Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Maintenance: Refactored attachment handling
(cherry picked from commit 26f7a45e9b6457985bed2157447977801923d29e)
- Loading branch information
Showing
8 changed files
with
248 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/ | ||
|
||
class Controllers::AttachmentsControllerPolicy < Controllers::ApplicationControllerPolicy | ||
def show? | ||
store_object_policy(store_object_owner)&.show? | ||
end | ||
|
||
def destroy? | ||
store_object_policy(store_object_owner)&.destroy? | ||
end | ||
|
||
def user_required? | ||
false | ||
end | ||
|
||
def custom_exception | ||
ActiveRecord::RecordNotFound.new | ||
end | ||
|
||
private | ||
|
||
def download_file | ||
record.send(:download_file) | ||
end | ||
|
||
def store_object_class | ||
download_file | ||
&.store_object | ||
&.name | ||
&.safe_constantize | ||
end | ||
|
||
def store_object_policy(target) | ||
Pundit.policy user, target | ||
end | ||
|
||
def store_object_owner | ||
store_object_class | ||
&.find download_file.o_id | ||
end | ||
end |
18 changes: 12 additions & 6 deletions
18
app/policies/knowledge_base/answer/translation/content_policy.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,20 @@ | ||
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/ | ||
|
||
class KnowledgeBase::Answer::Translation::ContentPolicy < ApplicationPolicy | ||
def show? | ||
return true if user&.permissions?(%w[knowledge_base.editor]) | ||
delegate :show?, to: :parent_answer_policy | ||
delegate :destroy?, to: :parent_answer_policy | ||
|
||
record.translation.answer.visible? || | ||
(user&.permissions?(%w[knowledge_base.reader]) && record.translation.answer.visible_internally?) | ||
def user_required? | ||
false | ||
end | ||
|
||
def destroy? | ||
user&.permissions?(%w[knowledge_base.editor]) | ||
private | ||
|
||
def parent_answer_policy | ||
Pundit.policy user, parent_answer | ||
end | ||
|
||
def parent_answer | ||
record.translation.answer | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -24,6 +24,10 @@ def destroy? | |
access_editor? | ||
end | ||
|
||
def user_required? | ||
false | ||
end | ||
|
||
private | ||
|
||
def access | ||
|
70 changes: 70 additions & 0 deletions
70
spec/policies/controllers/attachments_controller_policy_spec.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/ | ||
|
||
require 'rails_helper' | ||
|
||
describe Controllers::AttachmentsControllerPolicy do | ||
subject { described_class.new(user, record) } | ||
|
||
include_context 'basic Knowledge Base' | ||
|
||
let(:record_class) { AttachmentsController } | ||
let(:object) { create(:knowledge_base_answer, visibility, :with_attachment, category: category) } | ||
let(:params) { { id: object.attachments.first.id } } | ||
|
||
let(:record) do | ||
rec = record_class.new | ||
# rec.action_name = action_name | ||
rec.params = params | ||
|
||
rec | ||
end | ||
|
||
context 'with no user' do | ||
let(:user) { nil } | ||
|
||
context 'with published object' do | ||
let(:visibility) { :published } | ||
|
||
it { is_expected.to permit_actions :show } | ||
it { is_expected.to forbid_actions :destroy } | ||
end | ||
|
||
context 'with private object' do | ||
let(:visibility) { :internal } | ||
|
||
it { is_expected.to forbid_actions :show, :destroy } | ||
end | ||
end | ||
|
||
context 'with a user' do | ||
context 'with full access' do | ||
let(:user) { create :admin } | ||
let(:visibility) { :published } | ||
|
||
it { is_expected.to permit_actions :show, :destroy } | ||
end | ||
|
||
context 'with limited access' do | ||
let(:user) { create :agent } | ||
let(:visibility) { :internal } | ||
|
||
it { is_expected.to permit_actions :show } | ||
