diff --git a/app/controllers/v1/institutions_controller.rb b/app/controllers/v1/institutions_controller.rb
index aa549a8809893c27775b5c0b4bfc8120386d30e7..3d8627f77c0d83c6f476073bce040687b61707b2 100644
--- a/app/controllers/v1/institutions_controller.rb
+++ b/app/controllers/v1/institutions_controller.rb
@@ -5,6 +5,7 @@ class V1::InstitutionsController < ApplicationController
before_action :set_institution, only: [:show, :update, :destroy, :users]
before_action :authenticate_user!, only: [:create, :update, :destroy]
+ before_action :authorize!, only: [:update, :destroy]
# GET v1/institutions
# GET v1/institutions.json
@@ -23,6 +24,7 @@ class V1::InstitutionsController < ApplicationController
# POST v1/institutions.json
def create
institution = Institution.new(institution_params)
+ authorize institution
if institution.save
render json: institution, status: :created
@@ -67,4 +69,8 @@ class V1::InstitutionsController < ApplicationController
params.require(:institution).permit(:name, :description, :address, :city, :country)
end
+ def authorize!
+ authorize @institution
+ end
+
end
diff --git a/app/controllers/v1/licenses_controller.rb b/app/controllers/v1/licenses_controller.rb
index a9bd87aa97cea7b4f0ae950fab257b702f35db7c..a97356de64b62ab28ffe3fd97d3d575500af7905 100644
--- a/app/controllers/v1/licenses_controller.rb
+++ b/app/controllers/v1/licenses_controller.rb
@@ -1,6 +1,7 @@
class V1::LicensesController < ApplicationController
before_action :authenticate_user!, only: [:create, :update, :destroy]
before_action :set_license, only: [:show, :update, :destroy]
+ before_action :authorize!, only: [:update, :destroy]
# GET /licenses
# GET /licenses.json
@@ -18,6 +19,7 @@ class V1::LicensesController < ApplicationController
# POST /licenses.json
def create
@license = License.new(license_params)
+ authorize @license
if @license.save
render json: @license, status: :created
@@ -55,4 +57,8 @@ class V1::LicensesController < ApplicationController
def license_params
params.require(:license).permit(:name, :description, :url, :image_url)
end
+
+ def authorize!
+ authorize @license
+ end
end
diff --git a/app/controllers/v1/mime_types_controller.rb b/app/controllers/v1/mime_types_controller.rb
index b7b65bd9ea1731b30a0088b5d8355b38a881bb31..e51e6f8783a22f0bf5b6676d40c19b8d6a3ae59c 100644
--- a/app/controllers/v1/mime_types_controller.rb
+++ b/app/controllers/v1/mime_types_controller.rb
@@ -3,6 +3,7 @@ class V1::MimeTypesController < ApplicationController
before_action :authenticate_user!, except: [:index, :show]
before_action :set_mime_type, only: [:show, :update, :destroy]
+ before_action :authorize!, only: [:update, :destroy]
# GET /mime_types
# GET /mime_types.json
@@ -21,6 +22,7 @@ class V1::MimeTypesController < ApplicationController
# POST /mime_types.json
def create
@mime_type = MimeType.new(mime_type_params)
+ authorize @mime_type
if @mime_type.save
render json: @mime_type, status: :created
@@ -57,4 +59,8 @@ class V1::MimeTypesController < ApplicationController
def mime_type_params
params.require(:mime_type).permit(:extension, :mime_type)
end
+
+ def authorize!
+ authorize @mime_type
+ end
end
diff --git a/app/controllers/v1/object_types_controller.rb b/app/controllers/v1/object_types_controller.rb
index cec8dbc49fb8674d73afdd581875fbb674be0e0f..c09775a85912a94520632acc37863dabd353b6d8 100644
--- a/app/controllers/v1/object_types_controller.rb
+++ b/app/controllers/v1/object_types_controller.rb
@@ -3,6 +3,7 @@ class V1::ObjectTypesController < ApplicationController
before_action :authenticate_user!, except: [:index, :show]
before_action :set_object_type, only: [:show, :update, :destroy]
+ before_action :authorize!, only: [:update, :destroy]
# GET /object_types
@@ -22,6 +23,7 @@ class V1::ObjectTypesController < ApplicationController
# POST /object_types.json
def create
@object_type = ObjectType.new(sanitazed_params)
+ authorize @object_type
if @object_type.save
render json: @object_type, status: :created
@@ -70,4 +72,8 @@ class V1::ObjectTypesController < ApplicationController
end
mime_params
end
+
+ def authorize!
+ authorize @object_type
+ end
end
diff --git a/app/controllers/v1/ratings_controller.rb b/app/controllers/v1/ratings_controller.rb
index 90262e2c89dbab5e81285385da52fe675747a26d..d32fdea57779f5e0087d78954fdea7ec4ed1834e 100644
--- a/app/controllers/v1/ratings_controller.rb
+++ b/app/controllers/v1/ratings_controller.rb
@@ -3,6 +3,7 @@ class V1::RatingsController < ApplicationController
before_action :set_rating, only: [:show, :update, :destroy]
before_action :authenticate_user!, only: [:create, :update, :destroy]
+ before_action :authorize!, only: [:update, :destroy]
# GET v1/ratings
# GET v1/ratings.json
@@ -20,6 +21,7 @@ class V1::RatingsController < ApplicationController
# POST v1/ratings.json
def create
rating = Rating.new(rating_params)
+ authorize rating
if rating.save
render json: rating, status: :created
@@ -59,4 +61,7 @@ class V1::RatingsController < ApplicationController
params.require(:rating).permit(:name, :description)
end
+ def authorize!
+ authorize @rating
+ end
end
diff --git a/app/controllers/v1/roles_controller.rb b/app/controllers/v1/roles_controller.rb
index d8ecdc508f5700b395ff9a6b0833f89a3f8c4ffb..e846d8be87646057a08d0f272fedbefbdcc6d0f8 100644
--- a/app/controllers/v1/roles_controller.rb
+++ b/app/controllers/v1/roles_controller.rb
@@ -3,6 +3,7 @@ class V1::RolesController < ApplicationController
before_action :authenticate_user!, except: [:index, :show]
before_action :set_role, only: [:show, :update, :destroy]
+ before_action :authorize!, only: [:update, :destroy]
# GET /roles
# GET /roles.json
@@ -21,6 +22,7 @@ class V1::RolesController < ApplicationController
# POST /roles.json
def create
@role = Role.new(role_params)
+ authorize @role
if @role.save
render json: @role, status: :created
@@ -57,4 +59,8 @@ class V1::RolesController < ApplicationController
def role_params
params.require(:role).permit(:name, :description)
end
+
+ def authorize!
+ authorize @role
+ end
end
diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb
index f6ffbdccc5e4bd00346cdfe927c1ec138a361d77..6405a2a8f37c861d02efd0cd4e8e5b74f46257f4 100644
--- a/app/controllers/v1/users_controller.rb
+++ b/app/controllers/v1/users_controller.rb
@@ -7,7 +7,7 @@ class V1::UsersController < ApplicationController
before_action :set_user, only: [:show, :update, :destroy, :following, :own_reviews, :received_reviews, :followers]
before_action :authenticate_user!, only: [:create, :update, :destroy, :following, :own_reviews, :received_reviews, :followers]
- before_action :authorize_user, only: [:own_reviews, :received_reviews]
+ before_action :authorize_user, only: [:own_reviews, :received_reviews, :update, :destroy]
# GET /v1/users
# GET /v1/users.json
@@ -26,6 +26,7 @@ class V1::UsersController < ApplicationController
# POST /v1/users.json
def create
user = User.new(user_params)
+ authorize user
if user.save
render json: user, status: :created
@@ -53,12 +54,8 @@ class V1::UsersController < ApplicationController
# DELETE /v1/users/1
# DELETE /v1/users/1.json
def destroy
- if current_user.is_admin?
- @user.destroy
- render status: :ok
- else
- render status: :forbidden
- end
+ @user.destroy
+ render status: :ok
end
def following
diff --git a/app/models/role.rb b/app/models/role.rb
index 9a9797ceaa545174bf97ded84a843df1854a9f80..cfca39dabe6eeebef6f979abc706df1a85db1220 100644
--- a/app/models/role.rb
+++ b/app/models/role.rb
@@ -29,4 +29,8 @@ class Role < ApplicationRecord
def self.curator
find_by(name: 'curator') || create!(name: 'curator')
end
+
+ def self.moderator
+ find_by(name: 'moderator') || create!(name: 'moderator')
+ end
end
diff --git a/app/models/user.rb b/app/models/user.rb
index a68598c89afae37d02363749e9d3cf099514464c..31bf89b26dd91c2b2f1d841e8e0233f0bdf94a03 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -100,6 +100,17 @@ class User < ApplicationRecord
false
end
+ def is_moderator?
+ roles.each do |role|
+ return true if role.name == 'moderator'
+ end
+ false
+ end
+
+ def can_moderate?
+ self.is_admin? || self.is_moderator?
+ end
+
def associated_collections
c = collections.blank? ? [] : collections.to_a
institutions.each { |i| c.push(*i.collections.to_a) }
diff --git a/app/policies/activity_policy.rb b/app/policies/activity_policy.rb
index dcd8537d416fd5173da8c7dfb855a02307419c83..bdb94fe88f7f4dfd1425050ad26c15881995b46e 100644
--- a/app/policies/activity_policy.rb
+++ b/app/policies/activity_policy.rb
@@ -9,7 +9,7 @@ class ActivityPolicy < ApplicationPolicy
end
def resolve
- if user.is_admin?
+ if user_can_moderate?
scope.includes(:owner,:recipient).order('created_at DESC').all
else
scope.includes(:owner,:recipient).where("privacy = 'public'").where(key: activities_filter).order('created_at DESC').all
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
index dd6cb01af37e15c8298d8f66b68a69c6459b00dd..8445518d31b69544549342d4e8d3713371ef7266 100644
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@@ -40,7 +40,7 @@ class ApplicationPolicy
def owns?
return false if user.nil?
- return true if user.is_admin?
+ return true if user_can_moderate?
return owner.users.include?(user) if owner.is_a?(Institution)
@@ -55,7 +55,11 @@ class ApplicationPolicy
raise 'You must implement this method!'
end
- class Scope
+ def user_can_moderate?
+ user.is_admin? || user.is_moderator?
+ end
+
+ class Scope < ApplicationPolicy
attr_reader :user, :scope
def initialize(user, scope)
diff --git a/app/policies/bookmark_policy.rb b/app/policies/bookmark_policy.rb
index dc25263844f2545838f6bb8ff582a4bc1929c87f..9e88edd4e4faf8c85857c5e1251cdbdd53a3fda8 100644
--- a/app/policies/bookmark_policy.rb
+++ b/app/policies/bookmark_policy.rb
@@ -17,7 +17,7 @@ class BookmarkPolicy < ApplicationPolicy
end
def user_own?
- record.user == user || user.is_admin?
+ record.user == user || user_can_moderate?
end
end
diff --git a/app/policies/collection_policy.rb b/app/policies/collection_policy.rb
index b39a280f49d2ced6d8ecca66b31597661d2c42d5..9721408518245252b7fb8482729dd1a5005be1c3 100644
--- a/app/policies/collection_policy.rb
+++ b/app/policies/collection_policy.rb
@@ -7,8 +7,8 @@ class CollectionPolicy < ApplicationPolicy
class Scope < Scope
def resolve
- if !user.nil?
- if user.is_admin?
+ if user_exists?
+ if user_can_moderate?
scope.all
else
scope.includes(:collection_items).where.not(:collection_items => {:collection_id => nil}).where("privacy = ? OR owner_id = ?", 'public', user.id)
diff --git a/app/policies/institution_policy.rb b/app/policies/institution_policy.rb
index 0a9fd33439e5ae30939be78b647c24ed1589bc9a..185b3eff64311035233e7e87ac34d5a5118f7726 100644
--- a/app/policies/institution_policy.rb
+++ b/app/policies/institution_policy.rb
@@ -1,21 +1,21 @@
class InstitutionPolicy < ApplicationPolicy
def create?
