Commit 2ad5f999 authored by Thong Kuah's avatar Thong Kuah

Check can :read_clusters in finder

This is in addtion to the can checks we have in the controller, as a
finder can be used elsewhere in the future.
parent 0e78834b
# frozen_string_literal: true # frozen_string_literal: true
class ClusterAncestorsFinder class ClusterAncestorsFinder
def initialize(clusterable, user) def initialize(clusterable, current_user)
@clusterable = clusterable @clusterable = clusterable
@user = user @current_user = current_user
end end
def execute def execute
return [] unless can_read_clusters?
clusterable.clusters + ancestor_clusters clusterable.clusters + ancestor_clusters
end end
private private
attr_reader :clusterable, :user attr_reader :clusterable, :current_user
def can_read_clusters?
Ability.allowed?(current_user, :read_cluster, clusterable)
end
def ancestor_clusters def ancestor_clusters
Clusters::Cluster.ancestor_clusters_for_clusterable(clusterable) Clusters::Cluster.ancestor_clusters_for_clusterable(clusterable)
......
...@@ -20,6 +20,10 @@ describe ClusterAncestorsFinder, '#execute' do ...@@ -20,6 +20,10 @@ describe ClusterAncestorsFinder, '#execute' do
context 'for a project' do context 'for a project' do
let(:clusterable) { project } let(:clusterable) { project }
before do
project.add_maintainer(user)
end
it 'returns the project clusters followed by group clusters' do it 'returns the project clusters followed by group clusters' do
is_expected.to eq([project_cluster, group_cluster]) is_expected.to eq([project_cluster, group_cluster])
end end
...@@ -38,9 +42,21 @@ describe ClusterAncestorsFinder, '#execute' do ...@@ -38,9 +42,21 @@ describe ClusterAncestorsFinder, '#execute' do
end end
end end
context 'user cannot read clusters for clusterable' do
let(:clusterable) { project }
it 'returns nothing' do
is_expected.to be_empty
end
end
context 'for a group' do context 'for a group' do
let(:clusterable) { group } let(:clusterable) { group }
before do
group.add_maintainer(user)
end
it 'returns the list of group clusters' do it 'returns the list of group clusters' do
is_expected.to eq([group_cluster]) is_expected.to eq([group_cluster])
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment