From 4d6482fed30f4f5b9d45ed06ef5602318242400b Mon Sep 17 00:00:00 2001 From: Justin Miller <16829344+jmilljr24@users.noreply.github.com> Date: Tue, 3 Feb 2026 12:43:41 -0500 Subject: [PATCH] add tag index policies --- app/controllers/application_controller.rb | 4 ++- app/controllers/tags_controller.rb | 3 +++ app/policies/application_policy.rb | 1 + app/policies/category_policy.rb | 9 +++++++ app/policies/sector_policy.rb | 9 +++++++ spec/policies/category_policy_spec.rb | 30 +++++++++++++++++++++++ spec/policies/sector_policy_spec.rb | 30 +++++++++++++++++++++++ spec/requests/tags_spec.rb | 7 ++++++ 8 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 app/policies/category_policy.rb create mode 100644 app/policies/sector_policy.rb create mode 100644 spec/policies/category_policy_spec.rb create mode 100644 spec/policies/sector_policy_spec.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f823ea044..550e0e356 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -14,7 +14,9 @@ class ApplicationController < ActionController::Base flash[:alert] = exception.message.presence || "You are not authorized to perform this action." redirect_back_or_to root_path end - + def default_authorization_policy_class + ApplicationPolicy + end private def after_sign_in_path_for(resource) diff --git a/app/controllers/tags_controller.rb b/app/controllers/tags_controller.rb index 89fa36c5a..377578bc2 100644 --- a/app/controllers/tags_controller.rb +++ b/app/controllers/tags_controller.rb @@ -1,12 +1,15 @@ class TagsController < ApplicationController def index + authorize! end def sectors + authorize! Sector, to: :tags_index? @sectors = Sector.published.order(:name) end def categories + authorize! Category, to: :tags_index? @categories_by_type = Category .published .joins(:category_type) diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb index 18bbc80ab..3c5c41960 100644 --- a/app/policies/application_policy.rb +++ b/app/policies/application_policy.rb @@ -10,6 +10,7 @@ class ApplicationPolicy < ActionPolicy::Base authorize :user, optional: true, allow_nil: true pre_check :verify_authenticated! + default_rule :manage? alias_rule :new?, :create?, :edit?, :update?, :destroy?, to: :manage? def manage? diff --git a/app/policies/category_policy.rb b/app/policies/category_policy.rb new file mode 100644 index 000000000..2461d86a4 --- /dev/null +++ b/app/policies/category_policy.rb @@ -0,0 +1,9 @@ +class CategoryPolicy < ApplicationPolicy + # See https://actionpolicy.evilmartians.io/#/writing_policies + # + # override or add new rules here that are not defined in ApplicationPolicy + + def tags_index? + true + end +end diff --git a/app/policies/sector_policy.rb b/app/policies/sector_policy.rb new file mode 100644 index 000000000..8a7c8dc60 --- /dev/null +++ b/app/policies/sector_policy.rb @@ -0,0 +1,9 @@ +class SectorPolicy < ApplicationPolicy + # See https://actionpolicy.evilmartians.io/#/writing_policies + # + # override or add new rules here that are not defined in ApplicationPolicy + + def tags_index? + true + end +end diff --git a/spec/policies/category_policy_spec.rb b/spec/policies/category_policy_spec.rb new file mode 100644 index 000000000..be0c87344 --- /dev/null +++ b/spec/policies/category_policy_spec.rb @@ -0,0 +1,30 @@ +require "rails_helper" + +RSpec.describe CategoryPolicy, type: :policy do + let(:admin_user) { build_stubbed :user, super_user: true } + let(:regular_user) { build_stubbed :user, super_user: false } + + def policy_for(record: nil, user:) + described_class.new(record, user: user) + end + + describe "#tags_index?" do + context "with admin user" do + subject { policy_for(user: admin_user) } + + it { is_expected.to be_allowed_to(:tags_index?) } + end + + context "with regular user" do + subject { policy_for(user: regular_user) } + + it { is_expected.to be_allowed_to(:tags_index?) } + end + + context "with no user" do + subject { policy_for(user: nil) } + + it { is_expected.not_to be_allowed_to(:tags_index?) } + end + end +end diff --git a/spec/policies/sector_policy_spec.rb b/spec/policies/sector_policy_spec.rb new file mode 100644 index 000000000..ccc9f3a40 --- /dev/null +++ b/spec/policies/sector_policy_spec.rb @@ -0,0 +1,30 @@ +require "rails_helper" + +RSpec.describe SectorPolicy, type: :policy do + let(:admin_user) { build_stubbed :user, super_user: true } + let(:regular_user) { build_stubbed :user, super_user: false } + + def policy_for(record: nil, user:) + described_class.new(record, user: user) + end + + describe "#tags_index?" do + context "with admin user" do + subject { policy_for(user: admin_user) } + + it { is_expected.to be_allowed_to(:tags_index?) } + end + + context "with regular user" do + subject { policy_for(user: regular_user) } + + it { is_expected.to be_allowed_to(:tags_index?) } + end + + context "with no user" do + subject { policy_for(user: nil) } + + it { is_expected.not_to be_allowed_to(:tags_index?) } + end + end +end diff --git a/spec/requests/tags_spec.rb b/spec/requests/tags_spec.rb index a62455e5d..ab686bcd3 100644 --- a/spec/requests/tags_spec.rb +++ b/spec/requests/tags_spec.rb @@ -10,6 +10,13 @@ before { sign_in user } + it "checks authorization via ApplicationPolicy" do + expect_any_instance_of(ApplicationPolicy) + .to receive(:index?).and_call_original + + get tags_path + end + it "renders Service Populations and Categories skeleton" do get tags_path expect(response).to have_http_status(:ok)