Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Increase coverage in policy tests #5261

Merged
merged 5 commits into from
Nov 20, 2024
Merged

Increase coverage in policy tests #5261

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
fa47985
Remove unused stubs from ApplicationPolicy
martinemde Nov 20, 2024
d5c27a9
Fix membership policy tests
martinemde Nov 20, 2024
6d396ba
Remove unused RubygemPolicy predicates, update tests
martinemde Nov 20, 2024
f350ef8
Remove unused resolve not implemented, rely instead on NoMethodError
martinemde Nov 20, 2024
779a8ab
Add NilClassPolicy tests
martinemde Nov 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 0 additions & 4 deletions app/policies/api/application_policy.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,6 @@ def initialize(api_key, scope)
@scope = scope
end

def resolve
raise NotImplementedError, "You must define #resolve in #{self.class}"
end

private

attr_reader :api_key, :scope
Expand Down
2 changes: 1 addition & 1 deletion app/policies/api/nil_class_policy.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,6 @@ def resolve
end

def destroy?
false
deny t(:forbidden)
end
end
36 changes: 0 additions & 36 deletions app/policies/application_policy.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,6 @@ def initialize(user, scope)
@scope = scope
end

def resolve
raise NotImplementedError, "You must define #resolve in #{self.class}"
end

private

attr_reader :user, :scope
Expand All @@ -26,38 +22,6 @@ def initialize(user, record)
@error = nil
end

def index?
false
end

def show?
false
end

def create?
false
end

def new?
create?
end

def update?
false
end

def edit?
update?
end

def destroy?
false
end

def search?
index?
end

private

delegate :t, to: I18n
Expand Down
12 changes: 0 additions & 12 deletions app/policies/rubygem_policy.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,22 +8,10 @@ class Scope < ApplicationPolicy::Scope
alias rubygem record
delegate :organization, to: :rubygem

def show?
true
end

def create?
user.present?
end

def update?
false
end

def destroy?
false
end

def configure_oidc?
rubygem_owned_by_with_role?(user, minimum_required_role: :owner, minimum_required_org_role: :admin)
end
Expand Down
21 changes: 21 additions & 0 deletions test/policies/api/nil_class_policy_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
require "test_helper"

class Api::NilClassPolicyTest < ApiPolicyTestCase
def policy!(api_key)
Pundit.policy!(api_key, [:api, nil])
end

context "::Scope.resolve" do
should "raise" do
assert_raises Pundit::NotDefinedError do
Api::NilClassPolicy::Scope.new(nil, nil).resolve
end
end
end

context "#destroy?" do
should "not be authorized" do
refute_authorized policy!(nil), :destroy?, "Forbidden"
end
end
end
18 changes: 8 additions & 10 deletions test/policies/membership_policy_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,26 +96,24 @@ def policy!(user, record = Membership)
context "removing owner" do
should "be authorized for org owners only" do
membership = create(:membership, :owner, organization: @organization)
membership.role = :admin

assert_authorized policy!(@owner, membership), :update?
assert_authorized policy!(@owner, membership), :destroy?

refute_authorized policy!(@admin, membership), :update?
refute_authorized policy!(@maintainer, membership), :update?
refute_authorized policy!(@guest, membership), :update?
refute_authorized policy!(@admin, membership), :destroy?
refute_authorized policy!(@maintainer, membership), :destroy?
refute_authorized policy!(@guest, membership), :destroy?
end
end

context "removing admin" do
should "be authorized for org admins and owners" do
membership = create(:membership, :admin, organization: @organization)
membership.role = :maintainer

assert_authorized policy!(@owner, membership), :update?
assert_authorized policy!(@admin, membership), :update?
assert_authorized policy!(@owner, membership), :destroy?
assert_authorized policy!(@admin, membership), :destroy?

refute_authorized policy!(@maintainer, membership), :update?
refute_authorized policy!(@guest, membership), :update?
refute_authorized policy!(@maintainer, membership), :destroy?
refute_authorized policy!(@guest, membership), :destroy?
end
end
end
Expand Down
8 changes: 8 additions & 0 deletions test/policies/rubygem_policy_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,14 @@ def org_policy!(user)
Pundit.policy!(user, @org_rubygem)
end

context "#create?" do
should "allow users" do
assert_authorized policy!(@owner), :create?
assert_authorized policy!(@user), :create?
refute_authorized policy!(nil), :create?
end
end

context "#configure_oidc?" do
should "only allow the owner" do
assert_authorized policy!(@owner), :configure_oidc?
Expand Down