Introduce permission for creating public projects

floehopper · floehopper · commit 32c9e86357b7 · 2025-05-21T18:03:22.000+01:00
I plan to use this to restrict creating public projects to experience-cs
admin users to be able to create public projects.
diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -14,6 +14,8 @@ def initialize(user)
       define_school_teacher_abilities(user:, school:) if user.school_teacher?(school)
       define_school_owner_abilities(school:) if user.school_owner?(school)
     end
+
+    define_experience_cs_admin_abilities(user)
   end
 
   private
@@ -100,6 +102,10 @@ def define_school_student_abilities(user:, school:)
     can(%i[show_finished set_finished], SchoolProject, project: { user_id: user.id, lesson_id: nil }, school_id: school.id)
   end
 
+  def define_experience_cs_admin_abilities(user)
+    can :create, :public_project if user.experience_cs_admin?
+  end
+
   def school_teacher_can_manage_lesson?(user:, school:, lesson:)
     is_my_lesson = lesson.school_id == school.id && lesson.user_id == user.id
     is_my_class = lesson.school_class&.teacher_ids&.include?(user.id)
diff --git a/spec/factories/user.rb b/spec/factories/user.rb
@@ -11,6 +11,10 @@
       roles { 'editor-admin' }
     end
 
+    factory :experience_cs_admin_user do
+      roles { 'experience-cs-admin' }
+    end
+
     factory :student do
       email { nil }
       username { Faker::Internet.username }
diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb
@@ -29,6 +29,8 @@
         it { is_expected.not_to be_able_to(:update, project) }
         it { is_expected.not_to be_able_to(:destroy, project) }
       end
+
+      it { is_expected.not_to be_able_to(:create, :public_project) }
     end
 
     context 'with a standard user' do
@@ -56,6 +58,8 @@
         it { is_expected.not_to be_able_to(:update, another_project) }
         it { is_expected.not_to be_able_to(:destroy, another_project) }
       end
+
+      it { is_expected.not_to be_able_to(:create, :public_project) }
     end
 
     context 'with a teacher' do
@@ -83,6 +87,8 @@
         it { is_expected.not_to be_able_to(:update, another_project) }
         it { is_expected.not_to be_able_to(:destroy, another_project) }
       end
+
+      it { is_expected.not_to be_able_to(:create, :public_project) }
     end
 
     context 'with an owner' do
@@ -110,6 +116,8 @@
         it { is_expected.not_to be_able_to(:update, another_project) }
         it { is_expected.not_to be_able_to(:destroy, another_project) }
       end
+
+      it { is_expected.not_to be_able_to(:create, :public_project) }
     end
 
     context 'with a student' do
@@ -137,6 +145,14 @@
         it { is_expected.not_to be_able_to(:update, another_project) }
         it { is_expected.not_to be_able_to(:destroy, another_project) }
       end
+
+      it { is_expected.not_to be_able_to(:create, :public_project) }
+    end
+
+    context 'with an experience-cs admin' do
+      let(:user) { build(:experience_cs_admin_user) }
+
+      it { is_expected.to be_able_to(:create, :public_project) }
     end
 
     # rubocop:disable RSpec/MultipleMemoizedHelpers
