +1,104 @@
+require 'rails_helper'
+
+RSpec.describe ReportPolicy, type: :policy do
+  subject { ReportPolicy }
+
+  let(:user) { create(:confirmed_user) }
+
+  permissions :show? do
+    context 'when the current user is the owner of the report' do
+      let(:report) { create(:report, user: user) }
+
+      it { is_expected.to permit(user, report) }
+    end
+
+    context 'when the current user is an admin' do
+      let(:admin) { create(:admin_user) }
+      let(:report) { create(:report) }
+
+      it { is_expected.to permit(admin, report) }
+    end
+
+    context 'when the current user is not the owner of the report' do
+      let(:report) { create(:report) }
+
+      it { is_expected.not_to permit(user, report) }
+    end
+  end
+
+  permissions :create? do
+    before do
+      Flipper.enable(:content_moderation, user)
+    end
+
+    context 'when the current user has already reported it' do
+      let(:reported_comment) { create(:comment_package) }
+      let(:report) { build(:report, user: user, reportable: reported_comment) }
+
+      before do
+        create(:report, user: user, reportable: reported_comment)
+      end
+
+      it { is_expected.not_to(permit(user, report)) }
+    end
+
+    context 'when the current user can change the reportable' do
+      context 'when reporting a comment' do
+        let(:reported_comment) { create(:comment_package, user: user) }
+        let(:report) { build(:report, user: user, reportable: reported_comment) }
+
+        it { is_expected.not_to(permit(user, report)) }
+      end
+
+      context 'when reporting a package' do
+        let(:reported_package) { create(:package_with_maintainer, maintainer: user) }
+        let(:report) { build(:report, user: user, reportable: reported_package) }
+
+        it { is_expected.not_to(permit(user, report)) }
+      end
+
+      context 'when reporting a project' do
+        let(:reported_project) { create(:project, maintainer: user) }
+        let(:report) { build(:report, user: user, reportable: reported_project) }
+
+        it { is_expected.not_to(permit(user, report)) }
+      end
+
+      context 'when reporting a user' do
+        let(:report) { build(:report, user: user, reportable: user) }
+
+        it { is_expected.not_to(permit(user, report)) }
+      end
+    end
+
+    context 'when the current user can not change the reportable' do
+      context 'when reporting a comment' do
+        let(:comment) { create(:comment_package) }
+        let(:report) { build(:report, user: user, reportable: comment) }
+
+        it { is_expected.to permit(user, report) }
+      end
+
+      context 'when reporting a package' do
+        let(:reported_package) { create(:package) }
+        let(:report) { build(:report, user: user, reportable: reported_package) }
+
+        it { is_expected.to permit(user, report) }
+      end
+
+      context 'when reporting a project' do
+        let(:reported_project) { create(:project) }
+        let(:report) { build(:report, user: user, reportable: reported_project) }
+
+        it { is_expected.to permit(user, report) }
+      end
+
+      context 'when reporting a user' do
+        let(:reported_user) { create(:confirmed_user) }
+        let(:report) { build(:report, user: user, reportable: reported_user) }
+
+        it { is_expected.to permit(user, report) }
+      end
+    end
+  end
+end