Fix specs

opf · May 22, 2024 · ec056a3 · ec056a3
1 parent 070fe4f
commit ec056a3
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 1 deletion.
diff --git a/app/contracts/queries/projects/project_queries/base_contract.rb b/app/contracts/queries/projects/project_queries/base_contract.rb
@@ -43,11 +43,18 @@ def self.model
 
     validate :name_select_included
     validate :existing_selects
+    validate :user_is_logged_in
     validate :allowed_to_modify_private_query
     validate :allowed_to_modify_public_query
 
     protected
 
+    def user_is_logged_in
+      if !user.logged?
+        errors.add :base, :error_unauthorized
+      end
+    end
+
     def allowed_to_modify_private_query
       return if model.public?
 

diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -991,6 +991,8 @@ Project attributes and sections are defined in the <a href=%{admin_settings_url}
               nonexistent: "The column '%{column}' does not exist."
               format: "%{message}"
           group_by_hierarchies_exclusive: "is mutually exclusive with group by '%{group_by}'. You cannot activate both."
+          can_only_be_modified_by_owner: "The query can only be modified by its owner."
+          need_permission_to_modify_public_query: "You cannot modify a public query."
           filters:
             custom_fields:
               inexistent: "There is no custom field for the filter."

diff --git a/spec/contracts/queries/projects/project_queries/shared_contract_examples.rb b/spec/contracts/queries/projects/project_queries/shared_contract_examples.rb
@@ -55,7 +55,51 @@
     context "if the user is not the current user" do
       let(:query_user) { build_stubbed(:user) }
 
-      it_behaves_like "contract is invalid", base: :error_unauthorized
+      it_behaves_like "contract is invalid", base: :can_only_be_modified_by_owner
+    end
+
+    context "if the list is public and the editing user has the permission" do
+      let(:query_user) { build_stubbed(:user) }
+
+      before do
+        query.change_by_system do
+          query.public = true
+        end
+
+        mock_permissions_for(current_user) do |mock|
+          mock.allow_globally :manage_public_project_queries
+        end
+      end
+
+      it_behaves_like "contract is valid"
+    end
+
+    context "if the list is public and the editing user does not have the permission" do
+      let(:query_user) { build_stubbed(:user) }
+
+      before do
+        query.change_by_system do
+          query.public = true
+        end
+
+        mock_permissions_for(current_user, &:forbid_everything)
+      end
+
+      it_behaves_like "contract is invalid", base: :need_permission_to_modify_public_query
+    end
+
+    context "if the list is public and the editing user does not have the permission, even if they are the owner" do
+      let(:query_user) { current_user }
+
+      before do
+        query.change_by_system do
+          query.public = true
+        end
+
+        mock_permissions_for(current_user, &:forbid_everything)
+      end
+
+      it_behaves_like "contract is invalid", base: :need_permission_to_modify_public_query
     end
 
     context "if the user and the current user is anonymous" do