Permits all users to view all batches and batch objects (DDR-281) (#1800

) * Permits all users to view all batches and batch objects (DDR-281)
duke-libraries · Dec 5, 2016 · 0a2a546 · 0a2a546
1 parent 24c3797
commit 0a2a546
Show file tree

Hide file tree

Showing 10 changed files with 93 additions and 15 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -5,7 +5,7 @@ before_install:
   - sudo apt-get install -qq libvips-dev
   - gem install bundler
 rvm:
-  - 2.1.3
+  - 2.1.5
 before_script:
   - "cp config/log4r.yml.sample config/log4r.yml"
 cache: bundler

diff --git a/app/controllers/batch_objects_controller.rb b/app/controllers/batch_objects_controller.rb
@@ -2,9 +2,6 @@ class BatchObjectsController < ApplicationController
 
   load_and_authorize_resource :class => Ddr::Batch::BatchObject
 
-  def index
-  end
-
   def show
   end
 

diff --git a/app/helpers/batches_helper.rb b/app/helpers/batches_helper.rb
@@ -81,8 +81,7 @@ def render_link_to_batch_with_name(batch)
     end
 
     def render_batch_delete_link(batch)
-      case batch.status
-      when nil, Ddr::Batch::Batch::STATUS_READY, Ddr::Batch::Batch::STATUS_VALIDATED, Ddr::Batch::Batch::STATUS_INVALID
+      if can?(:destroy, batch) && [nil, Ddr::Batch::Batch::STATUS_READY, Ddr::Batch::Batch::STATUS_VALIDATED, Ddr::Batch::Batch::STATUS_INVALID].include?(batch.status)
         link_to content_tag(:span, "", :class => "glyphicon glyphicon-trash"), {:action => 'destroy', :id => batch}, :method => 'delete', :id => "batch_delete_#{batch.id}", :data => { :confirm => "#{t('batch.web.batch_deletion_confirmation', batch_id: batch.id)}" }
       end
     end

diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -1,7 +1,7 @@
 class Ability < Ddr::Auth::Ability
 
   self.ability_definitions += [ DulHydra::AliasAbilityDefinitions,
-                                Ddr::Batch::BatchAbilityDefinitions,
+                                DulHydra::BatchAbilityDefinitions,
                                 DulHydra::ExportSetAbilityDefinitions,
                                 DulHydra::MetadataFileAbilityDefinitions,
                                 DulHydra::IngestFolderAbilityDefinitions,

diff --git a/app/views/batches/_batches.html.erb b/app/views/batches/_batches.html.erb
@@ -7,7 +7,7 @@
     <table class="table table-bordered table-striped table-condensed">
       <thead>
         <tr>
-          <th scope="col"></th>
+          <th scope="col">&nbsp;</th>
           <th scope="col">ID</th>
           <th scope="col">Action</th>
           <th scope="col">Status</th>
@@ -18,9 +18,7 @@
           <th scope="col">Start</th>
           <th scope="col">Outcome</th>
           <th scope="col">Log</th>
-          <% if acting_as_superuser? %>
-              <th scope="col">User</th>
-          <% end %>
+          <th scope="col">User</th>
         </tr>
       </thead>
       <tbody>
@@ -37,9 +35,7 @@
             <td><%= b.start.nil? ? '--' : b.start.getlocal.strftime("%Y-%m-%d %H:%M:%S") %></td>
             <td><%= b.outcome.nil? ? '--' : b.outcome %></td>
             <td><%= b.logfile_file_name.nil? ? '--' : link_to(I18n.t('batch.web.column_names.log'), b.logfile.url) %></td>
-            <% if acting_as_superuser? %>
-                <td><%= b.user.nil? ? '--' : b.user.user_key %></td>
-            <% end %>
+            <td><%= b.user.nil? ? '--' : b.user.user_key %></td>
           </tr>
         <% end %>
       </tbody>

diff --git a/config/routes.rb b/config/routes.rb
@@ -124,7 +124,6 @@ def repository_content_resource name
       get 'procezz'
       get 'validate'
     end
-    resources :batch_objects, :only => :index
   end
 
