diff --git a/app/concepts/crud/reservation/create.rb b/app/concepts/crud/reservation/create.rb index 35bc051..ae40422 100644 --- a/app/concepts/crud/reservation/create.rb +++ b/app/concepts/crud/reservation/create.rb @@ -3,7 +3,9 @@ module Crud module Reservation class Create < Granite::Action - allow_if { performer.present? } + allow_if do + ::ReservationPolicy.new(performer, model).create? + end attribute :start_date, Date attribute :end_date, Date @@ -45,11 +47,15 @@ def start_before_end errors.add(:start_date, "Start date must be before the end date") unless start_date < end_date end + def model + return @reservation if @reservation.present? + + @reservation = ::Reservation.new + @reservation.user = current_user + end + def execute_perform!(*) - reservation = ::Reservation.new - reservation.user = current_user - actual_performer = performer - Crud::Common::Persist.as(actual_performer).new(model: reservation, model_attributes: attributes.except("current_user")).perform + Crud::Common::Persist.as(performer).new(model: model, model_attributes: attributes.except("current_user")).perform end end end diff --git a/app/policies/reservation_policy.rb b/app/policies/reservation_policy.rb index c078384..f73d643 100644 --- a/app/policies/reservation_policy.rb +++ b/app/policies/reservation_policy.rb @@ -30,4 +30,8 @@ def initialize(current_user, model) def update? current_user.admin? || model.user == current_user end + + def create? + current_user.admin? || model.user == current_user + end end diff --git a/spec/concepts/crud/reservation/create_spec.rb b/spec/concepts/crud/reservation/create_spec.rb index 2838344..e55a4bc 100644 --- a/spec/concepts/crud/reservation/create_spec.rb +++ b/spec/concepts/crud/reservation/create_spec.rb @@ -3,9 +3,9 @@ require "rails_helper" describe Crud::Reservation::Create, type: :model do - context "validations" do - context "negative cases" do - context "start_date is in the past" do + describe "validations" do + describe "negative cases" do + context "when start_date is in the past" do let(:params) { super().merge(start_date: 1.day.ago.to_datetime) } it { is_expected.not_to be_valid } @@ -41,8 +41,8 @@ end end - context "functionality" do - subject(:action) { described_class.as(:system).new(params).perform } + describe "functionality" do + subject(:action) { described_class.as(current_user).new(params).perform } let!(:bike) { create :bike } let(:current_user) { create :user, :admin } diff --git a/spec/concepts/crud/reservation/update_spec.rb b/spec/concepts/crud/reservation/update_spec.rb index 29a3108..218afe6 100644 --- a/spec/concepts/crud/reservation/update_spec.rb +++ b/spec/concepts/crud/reservation/update_spec.rb @@ -80,7 +80,7 @@ end context "current_user is admin" do - let(:current_user) { reservation.user } + let(:current_user) { create :user, :admin } it { is_expected.to be_truthy } end diff --git a/spec/policies/reservation_policy_spec.rb b/spec/policies/reservation_policy_spec.rb index 31626b7..8bc2178 100644 --- a/spec/policies/reservation_policy_spec.rb +++ b/spec/policies/reservation_policy_spec.rb @@ -106,5 +106,32 @@ end end end + + context "when creating" do + let(:reservation) { build :reservation } + subject(:policy) { ReservationPolicy.new(current_user, reservation) } + + describe "negative cases" do + context "when user doesn't own the reservation" do + let(:current_user) { create :user } + + it { is_expected.to_not permit_action(:create) } + end + end + + describe "positive cases" do + context "when user owns the reservation" do + let(:current_user) { reservation.user } + + it { is_expected.to permit_action(:create) } + end + + context "when user is admin" do + let(:current_user) { create :user, :admin } + + it { is_expected.to permit_action(:create) } + end + end + end end end