created publisher role

parent 009d05ba
......@@ -160,6 +160,13 @@ class User < ApplicationRecord
false
end
def is_publisher?
roles.each do |role|
return true if role.name == 'publisher'
end
false
end
def is_partner?
roles.each do |role|
return true if role.name == 'partner'
......
......@@ -74,12 +74,20 @@ class ApplicationPolicy
raise 'You must implement this method!'
end
def user_can_create?
(user_exists? && user.is_submitter?) || (user_exists? && user.is_publisher?)
end
def user_can_edit?
user.is_admin? || user.is_editor?
end
def user_can_update?
(owns? && user.is_submitter?) || (owns? && user.is_partner?) || user.is_admin?
(owns? && user.is_publisher?) || (owns? && user.is_submitter?) || (owns? && user.is_partner?) || user.is_admin?
end
def user_can_publish?
(user_can_curate? && record.submitted?) || (owns? && user.is_publisher?)
end
def user_can_curate?
......
......@@ -38,7 +38,7 @@ class LearningObjectPolicy < ApplicationPolicy
end
def create?
record if (user_exists? && user.is_submitter?)
record if user_can_create?
end
def update?
......@@ -46,7 +46,7 @@ class LearningObjectPolicy < ApplicationPolicy
end
def publish?
record if (user_can_curate? && record.submitted?)
record if user_can_publish?
end
def destroy?
......
......@@ -33,6 +33,7 @@ Role.create(name: 'supervisor', description: 'This role represents an user Super
Role.create(name: 'editor', description: 'This role represents a content Supervisor in Portal MEC, with less privileges than admin.')
Role.create(name: 'submitter', description: 'This role represents a content submitter in Portal MEC.')
Role.create(name: 'partner', description: 'This role represents a partner Portal MEC.')
Role.create(name: 'publisher', description: 'This role represents a content publisher without supervision in Portal MEC.')
# create the default admin
User.create(
......
......@@ -60,7 +60,7 @@ resource 'Learning Objects' do
end
post '/v1/learning_objects' do
include_context "authenticate_user_submitter"
include_context "authenticate_user_publisher"
parameter :author, 'The author of a educational content', scope: :learning_object
parameter :name, 'The name of the learning object', scope: :learning_object
......@@ -98,7 +98,7 @@ resource 'Learning Objects' do
end
put '/v1/learning_objects/:id' do
include_context "authenticate_user_submitter"
include_context "authenticate_user_publisher"
parameter :author, 'The author of a educational content'
parameter :name, 'The name of the learning object'
......@@ -178,7 +178,7 @@ resource 'Learning Objects' do
end
post '/v1/learning_objects/:id/publish' do
include_context "authenticate_user_curator"
include_context "authenticate_user_publisher"
let(:id) { @learning_object.id }
......
......@@ -61,6 +61,19 @@ RSpec.shared_context "authenticate_user_submitter", shared_context: :metadata do
end
RSpec.shared_context "authenticate_user_publisher", shared_context: :metadata do
let(:auth_client) { @auth_headers['client'] }
let(:uid) { @auth_headers['uid'] }
let(:access_token) { @auth_headers['access-token'] }
let(:role) { Role.all }
before do
@user = create(:user, roles: [role.find_by(name: 'publisher')])
@auth_headers = @user.create_new_auth_token
end
end
RSpec.shared_context "authenticate_user_curator", shared_context: :metadata do
let(:auth_client) { @auth_headers['client'] }
let(:uid) { @auth_headers['uid'] }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment