From 5aef8a5762dc101e094617260dbb8a5d9c60a46a Mon Sep 17 00:00:00 2001 From: Deep Sidhu Date: Fri, 20 Dec 2024 14:19:45 -0600 Subject: [PATCH] Updated workflow_execution policy and workflow execution policy test to increase coverage --- app/policies/application_policy.rb | 6 +++ app/policies/workflow_execution_policy.rb | 31 ++++++++++---- .../workflow_execution_policy_test.rb | 41 +++++++++++++++++++ 3 files changed, 69 insertions(+), 9 deletions(-) diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb index b785f314af..d9a09caa41 100644 --- a/app/policies/application_policy.rb +++ b/app/policies/application_policy.rb @@ -17,4 +17,10 @@ class ApplicationPolicy < ActionPolicy::Base # record.user_id == user.id # end # + attr_accessor :details + + def initialize(record = nil, **params) + super + @details ||= {} + end end diff --git a/app/policies/workflow_execution_policy.rb b/app/policies/workflow_execution_policy.rb index a0b290debb..52aa0db719 100644 --- a/app/policies/workflow_execution_policy.rb +++ b/app/policies/workflow_execution_policy.rb @@ -7,7 +7,7 @@ def effective_access_level(current_user = user) @access_level ||= {} - user_type = if current_user.user_type == User.user_types[:project_automation_bot] + user_type = if project_automation_bot?(current_user) :project_automation_bot else :human_user @@ -17,9 +17,15 @@ def effective_access_level(current_user = user) @access_level[user_type] end - def destroy? # rubocop:disable Metrics/AbcSize - return true if record.submitter.id == user.id - return true if Member::AccessLevel.manageable.include?(effective_access_level) + def project_automation_bot?(user) + User.user_types[user.user_type] == User.user_types[:project_automation_bot] + end + + def destroy? # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity + unless project_automation_bot?(user) + return true if record.submitter.id == user.id + return true if Member::AccessLevel.manageable.include?(effective_access_level) + end if (record.namespace.type == Namespaces::ProjectNamespace.sti_name) && (record.submitter.id == record.namespace.automation_bot.id) && @@ -33,10 +39,15 @@ def destroy? # rubocop:disable Metrics/AbcSize false end - def read? # rubocop:disable Metrics/AbcSize - return true if record.submitter.id == user.id + def read? # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity + unless project_automation_bot?(user) + return true if record.submitter.id == user.id + return true if effective_access_level(user) > Member::AccessLevel::NO_ACCESS + end + if (record.namespace.type == Namespaces::ProjectNamespace.sti_name) && (record.submitter.id == record.namespace.automation_bot.id) && + (record.namespace.automation_bot.id == user.id) && (effective_access_level(record.namespace.automation_bot) > Member::AccessLevel::NO_ACCESS) return true end @@ -53,9 +64,11 @@ def create? false end - def cancel? # rubocop:disable Metrics/AbcSize - return true if record.submitter.id == user.id - return true if Member::AccessLevel.manageable.include?(effective_access_level) + def cancel? # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity + unless project_automation_bot?(user) + return true if record.submitter.id == user.id + return true if Member::AccessLevel.manageable.include?(effective_access_level) + end if (record.namespace.type == Namespaces::ProjectNamespace.sti_name) && (record.submitter.id == record.namespace.automation_bot.id) && diff --git a/test/policies/workflow_execution_policy_test.rb b/test/policies/workflow_execution_policy_test.rb index 0c985aec8c..1c9c51583d 100644 --- a/test/policies/workflow_execution_policy_test.rb +++ b/test/policies/workflow_execution_policy_test.rb @@ -5,23 +5,45 @@ class WorkflowExecutionPolicyTest < ActiveSupport::TestCase def setup @user = users(:john_doe) + @automation_bot_user = users(:project1_automation_bot) @workflow_execution = workflow_executions(:irida_next_example_prepared) @policy = WorkflowExecutionPolicy.new(@workflow_execution, user: @user) + @details = {} end test '#read?' do assert @policy.read? + user = users(:ryan_doe) + policy = WorkflowExecutionPolicy.new(@workflow_execution, user:) + + assert policy.read? + user = users(:project1_automation_bot) + user_incorrect_permissions = users(:micha_doe) workflow_execution = workflow_executions(:automated_workflow_execution) policy = WorkflowExecutionPolicy.new(workflow_execution, user:) assert policy.read? + + policy = WorkflowExecutionPolicy.new(workflow_execution, user: @user) + + assert policy.read? + + policy = WorkflowExecutionPolicy.new(workflow_execution, user: user_incorrect_permissions) + + assert_not policy.read? end test '#create?' do assert @policy.create? + + user_incorrect_permissions = users(:ryan_doe) + workflow_execution = workflow_executions(:automated_workflow_execution) + policy = WorkflowExecutionPolicy.new(workflow_execution, user: user_incorrect_permissions) + + assert_not policy.create? end test '#cancel?' do @@ -32,16 +54,35 @@ def setup policy = WorkflowExecutionPolicy.new(workflow_execution, user:) assert policy.cancel? + + automated_workflow_execution = workflow_executions(:automated_workflow_execution) + policy = WorkflowExecutionPolicy.new(automated_workflow_execution, user: @user) + + assert policy.cancel? + + user_incorrect_permissions = users(:ryan_doe) + policy = WorkflowExecutionPolicy.new(workflow_execution, user: user_incorrect_permissions) + + assert_not policy.cancel? end test '#destroy?' do assert @policy.destroy? user = users(:project1_automation_bot) + user_incorrect_permissions = users(:ryan_doe) workflow_execution = workflow_executions(:automated_workflow_execution) policy = WorkflowExecutionPolicy.new(workflow_execution, user:) assert policy.destroy? + + policy = WorkflowExecutionPolicy.new(workflow_execution, user: @user) + + assert policy.destroy? + + policy = WorkflowExecutionPolicy.new(workflow_execution, user: user_incorrect_permissions) + + assert_not policy.destroy? end test 'automated scope' do