Commit ae5801be authored by Mark Chao's avatar Mark Chao

Add BlobPolicy and WikiPagePolicy

Link ActiveModel Blob classes to policy
parent 213fa449
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
class Blob < SimpleDelegator class Blob < SimpleDelegator
include Presentable include Presentable
include BlobLanguageFromGitAttributes include BlobLanguageFromGitAttributes
include BlobActiveModel
CACHE_TIME = 60 # Cache raw blobs referred to by a (mutable) ref for 1 minute CACHE_TIME = 60 # Cache raw blobs referred to by a (mutable) ref for 1 minute
CACHE_TIME_IMMUTABLE = 3600 # Cache blobs referred to by an immutable reference for 1 hour CACHE_TIME_IMMUTABLE = 3600 # Cache blobs referred to by an immutable reference for 1 hour
......
# frozen_string_literal: true
# To be included in blob classes which are to be
# treated as ActiveModel.
#
# The blob class must respond_to `project`
module BlobActiveModel
extend ActiveSupport::Concern
class_methods do
def declarative_policy_class
'BlobPolicy'
end
end
def to_ability_name
'blob'
end
end
# frozen_string_literal: true # frozen_string_literal: true
class ReadmeBlob < SimpleDelegator class ReadmeBlob < SimpleDelegator
include BlobActiveModel
attr_reader :repository attr_reader :repository
def initialize(blob, repository) def initialize(blob, repository)
......
...@@ -274,6 +274,10 @@ class WikiPage ...@@ -274,6 +274,10 @@ class WikiPage
@attributes.merge!(attrs) @attributes.merge!(attrs)
end end
def to_ability_name
'wiki_page'
end
private private
# Process and format the title based on the user input. # Process and format the title based on the user input.
......
# frozen_string_literal: true
class BlobPolicy < BasePolicy
delegate { @subject.project }
rule { can?(:download_code) }.enable :read_blob
end
# frozen_string_literal: true
class WikiPagePolicy < BasePolicy
delegate { @subject.wiki.project }
rule { can?(:read_wiki) }.enable :read_wiki_page
end
...@@ -421,4 +421,21 @@ describe Blob do ...@@ -421,4 +421,21 @@ describe Blob do
end end
end end
end end
describe 'policy' do
let(:project) { build(:project) }
subject { described_class.new(fake_blob(path: 'foo'), project) }
it 'works with policy' do
expect(Ability.allowed?(project.creator, :read_blob, subject)).to be_truthy
end
context 'when project is nil' do
subject { described_class.new(fake_blob(path: 'foo')) }
it 'does not err' do
expect(Ability.allowed?(project.creator, :read_blob, subject)).to be_falsey
end
end
end
end end
# frozen_string_literal: true
require 'spec_helper'
describe ReadmeBlob do
include FakeBlobHelpers
describe 'policy' do
let(:project) { build(:project, :repository) }
subject { described_class.new(fake_blob(path: 'README.md'), project.repository) }
it 'works with policy' do
expect(Ability.allowed?(project.creator, :read_blob, subject)).to be_truthy
end
end
end
# frozen_string_literal: true
require 'spec_helper'
describe BlobPolicy do
include_context 'ProjectPolicyTable context'
include ProjectHelpers
using RSpec::Parameterized::TableSyntax
let(:project) { create(:project, :repository, project_level) }
let(:user) { create_user_from_membership(project, membership) }
let(:blob) { project.repository.blob_at(SeedRepo::FirstCommit::ID, 'README.md') }
subject(:policy) { described_class.new(user, blob) }
where(:project_level, :feature_access_level, :membership, :expected_count) do
permission_table_for_guest_feature_access_and_non_private_project_only
end
with_them do
it "grants permission" do
update_feature_access_level(project, feature_access_level)
if expected_count == 1
expect(policy).to be_allowed(:read_blob)
else
expect(policy).to be_disallowed(:read_blob)
end
end
end
end
# frozen_string_literal: true
require 'spec_helper'
describe WikiPagePolicy do
include_context 'ProjectPolicyTable context'
include ProjectHelpers
using RSpec::Parameterized::TableSyntax
let(:project) { create(:project, :wiki_repo, project_level) }
let(:user) { create_user_from_membership(project, membership) }
let(:wiki_page) { create(:wiki_page, wiki: project.wiki) }
subject(:policy) { described_class.new(user, wiki_page) }
where(:project_level, :feature_access_level, :membership, :expected_count) do
permission_table_for_guest_feature_access
end
with_them do
it "grants permission" do
update_feature_access_level(project, feature_access_level)
if expected_count == 1
expect(policy).to be_allowed(:read_wiki_page)
else
expect(policy).to be_disallowed(:read_wiki_page)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment