Merge pull request #172 from MITLibraries/tco-133-permissions-updates

Authenticated users terms and playground access

app/models/ability.rb

@@ -23,6 +23,15 @@ def initialize(user)
     # Allow all authenticated users to view reports
     can :view, :report
 
+    # All users can see search events and terms
+    can %w[index show], :search_event
+    can %i[read view], SearchEvent
+    can %w[index show], :term
+    can %i[read view], Term
+
+    # All users can use playground
+    can :view, :playground
+
     # Create manual confirmation
     can :manage, :confirmations
     can :manage, Confirmation

test/controllers/static_controller_test.rb

@@ -26,14 +26,11 @@ class StaticControllerTest < ActionDispatch::IntegrationTest
     assert_response :success
   end
 
-  test 'playground url is not accessible to basic users when authenticated' do
+  test 'playground url is accessible to basic users when authenticated' do
     sign_in users(:basic)
 
     get '/playground'
 
-    assert_redirected_to '/'
-    follow_redirect!
-
-    assert_select 'div.alert', text: 'Not authorized.', count: 1
+    assert_response :success
   end
 end

test/integration/admin_dashboard_test.rb

@@ -21,15 +21,12 @@ def teardown
     assert_select 'div.alert', text: 'Please sign in to continue', count: 1
   end
 
-  test 'authenticated users without admin status still cannot access admin area' do
+  test 'authenticated users without admin status can access admin area' do
     mock_auth(users(:basic))
     get '/admin'
 
-    assert_response :redirect
-    follow_redirect!
-
-    assert_equal '/', path
-    assert_select 'div.alert', text: 'Not authorized', count: 1
+    assert_response :ok
+    assert_equal '/admin', path
   end
 
   test 'admin users can access admin area' do