- record if user.is_admin?
+ record if user_can_moderate?
end
def update?
- record if user.is_admin?
+ record if user_can_moderate?
end
def index?
- record if user.is_admin?
+ record if user_can_moderate?
end
def destroy?
- record if user.is_admin?
+ record if user_can_moderate?
end
def users?
- record if user.is_admin?
+ record if user_can_moderate?
end
end
diff --git a/app/policies/language_policy.rb b/app/policies/language_policy.rb
index 71b94f7e72f4cc50a8e0ffe6b803f12a6b8d3a44..cae7a10e077c056d7bdc33099c8563f7c665ae38 100644
--- a/app/policies/language_policy.rb
+++ b/app/policies/language_policy.rb
@@ -8,14 +8,14 @@ class LanguagePolicy < ApplicationPolicy
end
def create?
- record if user.is_admin?
+ record if user_can_moderate?
end
def update?
- record if user.is_admin?
+ record if user_can_moderate?
end
def destroy?
- record if user.is_admin?
+ record if user_can_moderate?
end
end
diff --git a/app/policies/learning_object_policy.rb b/app/policies/learning_object_policy.rb
index b35e77b0de8910086dc3d272455a2648d59ab8e9..b223bcaaf43220d5a70e59d189c4a3ef2084b60e 100644
--- a/app/policies/learning_object_policy.rb
+++ b/app/policies/learning_object_policy.rb
@@ -9,7 +9,7 @@ class LearningObjectPolicy < ApplicationPolicy
def resolve
if user.nil?
scope.where(state: 'published')
- elsif user.is_admin?
+ elsif user_can_moderate?
scope.all
else
scope.where(state: 'published')
@@ -38,9 +38,10 @@ class LearningObjectPolicy < ApplicationPolicy
end
def show?
- return record if record.published? || user.try(:is_admin?)
+ return record if record.published? || ( !user.nil? && user_can_moderate? )
return record if user == record.publisher
## TODO: falta verificar se o +record.publisher+ é uma instituição e +user+ faz parte
+ # => return owner.users.include?(user) if owner.is_a?(Institution) (???)
end
def index?
diff --git a/app/policies/license_policy.rb b/app/policies/license_policy.rb
index adb7750ca3bdd3402ead90e2f67e32907d7b7e76..de80c911f15fa5ef6c9bac992de8c6ce64dfb9a1 100644
--- a/app/policies/license_policy.rb
+++ b/app/policies/license_policy.rb
@@ -8,14 +8,14 @@ class LicensePolicy < ApplicationPolicy
end
def create?
- record if user.is_admin?
+ record if user_can_moderate?
end
def update?
- record if user.is_admin?
+ record if user_can_moderate?
end
def destroy?
- record if user.is_admin?
+ record if user_can_moderate?
end
end
diff --git a/app/policies/mime_type_policy.rb b/app/policies/mime_type_policy.rb
index 346a574db3fb9111fabc7b26aea277a91edbf5af..1ae25251480b629b8f32ab74fde50b6fa3487fd8 100644
--- a/app/policies/mime_type_policy.rb
+++ b/app/policies/mime_type_policy.rb
@@ -8,14 +8,14 @@ class MimeTypePolicy < ApplicationPolicy
end
def create?
- record if user.is_admin?
+ record if user_can_moderate?
end
def update?
- record if user.is_admin?
+ record if user_can_moderate?
end
def destroy?
- record if user.is_admin?
+ record if user_can_moderate?
end
end
diff --git a/app/policies/object_type_policy.rb b/app/policies/object_type_policy.rb
index bdce7f229836f176915c27fc1f120e24753651b0..22633e5495565d96d8e5eecbe6ab746ca09e7c61 100644
--- a/app/policies/object_type_policy.rb
+++ b/app/policies/object_type_policy.rb
@@ -8,14 +8,14 @@ class ObjectTypePolicy < ApplicationPolicy
end
def create?
- record if user.is_admin?
+ record if user_can_moderate?
end
def update?
- record if user.is_admin?
+ record if user_can_moderate?
end
def destroy?
- record if user.is_admin?
+ record if user_can_moderate?
end
end
diff --git a/app/policies/publisher_policy.rb b/app/policies/publisher_policy.rb
index 1da55efa6a5d9278f9825d2e174d261f25d5bef2..24158d58757c5c4930f38ebcb678faa1d0b18fb4 100644
--- a/app/policies/publisher_policy.rb
+++ b/app/policies/publisher_policy.rb
@@ -12,7 +12,7 @@ module PublisherPolicy
def resolve
if user.nil?
scope.where(privacy: 'public')
- elsif user.is_admin? || record == user
+ elsif user_can_moderate? || record == user
scope.all
else
scope.where(privacy: 'public')
@@ -21,15 +21,15 @@ module PublisherPolicy
end
def show_all_drafts?
- record if same_user? || user.is_admin?
+ record if same_user? || user_can_moderate?
end
def show_liked_learning_objects?
- record if same_user? || user.is_admin?
+ record if same_user? || user_can_moderate?
end
def show_liked_collections?
- record if same_user? || user.is_admin?
+ record if same_user? || user_can_moderate?
end
def same_user?
diff --git a/app/policies/rating_policy.rb b/app/policies/rating_policy.rb
index e9155e1aa4809b51d730b6417031b3f76fcff3cb..bd3c49072adb60883c86d765be2e8926d5f7800e 100644
--- a/app/policies/rating_policy.rb
+++ b/app/policies/rating_policy.rb
@@ -9,14 +9,14 @@ class RatingPolicy < ApplicationPolicy
end
def create?
- record if user.is_admin?
+ record if user_can_moderate?
end
def update?
- record if user.is_admin?
+ record if user_can_moderate?
end
def destroy?
- record if user.is_admin?
+ record if user_can_moderate?
end
end
diff --git a/app/policies/search_policy.rb b/app/policies/search_policy.rb
index 441469b63a9139414365770650ffca9a7c959fcf..7a3d5808659afaf64f687ceb144b8a5a52782225 100644
--- a/app/policies/search_policy.rb
+++ b/app/policies/search_policy.rb
@@ -3,7 +3,7 @@ class SearchPolicy < ApplicationPolicy
def resolve
if user.nil?
scope.where(state: 'published')
- elsif user.is_admin?
+ elsif user_can_moderate?
scope.all
else
scope.where(state: 'published')
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index d8a1c1deb574c07bc01a6be654ff0223c99ca12f..1deecdaa6cceb05152e697ad2d39b25499c86dda 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -5,23 +5,37 @@ class UserPolicy < ApplicationPolicy
class Scope < PublisherPolicy::Scope; end
def update?
- record if same_user? || user.is_admin?
+ record if same_user? || authorized_user?
end
def create?
- user.is_admin?
+ authorized_user?
end
def show?
record if user_exists?
end
- def own_reviews?
+ def destroy?
record if same_user? || user.is_admin?
end
+ def own_reviews?
+ record if same_user? || user_can_moderate?
+ end
+
def received_reviews?
- record if same_user? || user.is_admin?
+ record if same_user? || user_can_moderate?
+ end
+
+ def authorized_user?
+ return false if ( record.is_admin? && !user.is_admin? )
+ if ( record.is_moderator? )
+ if !( same_user? || user.is_admin? )
+ return false
+ end
+ end
+ user_can_moderate?
end
def same_user?
diff --git a/app/policies/welcome_policy.rb b/app/policies/welcome_policy.rb
index 5d5ae66c95e757dbb5bf6b88f8dbd8c09710abbd..5062601c3ce3c61f9f2c9c409dd275d8965f7b95 100644
--- a/app/policies/welcome_policy.rb
+++ b/app/policies/welcome_policy.rb
@@ -1,7 +1,7 @@
class WelcomePolicy < ApplicationPolicy
class Scope < Scope
def resolve
- if user.is_admin?
