Merge branch 'issue/289' into 'master'

Issue/289 See merge request portalmec/portalmec!478

Merge branch 'issue/289' into 'master'
e30809d7 · Marcela Ribeiro de Oliveira · 85cefb25 · 4966070c · e30809d7 · e30809d7
Commit e30809d7 authored 7 years ago by Marcela Ribeiro de Oliveira
--- a/app/controllers/v1/contacts_controller.rb
+++ b/app/controllers/v1/contacts_controller.rb
@@ -20,12 +20,15 @@
 class V1::ContactsController < ApplicationController
  include ::Paginator

+  before_action :authenticate_user!, except: [:create]
  before_action :set_contact, only: [:show, :update, :destroy]
+	before_action :set_new_contact, only: :index
+  before_action :authorize!, except: [:create]

  # GET v1/contacts
  def index
-    contacts = paginate Contact
-    render json: contacts
+    contacts = paginate policy_scope(Contact)
+		render json: contacts
  end

  # GET v1/contacts/1
@@ -71,4 +74,12 @@ class V1::ContactsController < ApplicationController
    def contact_params
      params.require(:contact).permit(:name, :email, :message)
    end
+
+    def authorize!
+      authorize @contact
+    end
+
+		def set_new_contact
+			@contact ||= Contact.new
+		end
 end
--- a/app/policies/contact_policy.rb
+++ b/app/policies/contact_policy.rb
+
+# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
+# Departamento de Informatica - Universidade Federal do Parana
+#
+# This file is part of portalmec.
+#
+# portalmec is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# portalmec is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with portalmec.  If not, see <http://www.gnu.org/licenses/>.
+
+class ContactPolicy < ApplicationPolicy
+  class Scope < Scope
+    def resolve
+			if user_can_edit?
+      	scope.all
+			end
+    end
+  end
+
+  def index?
+    record if user_can_edit?
+  end
+
+  def show?
+    record if user_can_edit?
+  end
+
+  def create?
+    record
+  end
+
+  def update?
+    record if user_can_edit?
+  end
+
+  def destroy?
+    record if user_can_edit?
+  end
+end
--- a/spec/acceptance/contacts_spec.rb
+++ b/spec/acceptance/contacts_spec.rb
@@ -18,6 +18,7 @@
 # along with portalmec.  If not, see <http://www.gnu.org/licenses/>.

 require 'acceptance_helpers'
+require 'shared/contexts'

 resource 'Contacts' do

@@ -28,6 +29,7 @@ resource 'Contacts' do
  let(:contacts) { Contact.all }

  get '/v1/contacts' do
+    include_context "authenticate_user_editor"

    example_request 'Getting all contacts' do
      expect(status).to eq(200)
@@ -35,6 +37,7 @@ resource 'Contacts' do
  end

  get '/v1/contacts/:id' do
+    include_context "authenticate_user_editor"

    let(:id) { contacts.first.id }

@@ -61,6 +64,7 @@ resource 'Contacts' do
  end

  put '/v1/contacts/:id' do
+    include_context "authenticate_user_editor"

    parameter :name, 'The name of the contact', scope: :contact
    parameter :email, 'The email of the contact', scope: :contact
@@ -78,6 +82,7 @@ resource 'Contacts' do
  end

  delete '/v1/contacts/:id' do
+    include_context "authenticate_user_editor"

    let(:id) { contacts.first.id }