Check can :read_clusters in finder

This is in addtion to the can checks we have in the controller, as a finder can be used elsewhere in the future.
2018-12-07 07:47:41 +13:00 · 2018-12-07 07:47:41 +13:00 · 2ad5f999e9
commit 2ad5f999e9
parent 0e78834bc9
2 changed files with 25 additions and 3 deletions
--- a/app/finders/cluster_ancestors_finder.rb
+++ b/app/finders/cluster_ancestors_finder.rb
@ -1,18 +1,24 @@
 # frozen_string_literal: true

 class ClusterAncestorsFinder
-  def initialize(clusterable, user)
+  def initialize(clusterable, current_user)
    @clusterable = clusterable
-    @user = user
+    @current_user = current_user
  end

  def execute
+    return [] unless can_read_clusters?
+
    clusterable.clusters + ancestor_clusters
  end

  private

-  attr_reader :clusterable, :user
+  attr_reader :clusterable, :current_user
+
+  def can_read_clusters?
+    Ability.allowed?(current_user, :read_cluster, clusterable)
+  end

  def ancestor_clusters
    Clusters::Cluster.ancestor_clusters_for_clusterable(clusterable)
--- a/spec/finders/cluster_ancestors_finder_spec.rb
+++ b/spec/finders/cluster_ancestors_finder_spec.rb
@ -20,6 +20,10 @@ describe ClusterAncestorsFinder, '#execute' do
  context 'for a project' do
    let(:clusterable) { project }

+    before do
+      project.add_maintainer(user)
+    end
+
    it 'returns the project clusters followed by group clusters' do
      is_expected.to eq([project_cluster, group_cluster])
    end
@ -38,9 +42,21 @@ describe ClusterAncestorsFinder, '#execute' do
    end
  end

+  context 'user cannot read clusters for clusterable' do
+    let(:clusterable) { project }
+
+    it 'returns nothing' do
+      is_expected.to be_empty
+    end
+  end
+
  context 'for a group' do
    let(:clusterable) { group }

+    before do
+      group.add_maintainer(user)
+    end
+
    it 'returns the list of group clusters' do
      is_expected.to eq([group_cluster])
    end