+ if user_can_moderate?
scope.all
else
scope.where(state: 'published')
diff --git a/app/serializers/collection_item_serializer.rb b/app/serializers/collection_item_serializer.rb
index 60c59d539e02a9b728b34dfea947c9e46a819aa8..5bb19b6e93ff72cc1afd1059f2fa57c4f2197c3f 100644
--- a/app/serializers/collection_item_serializer.rb
+++ b/app/serializers/collection_item_serializer.rb
@@ -4,7 +4,7 @@ class CollectionItemSerializer < ActiveModel::Serializer
def collectionable
if ( object.collectionable_type == "LearningObject" )
serializer = ::LearningObjectSerializer
- elsif ( object.public? || (current_user && ( object.owner?(current_user) || current_user.is_admin? )) )
+ elsif ( object.public? || (current_user && ( object.owner?(current_user) || current_user.can_moderate? )) )
serializer = ::CollectionMinSerializer
end
diff --git a/db/seeds.rb b/db/seeds.rb
index 785a3bb76dff904dad91bd36d3402903fc6dc368..0a4ba3ef41205d37cb528b959212f029f5151c89 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -9,6 +9,7 @@ Role.create(name: 'teacher', description: 'This role represents a Teacher in Por
Role.create(name: 'student', description: 'This role represents a Student in Portal MEC.')
Role.create(name: 'admin', description: 'This role represents an MEC Admin, that can perform any action.')
Role.create(name: 'curator', description: 'This role represents a content Curator in Portal MEC.')
+Role.create(name: 'moderator', description: 'This role represents a content Moderator in Portal MEC, with less privileges than admin.')
# create the default admin
User.create(
diff --git a/lib/portalmec/sociable_tests.rb b/lib/portalmec/sociable_tests.rb
index b7dbc33010ee5f050b29f0f485512594efc0c913..822eff0d8b9c7a83d9ecb43f5e579b2f01cbd1e2 100644
--- a/lib/portalmec/sociable_tests.rb
+++ b/lib/portalmec/sociable_tests.rb
@@ -1,3 +1,5 @@
+require 'active_support'
+
module Portalmec::SociableTests
extend ActiveSupport::Testing::Declarative
diff --git a/spec/acceptance/educational_stages_spec.rb b/spec/acceptance/educational_stages_spec.rb
index b7d7f85d952ffecc4cb5530d310fe1ea51483003..31358de607b296f643cd855bfbe5e696b0394f9c 100644
--- a/spec/acceptance/educational_stages_spec.rb
+++ b/spec/acceptance/educational_stages_spec.rb
@@ -42,7 +42,7 @@ resource 'Educational Stages' do
end
delete '/v1/:type/:id/educational_stages' do
- include_context "authenticate_user"
+ include_context "authenticate_user_admin"
parameter :id, 'The id of object'
parameter :type, 'Represents the type of object, [learning_objects, collection]'
diff --git a/spec/acceptance/institutions_spec.rb b/spec/acceptance/institutions_spec.rb
index 986f63691fc725f4cef0669b35d40f50a95bbf6c..dd64f06306edbb3f09a7620c7f9f8e83fc567db5 100644
--- a/spec/acceptance/institutions_spec.rb
+++ b/spec/acceptance/institutions_spec.rb
@@ -36,7 +36,7 @@ resource 'Institutions' do
end
post '/v1/institutions' do
- include_context "authenticate_user"
+ include_context "authenticate_user_admin"
parameter :name, 'The name of the institution'
parameter :description, 'The description of the institution'
@@ -58,7 +58,7 @@ resource 'Institutions' do
end
put '/v1/institutions/:id' do
- include_context "authenticate_user"
+ include_context "authenticate_user_admin"
parameter :id, 'The id of the institution'
parameter :name, 'The name of the institution'
@@ -82,7 +82,7 @@ resource 'Institutions' do
end
delete '/v1/institutions/:id' do
- include_context "authenticate_user"
+ include_context "authenticate_user_admin"
parameter :id, 'The id of the institution'
