Skip to content

Commit 83f5699

Browse files
dadachidadachi
committed
Broaden ShopPolicy to admin || member per collaborative model
The substrate v2 design (overview §2.1 table) grants create_shops, update_shops, and delete_shops to both admin and member tiers. Pre-refactor policy was stricter than the design called for: - create? required owner? (so even non-owner admins couldn't create) - update? required admin? (so members couldn't update) - destroy? delegated to create? (so only owner could destroy) Aligned with the design and with ItemTagPolicy's pattern. Tests rewritten — two old assertions inverted (non-owner admin can now create; member can now update), and two read-only true-for-all tests specialised into admin and member variants for symmetry.
1 parent 3c223c6 commit 83f5699

2 files changed

Lines changed: 49 additions & 45 deletions

File tree

app/policies/api/shopkeeper/shop_policy.rb

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,22 +2,22 @@ class Api::Shopkeeper::ShopPolicy < Api::Shopkeeper::BasePolicy
22
include Api::Shopkeeper::Concerns::Authorization
33

44
def index?
5-
true
5+
admin? || member?
66
end
77

8-
def create?
9-
owner?
8+
def show?
9+
admin? || member?
1010
end
1111

12-
def show?
13-
true
12+
def create?
13+
admin? || member?
1414
end
1515

1616
def update?
17-
admin?
17+
admin? || member?
1818
end
1919

2020
def destroy?
21-
create?
21+
admin? || member?
2222
end
2323
end

test/policies/api/shopkeeper/shop_policy_test.rb

Lines changed: 42 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -8,62 +8,66 @@ def setup
88
@shop = @account.shops.first
99
end
1010

11-
test "index? returns true for all users" do
12-
accounts_shopkeeper = @account.accounts_shopkeepers.first
13-
policy = Api::Shopkeeper::ShopPolicy.new(accounts_shopkeeper, @shop)
11+
def admin_accounts_shopkeeper
12+
@account.accounts_shopkeepers.first.tap { |as| as.update!(admin: true) }
13+
end
14+
15+
def member_accounts_shopkeeper
16+
other_shopkeeper = shopkeepers(:two)
17+
AccountsShopkeeper.create!(
18+
account: @account,
19+
shopkeeper: other_shopkeeper,
20+
member: true
21+
)
22+
end
23+
24+
test "index? returns true for admin" do
25+
policy = Api::Shopkeeper::ShopPolicy.new(admin_accounts_shopkeeper, @shop)
1426
assert policy.index?
1527
end
1628

17-
test "show? returns true for all users" do
18-
accounts_shopkeeper = @account.accounts_shopkeepers.first
19-
policy = Api::Shopkeeper::ShopPolicy.new(accounts_shopkeeper, @shop)
29+
test "index? returns true for member" do
30+
policy = Api::Shopkeeper::ShopPolicy.new(member_accounts_shopkeeper, @shop)
31+
assert policy.index?
32+
end
33+
34+
test "show? returns true for admin" do
35+
policy = Api::Shopkeeper::ShopPolicy.new(admin_accounts_shopkeeper, @shop)
2036
assert policy.show?
2137
end
2238

23-
test "create? returns true for account owner" do
24-
accounts_shopkeeper = @account.accounts_shopkeepers.first
25-
assert accounts_shopkeeper.account_owner?
39+
test "show? returns true for member" do
40+
policy = Api::Shopkeeper::ShopPolicy.new(member_accounts_shopkeeper, @shop)
41+
assert policy.show?
42+
end
2643

27-
policy = Api::Shopkeeper::ShopPolicy.new(accounts_shopkeeper, @shop)
44+
test "create? returns true for admin" do
45+
policy = Api::Shopkeeper::ShopPolicy.new(admin_accounts_shopkeeper, @shop)
2846
assert policy.create?
2947
end
3048

31-
test "create? returns false for non-owner" do
32-
other_shopkeeper = shopkeepers(:two)
33-
accounts_shopkeeper = AccountsShopkeeper.create!(
34-
account: @account,
35-
shopkeeper: other_shopkeeper,
36-
admin: true
37-
)
38-
assert_not accounts_shopkeeper.account_owner?
39-
40-
policy = Api::Shopkeeper::ShopPolicy.new(accounts_shopkeeper, @shop)
41-
assert_not policy.create?
49+
test "create? returns true for member" do
50+
policy = Api::Shopkeeper::ShopPolicy.new(member_accounts_shopkeeper, @shop)
51+
assert policy.create?
4252
end
4353

4454
test "update? returns true for admin" do
45-
accounts_shopkeeper = @account.accounts_shopkeepers.first
46-
accounts_shopkeeper.update!(admin: true)
47-
48-
policy = Api::Shopkeeper::ShopPolicy.new(accounts_shopkeeper, @shop)
55+
policy = Api::Shopkeeper::ShopPolicy.new(admin_accounts_shopkeeper, @shop)
4956
assert policy.update?
5057
end
5158

52-
test "update? returns false for non-admin" do
53-
other_shopkeeper = shopkeepers(:two)
54-
accounts_shopkeeper = AccountsShopkeeper.create!(
55-
account: @account,
56-
shopkeeper: other_shopkeeper,
57-
member: true
58-
)
59+
test "update? returns true for member" do
60+
policy = Api::Shopkeeper::ShopPolicy.new(member_accounts_shopkeeper, @shop)
61+
assert policy.update?
62+
end
5963

60-
policy = Api::Shopkeeper::ShopPolicy.new(accounts_shopkeeper, @shop)
61-
assert_not policy.update?
64+
test "destroy? returns true for admin" do
65+
policy = Api::Shopkeeper::ShopPolicy.new(admin_accounts_shopkeeper, @shop)
66+
assert policy.destroy?
6267
end
6368

64-
test "destroy? delegates to create?" do
65-
accounts_shopkeeper = @account.accounts_shopkeepers.first
66-
policy = Api::Shopkeeper::ShopPolicy.new(accounts_shopkeeper, @shop)
67-
assert_equal policy.create?, policy.destroy?
69+
test "destroy? returns true for member" do
70+
policy = Api::Shopkeeper::ShopPolicy.new(member_accounts_shopkeeper, @shop)
71+
assert policy.destroy?
6872
end
6973
end

0 commit comments

Comments
 (0)