Skip to content

Commit 0698fa0

Browse files
committed
Only experience-cs admins can create public projects
For the moment, we only want to allow experience-cs admin users to be able to create public projects.
1 parent 32c9e86 commit 0698fa0

File tree

4 files changed

+14
-3
lines changed

4 files changed

+14
-3
lines changed

app/controllers/api/public_projects_controller.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ class PublicProjectsController < ApiController
55
before_action :authorize_user
66

77
def create
8+
authorize! :create, :public_project
89
result = PublicProject::Create.call(project_hash: project_params)
910

1011
if result.success?

spec/features/public_project/creating_a_public_project_spec.rb

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
require 'rails_helper'
44

55
RSpec.describe 'Creating a public project', type: :request do
6-
let(:creator) { build(:user) }
6+
let(:creator) { build(:experience_cs_admin_user) }
77
let(:headers) { { Authorization: UserProfileMock::TOKEN } }
88
let(:params) do
99
{
@@ -39,6 +39,15 @@
3939
)
4040
end
4141

42+
context 'when creator is not an experience-cs admin' do
43+
let(:creator) { build(:user) }
44+
45+
it 'responds 403 Forbidden' do
46+
post('/api/public_projects', headers:, params:)
47+
expect(response).to have_http_status(:forbidden)
48+
end
49+
end
50+
4251
it 'responds 400 Bad Request when params are malformed' do
4352
post('/api/public_projects', headers:, params: { project: {} })
4453
expect(response).to have_http_status(:bad_request)

spec/requests/public_projects/create_spec.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55
RSpec.describe 'Create public project requests' do
66
let(:project) { create(:project) }
7-
let(:creator) { build(:user) }
7+
let(:creator) { build(:experience_cs_admin_user) }
88
let(:params) { { project: { identifier: 'not-blank' } } }
99

1010
context 'when auth is correct' do

spec/support/user_profile_mock.rb

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,8 @@ def user_to_hash(user, user_type, id_field = :id)
3131
id_field => user_type ? "#{user_type}:#{user.id}" : user.id,
3232
name: user.name,
3333
email: user.email,
34-
username: user.username
34+
username: user.username,
35+
roles: user.roles
3536
}
3637
end
3738

0 commit comments

Comments
 (0)