diff --git a/spec/acceptance/mime_types_spec.rb b/spec/acceptance/mime_types_spec.rb
index 8be6e3c42d543a96c303ee314e7ece0b9f08fa61..5ba38318a7b294633c06b7f4eb8fea5ae8c43b28 100644
--- a/spec/acceptance/mime_types_spec.rb
+++ b/spec/acceptance/mime_types_spec.rb
@@ -26,7 +26,7 @@ resource 'Mime Types' do
post '/v1/mime_types' do
- include_context "authenticate_user"
+ include_context "authenticate_user_admin"
parameter :extension, 'The name of the mime_type', scope: :mime_type
parameter :mime_type, 'The mime_type', scope: :mime_type
@@ -42,7 +42,7 @@ resource 'Mime Types' do
end
put '/v1/mime_types/:id' do
- include_context "authenticate_user"
+ include_context "authenticate_user_admin"
parameter :extension, 'The name of the mime_type', scope: :mime_type
parameter :mime_type, 'The mime_type', scope: :mime_type
@@ -58,7 +58,7 @@ resource 'Mime Types' do
end
delete '/v1/mime_types/:id' do
- include_context "authenticate_user"
+ include_context "authenticate_user_admin"
let(:id) { mime_types.first.id }
diff --git a/spec/acceptance/object_types_spec.rb b/spec/acceptance/object_types_spec.rb
index 862bc56352f79998caf2e95e7ed53993ebdf2058..35bb936faca04eed4ff51e4aac75a5fe16f87430 100644
--- a/spec/acceptance/object_types_spec.rb
+++ b/spec/acceptance/object_types_spec.rb
@@ -31,7 +31,7 @@ resource 'Object Type' do
end
post '/v1/object_types' do
- include_context "authenticate_user"
+ include_context "authenticate_user_admin"
parameter :name, 'The name of the object type', scope: :object_type
parameter :mime_types, 'Array of mime_types', scope: :object_type
@@ -48,7 +48,7 @@ resource 'Object Type' do
delete 'v1/object_types/:id' do
- include_context "authenticate_user"
+ include_context "authenticate_user_admin"
parameter :id, "The id of the object_type"
@@ -61,7 +61,7 @@ resource 'Object Type' do
end
put '/v1/object_types/:id' do
- include_context "authenticate_user"
+ include_context "authenticate_user_admin"
parameter :id, "The id of the object_type"
parameter :name, 'The name of the object type', scope: :object_type
diff --git a/spec/acceptance/subjects_spec.rb b/spec/acceptance/subjects_spec.rb
index 4c118babd3f1496ebf408c65edabeb8d6cad7384..0919110bbe7ce0f63acd6b0876ccd31142437b74 100644
--- a/spec/acceptance/subjects_spec.rb
+++ b/spec/acceptance/subjects_spec.rb
@@ -42,7 +42,7 @@ resource 'Subjects' do
end
delete 'v1/:type/:id/subjects' do
- include_context "authenticate_user"
+ include_context "authenticate_user_admin"
parameter :id, "The id of the object"
parameter :type, "Represents the type of the object [LearningObject, Collection]"
diff --git a/spec/acceptance/users_spec.rb b/spec/acceptance/users_spec.rb
index ae60ec1687ac55b1ec9971f808d45bdea4d94dbe..47879acd8d98bd0bf842b864b2727fdf25c0743f 100644
--- a/spec/acceptance/users_spec.rb
+++ b/spec/acceptance/users_spec.rb
@@ -1,4 +1,5 @@
require 'acceptance_helpers'
+require 'shared/contexts'
resource 'Users' do
header 'Accept', 'application/json'
@@ -104,16 +105,12 @@ resource 'Users' do
let(:password_confirmation) { '12345678' }
let(:terms_of_service) { true }
let(:avatar) {""}
- # TODO role ids con't be changed if user isn't admin, send []
- # when it's a admin send [role.first.id]
+ # TODO role ids con't be changed if user isn't admin, send []
+ # when it's a admin send [role.first.id]
let(:roles_ids) { [] }
let(:subjects) { [subject.first.id] }
let(:raw_post) {params.to_json}
- before do
- @user = create(:user)
- end
-
example 'Updating an user' do
do_request
expect(status).to eq(200)