Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chore: Adds project submission policy. #4349

Merged
merged 7 commits into from
May 17, 2024
Merged

Chore: Adds project submission policy. #4349

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
5b18e36
Adds policy to restrict submission voting.
ZachBaird Jan 18, 2024
783b0b3
Cleans up test.
ZachBaird Jan 19, 2024
2a86c34
Merges main into branch.
ZachBaird Jan 19, 2024
eb1acd5
Modifies submission policy.
ZachBaird Jan 26, 2024
65c8a70
Merge branch 'main' into chore/restrict-proj-sub-votes
ZachBaird May 8, 2024
d7dd715
Chore: Adds unit tests for SubmissionLikePolicy. Cleans up code.
ZachBaird May 8, 2024
97d674f
Adds created_after scope to User for submission policy.
ZachBaird May 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
12 changes: 12 additions & 0 deletions app/controllers/project_submissions/likes_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
class ProjectSubmissions::LikesController < ApplicationController
before_action :authenticate_user!
before_action :authorize_like

def update
@project_submission = ProjectSubmission.find(params[:project_submission_id])
Expand All @@ -14,4 +15,15 @@ def update
format.turbo_stream
end
end

private

def authorize_like
return if SubmissionLikePolicy.new(current_user).allowed?

respond_to do |format|
flash.now[:alert] = 'Failed to like.'
format.turbo_stream { render turbo_stream: turbo_stream.update('flash-messages', partial: 'shared/flash') }
end
end
end
2 changes: 2 additions & 0 deletions app/models/user.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ class User < ApplicationRecord
has_many :likes, dependent: :destroy
belongs_to :path, optional: true

scope :created_after, ->(date) { where(arel_table[:created_at].gt(date)) }

def progress_for(course)
@progress ||= Hash.new { |hash, c| hash[c] = CourseProgress.new(c, self) }
@progress[course]
Expand Down
21 changes: 21 additions & 0 deletions app/policies/submission_like_policy.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
class SubmissionLikePolicy
def initialize(user)
@user = user
end

def allowed?
return true if @user.project_submissions.any?

no_recent_accounts_with_same_ip?
end

private

def no_recent_accounts_with_same_ip?
User
.created_after(1.week.ago)
.where(last_sign_in_ip: @user.current_sign_in_ip)
.where.not(id: @user.id)
.none?
end
end
47 changes: 47 additions & 0 deletions spec/services/project_submissions/submission_like_policy_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
require 'rails_helper'

RSpec.describe SubmissionLikePolicy do
ZachBaird marked this conversation as resolved.
Show resolved Hide resolved
describe '#allowed?' do
context 'when there are recent accounts with the same ip' do
it 'cannot like the project submission' do
user = create(:user, current_sign_in_ip: '127.0.0.1')
create(:user, last_sign_in_ip: user.current_sign_in_ip)

policy = described_class.new(user)

expect(policy.allowed?).to be(false)
end
end

context 'when there are no recent accounts with the same ip' do
it 'can like the project submission' do
user = create(:user)

policy = described_class.new(user)

expect(policy.allowed?).to be(true)
end
end

context 'when the user has project submissions' do
it 'can like the project submission normally' do
user = create(:user)
create(:project_submission, user_id: user.id)

policy = described_class.new(user)

expect(policy.allowed?).to be(true)
end

it 'can like the project submission despite recent accounts with the same ip' do
user = create(:user, current_sign_in_ip: '127.0.0.1')
create(:project_submission, user_id: user.id)
create(:user, last_sign_in_ip: user.current_sign_in_ip)

policy = described_class.new(user)

expect(policy.allowed?).to be(true)
end
end
end
end
26 changes: 26 additions & 0 deletions spec/system/lesson_project_submissions/like_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@
create(:project_submission, lesson:)

sign_in(user)
create(:project_submission, user_id: user.id)

visit lesson_project_submissions_path(lesson)
end

Expand All @@ -33,6 +35,8 @@
create(:project_submission, lesson:, likes_count: 10)

sign_in(user)
create(:project_submission, user_id: user.id)

visit lesson_project_submissions_path(lesson)
end

Expand All @@ -51,4 +55,26 @@
end
end
end

context 'when a user is inflating likes' do
ZachBaird marked this conversation as resolved.
Show resolved Hide resolved
before do
create(:project_submission, lesson:)

create(:user, last_sign_in_ip: '127.0.0.1')
sign_in(user) # Sets current ip to localhost

visit lesson_project_submissions_path(lesson)
end

it 'cannot like the submission' do
ZachBaird marked this conversation as resolved.
Show resolved Hide resolved
within(:test_project_submission, 1) do
expect(find(:test_id, 'like-count')).to have_content('0')

find(:test_id, 'like-submission').click
expect(find(:test_id, 'like-count')).to have_content('0')
end

expect(page).to have_content('Failed to like')
end
end
end