   resources :batch_objects, :only => :show do

diff --git a/lib/dul_hydra/ability_definitions/batch_ability_definitions.rb b/lib/dul_hydra/ability_definitions/batch_ability_definitions.rb
@@ -0,0 +1,13 @@
+module DulHydra
+  class BatchAbilityDefinitions < Ddr::Auth::AbilityDefinitions
+
+    def call
+      can :read, [ Ddr::Batch::Batch, Ddr::Batch::BatchObject ] if authenticated?
+      can :manage, Ddr::Batch::Batch, user: user
+      can :manage, Ddr::Batch::BatchObject do |batch_object|
+        batch_object.batch.user == user
+      end
+    end
+
+  end
+end
diff --git a/spec/controllers/batch_objects_controller_spec.rb b/spec/controllers/batch_objects_controller_spec.rb
@@ -0,0 +1,13 @@
+RSpec.describe BatchObjectsController, type: :controller do
+
+  describe "#show" do
+    let(:batch) { FactoryGirl.create(:batch_with_basic_update_batch_object) }
+    let(:user) { FactoryGirl.create(:user) }
+    before { sign_in user }
+    specify {
+      get :show, id: batch.batch_objects.first
+      expect(response.response_code).to eq(200)
+    }
+  end
+
+end
diff --git a/spec/controllers/batches_controller_spec.rb b/spec/controllers/batches_controller_spec.rb
@@ -18,6 +18,30 @@
     end
   end
 
+  describe "#index" do
+    let!(:my_batch) { FactoryGirl.create(:batch) }
+    let(:user) { FactoryGirl.create(:user) }
+    before {
+      sign_in user
+    }
+    it "lists my batch for others users" do
+      get :index
+      expect(assigns(:batches).size).to eq(1)
+    end
+  end
+
+  describe "#show" do
+    let(:my_batch) { FactoryGirl.create(:batch) }
+    let(:user) { FactoryGirl.create(:user) }
+    before {
+      sign_in user
+    }
+    it "renders my batch for other users" do
+      get :show, id: my_batch
+      expect(response.response_code).to eq(200)
+    end
+  end
+
   describe "#destroy" do
     let(:batch) { FactoryGirl.create(:batch_with_basic_ingest_batch_objects) }
     before { sign_in batch.user }

diff --git a/spec/lib/dul_hydra/ability_definitions/batch_ability_definitions_spec.rb b/spec/lib/dul_hydra/ability_definitions/batch_ability_definitions_spec.rb
@@ -0,0 +1,37 @@
+require 'cancan/matchers'
+
+module DulHydra
+  RSpec.describe BatchAbilityDefinitions do
+
+    subject { described_class.call(ability) }
+
+    let(:ability) { FactoryGirl.build(:abstract_ability) }
+
+    describe "Batch permissions" do
+      let(:batch) { FactoryGirl.create(:batch) }
+      describe "when the user is the creator of the batch" do
+        before { allow(ability).to receive(:user) { batch.user } }
+        it { is_expected.to be_able_to(:manage, batch) }
+      end
+      describe "when the user is not the creator of the batch" do
+        it { is_expected.to_not be_able_to(:manage, batch) }
+        it { is_expected.to be_able_to(:read, batch) }
+      end
+    end
+
+    describe "BatchObject permissions" do
+      let(:batch) { FactoryGirl.create(:batch) }
+      let(:resource) { Ddr::Batch::BatchObject.create(batch: batch) }
+      describe "when the user is the creator of the batch" do
+        before { allow(ability).to receive(:user) { batch.user } }
+        it { is_expected.to be_able_to(:manage, resource) }
+      end
+      describe "when the user is not the creator of the batch" do
+        it { is_expected.to_not be_able_to(:manage, resource) }
+        it { is_expected.to be_able_to(:read, resource) }
+      end
+    end
+
+  end
+
+end
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,9 +2,6 @@ class BatchObjectsController < ApplicationController @@
       load_and_authorize_resource :class => Ddr::Batch::BatchObject
-      def index
-      end
       def show
       end
@@ Expand Down @@