From 3a4443a4fe6497d91abeff6a5e390693ef0767d7 Mon Sep 17 00:00:00 2001 From: Brenda Wallace Date: Sat, 13 Jan 2018 22:11:02 +1300 Subject: [PATCH] Permissions (and specs) for charts json --- app/controllers/gardens_controller.rb | 2 +- app/models/ability.rb | 6 ++++++ spec/controllers/crops_controller_spec.rb | 16 ++++++++++++++++ spec/controllers/gardens_controller_spec.rb | 13 ++++++++++--- 4 files changed, 33 insertions(+), 4 deletions(-) diff --git a/app/controllers/gardens_controller.rb b/app/controllers/gardens_controller.rb index 585966e54..a61d6cf88 100644 --- a/app/controllers/gardens_controller.rb +++ b/app/controllers/gardens_controller.rb @@ -1,5 +1,5 @@ class GardensController < ApplicationController - before_action :authenticate_member!, except: %i(index show) + before_action :authenticate_member!, except: %i(index show timeline) after_action :expire_homepage, only: %i(create delete) load_and_authorize_resource respond_to :html, :json diff --git a/app/models/ability.rb b/app/models/ability.rb index efba2aeb0..283bf45cc 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -15,6 +15,12 @@ class Ability can :view_follows, Member can :view_followers, Member + # Everyone can see the charts + can :timeline, Garden + can :sunniness, Crop + can :planted_from, Crop + can :harvested_for, Crop + # except these, which don't make sense if you're not logged in cannot :read, Notification cannot :read, Authentication diff --git a/spec/controllers/crops_controller_spec.rb b/spec/controllers/crops_controller_spec.rb index 5b682f6c2..9e54307bf 100644 --- a/spec/controllers/crops_controller_spec.rb +++ b/spec/controllers/crops_controller_spec.rb @@ -46,4 +46,20 @@ describe CropsController do it { expect(response.content_type).to eq("application/rss+xml") } end end + + describe 'GET charts' do + let(:crop) { FactoryBot.create :crop } + describe 'sunniness' do + before { get :sunniness, crop_id: crop.to_param } + it { expect(response).to be_success } + end + describe 'planted_from' do + before { get :planted_from, crop_id: crop.to_param } + it { expect(response).to be_success } + end + describe 'harvested_for' do + before { get :harvested_for, crop_id: crop.to_param } + it { expect(response).to be_success } + end + end end diff --git a/spec/controllers/gardens_controller_spec.rb b/spec/controllers/gardens_controller_spec.rb index 9253b5ddb..073d03d6b 100644 --- a/spec/controllers/gardens_controller_spec.rb +++ b/spec/controllers/gardens_controller_spec.rb @@ -4,9 +4,8 @@ RSpec.describe GardensController, type: :controller do include Devise::Test::ControllerHelpers let(:valid_params) { { name: 'My second Garden' } } + let(:garden) { FactoryBot.create :garden } context "when not signed in" do - let(:garden) { double('garden') } - describe 'GET new' do before { get :new, id: garden.to_param } it { expect(response).to redirect_to(new_member_session_path) } @@ -15,7 +14,10 @@ RSpec.describe GardensController, type: :controller do before { put :create, garden: valid_params } it { expect(response).to redirect_to(new_member_session_path) } end - + describe 'GET timeline' do + before { get :timeline, garden_id: garden.to_param } + it { expect(response).to be_success } + end describe 'changing existing records' do before do allow(Garden).to receive(:find).and_return(:garden) @@ -44,6 +46,11 @@ RSpec.describe GardensController, type: :controller do let!(:member) { FactoryBot.create(:member) } + describe 'GET timeline' do + before { get :timeline, garden_id: garden.to_param } + it { expect(response).to be_success } + end + describe "for another member's garden" do let(:not_my_garden) { double('garden') }