it { is_expected.to forbid_actions :destroy } | ||
end | ||
|
||
context 'with no access' do | ||
let(:user) { create :agent } | ||
let(:visibility) { :draft } | ||
|
||
it { is_expected.to forbid_actions :show, :destroy } | ||
end | ||
|
||
context 'with object that does not have a policy' do | ||
let(:file) { create :store_image, object: 'NonExistingObject' } | ||
let(:params) { { id: file.id } } | ||
let(:user) { create :admin } | ||
|
||
it { is_expected.to forbid_actions :show, :destroy } | ||
end | ||
end | ||
end |
61 changes: 61 additions & 0 deletions
61
spec/policies/knowledge_base/answer/translation/content_policy_spec.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/ | ||
|
||
require 'rails_helper' | ||
|
||
describe KnowledgeBase::Answer::Translation::ContentPolicy do | ||
subject(:policy) { described_class.new(user, record) } | ||
|
||
include_context 'basic Knowledge Base' | ||
|
||
let(:record) { answer.translation.content } | ||
|
||
context 'without user' do | ||
let(:user) { nil } | ||
|
||
context 'with a public answer' do | ||
let(:answer) { published_answer } | ||
|
||
it { is_expected.to permit_actions :show } | ||
it { is_expected.to forbid_actions :destroy } | ||
end | ||
|
||
context 'with a non public answer' do | ||
let(:answer) { internal_answer } | ||
|
||
it { is_expected.to forbid_actions :show, :destroy } | ||
end | ||
end | ||
|
||
context 'with kb editor' do | ||
let(:user) { create(:admin) } | ||
|
||
context 'with an internal answer' do | ||
let(:answer) { internal_answer } | ||
|
||
it { is_expected.to permit_actions :show, :destroy } | ||
end | ||
|
||
context 'with a draft answer' do | ||
let(:answer) { draft_answer } | ||
|
||
it { is_expected.to permit_actions :show, :destroy } | ||
end | ||
end | ||
|
||
context 'with kb reader' do | ||
let(:user) { create(:agent) } | ||
|
||
context 'with an internal answer' do | ||
let(:answer) { internal_answer } | ||
|
||
it { is_expected.to permit_action :show } | ||
it { is_expected.to forbid_action :destroy } | ||
end | ||
|
||
context 'with a draft answer' do | ||
let(:answer) { draft_answer } | ||
|
||
it { is_expected.to forbid_actions :show, :destroy } | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/ | ||
|
||
require 'rails_helper' | ||
|
||
RSpec.describe AttachmentsController, type: :request do | ||
include_context 'basic Knowledge Base' | ||
|
||
let(:object) { create(:knowledge_base_answer, :draft, :with_attachment, category: category) } | ||
let(:attachment_id) { object.attachments.first.id } | ||
|
||
describe '#show' do | ||
it 'returns 404 when does not exist' do | ||
get '/api/v1/attachments/123' | ||
|
||
expect(response).to have_http_status(:not_found) | ||
end | ||
|
||
it 'returns 404 when no access', authenticated_as: -> { create(:agent) } do | ||
get "/api/v1/attachments/#{attachment_id}" | ||
|
||
expect(response).to have_http_status(:not_found) | ||
end | ||
|
||
it 'returns ok on success', authenticated_as: -> { create(:admin) } do | ||
get "/api/v1/attachments/#{attachment_id}" | ||
|
||
expect(response).to have_http_status(:ok) | ||
end | ||
end | ||
|
||
describe '#destroy' do | ||
it 'returns 404 when does not exist' do | ||
delete '/api/v1/attachments/123' | ||
|
||
expect(response).to have_http_status(:not_found) | ||
end | ||
|
||
it 'returns 404 when no access', authenticated_as: -> { create(:agent) } do | ||
delete "/api/v1/attachments/#{attachment_id}" | ||
|
||
expect(response).to have_http_status(:not_found) | ||
end | ||
|
||
it 'returns ok on success', authenticated_as: -> { create(:admin) } do | ||
delete "/api/v1/attachments/#{attachment_id}" | ||
|
||
expect(response).to have_http_status(:ok) | ||
end | ||
end | ||
end |