Created
March 28, 2016 19:09
-
-
Save mfilipe/78d72e1cf8ec02db083e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Ability | |
| include CanCan::Ability | |
| def initialize(user) | |
| # Define abilities for the passed in user here. For example: | |
| # | |
| # user ||= User.new # guest user (not logged in) | |
| # if user.admin? | |
| # can :manage, :all | |
| # else | |
| # can :read, :all | |
| # end | |
| # | |
| # The first argument to `can` is the action you are giving the user | |
| # permission to do. | |
| # If you pass :manage it will apply to every action. Other common actions | |
| # here are :read, :create, :update and :destroy. | |
| # | |
| # The second argument is the resource the user can perform the action on. | |
| # If you pass :all it will apply to every resource. Otherwise pass a Ruby | |
| # class of the resource. | |
| # | |
| # The third argument is an optional hash of conditions to further filter the | |
| # objects. | |
| # For example, here the user can only update published articles. | |
| # | |
| # can :update, Article, :published => true | |
| # | |
| # See the wiki for details: | |
| # https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities | |
| user ||= User.new # guest user (not logged in) | |
| if user.admin? | |
| can :manage, :all | |
| elsif user.manager? | |
| can :read, User | |
| can :manage, User, :role => [ :manager, :seller ] | |
| elsif user.seller? | |
| can :read, User | |
| can :manage, User, :id => user.id | |
| end | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class User < ActiveRecord::Base | |
| has_secure_password | |
| enum role: [ :admin, :manager, :seller ] | |
| validates :name, :email, :role, presence: true | |
| # Exclude password info from json output | |
| def to_json(options={}) | |
| options[:except] ||= [:password, :password_digest] | |
| super(options) | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class UsersController < ApplicationController | |
| load_and_authorize_resource | |
| before_action :authenticate | |
| def update | |
| @user = User.find params[:id] | |
| if @user.update_attributes(params.permit(:name, :timezone, :signture, :role)) | |
| head :ok | |
| else | |
| render json: @user.errors, status: :unprocessable_entity | |
| end | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'rails_helper' | |
| RSpec.describe UsersController do | |
| let(:user) { create :user } | |
| def authenticate(another_user=nil) | |
| token = Knock::AuthToken.new(payload: { sub: (another_user==nil) ? user.id : another_user.id }).token | |
| request.env['HTTP_AUTHORIZATION'] = "Bearer #{token}" | |
| end | |
| shared_examples 'when not authenticated' do | |
| it { is_expected.to be_forbidden } | |
| end | |
| describe '#update' do | |
| subject { patch :update, :id => user.id, :name => 'Michel Reis' } | |
| it_behaves_like 'when not authenticated' | |
| context 'when authenticated' do | |
| let(:user) { create :user, role: auth_role } | |
| before { authenticate } | |
| context 'as seller' do | |
| let(:auth_role) { :seller } | |
| context 'updating the same user' do | |
| it { is_expected.to be_success } | |
| end | |
| context 'updating a different user' do | |
| subject { patch :update, :id => create(:user, email: 'another@gmail.com').id, :name => 'Other Name' } | |
| it { is_expected.to be_forbidden } | |
| end | |
| end | |
| context 'as manager' do | |
| let(:auth_role) { :manager } | |
| it { is_expected.to be_success } | |
| end | |
| context 'as admin' do | |
| let(:auth_role) { :admin } | |
| it { is_expected.to be_success } | |
| end | |
| end | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment