Add methods for access to queries

app/models/queries/projects/project_query.rb

@@ -48,16 +48,18 @@ class Queries::Projects::ProjectQuery < ApplicationRecord
   scopes :allowed_to
 
   def visible?(user = User.current)
-    public? || user == self.user
+    public? ||
+    user == self.user ||
+    user.allowed_in_project_query?(:view_project_query, self)
   end
 
-  def can_edit?(user = User.current)
+  def editable?(user = User.current)
     # non public queries can only be edited by the owner
     (!public? && user == self.user) ||
     # public queries can be edited by users with the global permission (regardless of ownership)
     (public? && user.allowed_globally?(:manage_public_project_queries)) ||
     # or by users with the edit permission on the query
-    user.allowed_to?(:edit_project_query, self)
+    user.allowed_in_project_query?(:edit_project_query, self)
   end
 
   def self.model

spec/models/queries/projects/project_query_spec.rb

@@ -442,6 +442,92 @@
 
         it { is_expected.not_to be_visible(user) }
       end
+
+      context "and the query has been shared with the user" do
+        before do
+          mock_permissions_for(user) do |mock|
+            mock.allow_in_project_query(:view_project_query, project_query: subject)
+          end
+        end
+
+        it { is_expected.to be_visible(user) }
+      end
+    end
+  end
+
+  describe "#editable?" do
+    subject { build(:project_query, user: owner, public:) }
+
+    context "when the query is private" do
+      let(:public) { false }
+
+      context "and the user is the owner" do
+        let(:owner) { user }
+
+        it { is_expected.to be_editable(user) }
+      end
+
+      context "and the user is not the owner" do
+        let(:owner) { build(:user) }
+
+        it { is_expected.not_to be_editable(user) }
+
+        context "and the query has been shared with the user" do
+          before do
+            mock_permissions_for(user) do |mock|
+              mock.allow_in_project_query(:edit_project_query, project_query: subject)
+            end
+          end
+
+          it { is_expected.to be_editable(user) }
+        end
+      end
+    end
+
+    context "when the query is public" do
+      let(:public) { true }
+
+      context "and the user is the owner" do
+        let(:owner) { user }
+
+        it { is_expected.not_to be_editable(user) }
+
+        context "and the user has the global permission" do
+          before do
+            mock_permissions_for(user) do |mock|
+              mock.allow_globally(:manage_public_project_queries)
+            end
+          end
+
+          it { is_expected.to be_editable(user) }
+        end
+      end
+
+      context "and the user is not the owner" do
+        let(:owner) { build(:user) }
+
+        it { is_expected.not_to be_editable(user) }
+
+        context "and the user has the global permission" do
+          before do
+            mock_permissions_for(user) do |mock|
+              mock.allow_globally(:manage_public_project_queries)
+            end
+          end
+
+          it { is_expected.to be_editable(user) }
+        end
+
+        context "and the query has been shared with the user" do
+          before do
+            mock_permissions_for(user) do |mock|
+              mock.allow_in_project_query(:edit_project_query, project_query: subject)
+            end
+          end
+
+          it { is_expected.to be_editable(user) }
+        end
+      end
     end
   end
 end