Merge pull request #254 from openstax/edit-vocab

no longer consider vocab term exercises special

Author: nathanstitt

app/access_policies/exercise_access_policy.rb

@@ -7,17 +7,14 @@ def self.action_allowed?(action, requestor, exercise)
       true
     when :create
       !requestor.is_anonymous? &&
-      requestor.is_human? &&
-      exercise.vocab_term_id.nil?
+      requestor.is_human?
     when :read
       exercise.is_public? || exercise.has_read_permission?(requestor)
     when :update, :destroy
       !exercise.is_published? &&
-      exercise.vocab_term_id.nil? &&
       exercise.has_write_permission?(requestor)
     when :new_version
       exercise.is_published? &&
-      exercise.vocab_term_id.nil? &&
       exercise.has_write_permission?(requestor)
     else
       false

spec/access_policies/exercise_access_policy_spec.rb

@@ -84,6 +84,10 @@
 
         expect(described_class.action_allowed?(:new_version, app, exercise)).to eq false
       end
+      it 'cannot be accessed even by an author' do
+        author = FactoryBot.create(:author, publication: exercise.publication, user: user)
+        expect(described_class.action_allowed?(:new_version, user, exercise)).to eq false
+      end
     end
 
     context 'not vocab exercise' do
@@ -116,6 +120,11 @@
         expect(described_class.action_allowed?(:update, app, exercise)).to eq false
         expect(described_class.action_allowed?(:destroy, app, exercise)).to eq false
       end
+      it 'can be accessed by an author' do
+        author = FactoryBot.create(:author, publication: exercise.publication, user: user)
+        expect(described_class.action_allowed?(:update, user, exercise)).to eq true
+        expect(described_class.action_allowed?(:destroy, user, exercise)).to eq true
+      end
     end
 
     context 'not vocab' do
@@ -197,6 +206,7 @@
         exercise.vocab_term = FactoryBot.create :vocab_term
         exercise.publication.published_at = Time.now
         exercise.publication.save!
+        exercise.save!
       end
 
       it 'cannot be accessed by anyone' do
@@ -206,6 +216,10 @@
 
         expect(described_class.action_allowed?(:new_version, app, exercise)).to eq false
       end
+      it 'can be accessed by an author' do
+        author = FactoryBot.create(:author, publication: exercise.publication, user: user)
+        expect(described_class.action_allowed?(:new_version, user, exercise.reload)).to eq true
+      end
     end
 
     context 'not vocab' do