Completely hide any CodeHarbor actions if disabled in global config

MrSerth · MrSerth · commit 82e188e50c21 · 2025-04-02T16:24:34.000+02:00
Previously, a button to configure a CodeHarbor link might have been displayed, even if globally disabled. Now, the UI elements are only shown if CodeHarbor is enabled.
diff --git a/app/policies/exercise_policy.rb b/app/policies/exercise_policy.rb
@@ -22,7 +22,7 @@ def detailed_statistics?
   end
 
   %i[export_external_check? export_external_confirm?].each do |action|
-    define_method(action) { (admin? || teacher_in_study_group? || author?) && @user.codeharbor_link }
+    define_method(action) { Pundit.policy(@user, CodeharborLink).enabled? && (admin? || teacher_in_study_group? || author?) && @user.codeharbor_link }
   end
 
   %i[implement? working_times? intervention? reload?].each do |action|
diff --git a/app/views/exercises/show.html.slim b/app/views/exercises/show.html.slim
@@ -64,7 +64,8 @@ ul.list-unstyled#files
             .clearfix = link_to(t('shared.destroy'), file, class: 'btn btn-warning btn-sm float-end', data: {confirm: t('shared.confirm_destroy')}, method: :delete)
           = render('shared/file', file:)
 
-= render 'shared/modal',
-        title: t('exercises.export_codeharbor.dialogtitle'),
-        modal_root_attributes: {id: 'export-modal'},
-        template: 'exercises/_export_dialogcontent'
+- if policy(@exercise).export_external_confirm?
+  = render 'shared/modal',
+          title: t('exercises.export_codeharbor.dialogtitle'),
+          modal_root_attributes: {id: 'export-modal'},
+          template: 'exercises/_export_dialogcontent'
diff --git a/app/views/external_users/show.html.slim b/app/views/external_users/show.html.slim
@@ -32,7 +32,7 @@ h1 = @user.displayname
     = t('users.show.no_groups')
 
 - if @user == current_user || current_user.admin?
-  = row(label: 'codeharbor_link.profile_label', value: @user.codeharbor_link.nil? ? link_to(t('codeharbor_link.new'), polymorphic_path([@user, CodeharborLink], action: :new), class: 'btn btn-secondary') : link_to(t('codeharbor_link.edit'), polymorphic_path([@user, @user.codeharbor_link], action: :edit), class: 'btn btn-secondary'))
+  = row(label: 'codeharbor_link.profile_label', value: @user.codeharbor_link.nil? ? link_to(t('codeharbor_link.new'), polymorphic_path([@user, CodeharborLink], action: :new), class: 'btn btn-secondary') : link_to(t('codeharbor_link.edit'), polymorphic_path([@user, @user.codeharbor_link], action: :edit), class: 'btn btn-secondary')) if policy(CodeharborLink).enabled?
   = render 'webauthn_credentials/list'
 
 h4.mt-4 = link_to(t('.exercise_statistics'), statistics_external_user_path(@user)) if policy(@user).statistics?
diff --git a/app/views/internal_users/show.html.slim b/app/views/internal_users/show.html.slim
@@ -29,6 +29,6 @@ h1
     = t('users.show.no_groups')
 
 - if @user == current_user || current_user.admin?
-  = row(label: 'codeharbor_link.profile_label', value: @user.codeharbor_link.nil? ? link_to(t('codeharbor_link.new'), polymorphic_path([@user, CodeharborLink], action: :new), class: 'btn btn-secondary') : link_to(t('codeharbor_link.edit'), polymorphic_path([@user, @user.codeharbor_link], action: :edit), class: 'btn btn-secondary'))
+  = row(label: 'codeharbor_link.profile_label', value: @user.codeharbor_link.nil? ? link_to(t('codeharbor_link.new'), polymorphic_path([@user, CodeharborLink], action: :new), class: 'btn btn-secondary') : link_to(t('codeharbor_link.edit'), polymorphic_path([@user, @user.codeharbor_link], action: :edit), class: 'btn btn-secondary')) if policy(CodeharborLink).enabled?
   = row(label: 'internal_user.password', value: link_to(t('.change_password'), change_password_internal_user_path(@user), class: 'btn btn-secondary'))
   = render 'webauthn_credentials/list'
diff --git a/spec/policies/exercise_policy_spec.rb b/spec/policies/exercise_policy_spec.rb
@@ -54,41 +54,53 @@
 
   %i[export_external_check? export_external_confirm?].each do |action|
     permissions(action) do
-      context 'when user is author' do
-        let(:user) { exercise.author }
-
-        it 'does not grant access' do
-          expect(policy).not_to permit(user, exercise)
+      context 'when CodeHarbor is disabled' do
+        before do
+          stub_const('CodeharborLinkPolicy::CODEHARBOR_CONFIG', {enabled: false})
         end
 
-        context 'when user has codeharbor_link' do
-          before { user.codeharbor_link = build(:codeharbor_link) }
+        %i[external_user teacher admin].each do |factory_name|
+          context "when user is #{factory_name}" do
+            let(:user) { create(factory_name) }
 
-          it 'grants access' do
-            expect(policy).to permit(user, exercise)
+            it 'does not grant access' do
+              expect(policy).not_to permit(user, exercise)
+            end
+
+            context 'when user has codeharbor_link' do
+              before { user.codeharbor_link = build(:codeharbor_link) }
+
+              it 'does not grant access' do
+                expect(policy).not_to permit(user, exercise)
+              end
+            end
           end
         end
       end
 
-      context 'when user is admin' do
-        let(:user) { build(:admin) }
-
-        it 'does not grant access' do
-          expect(policy).not_to permit(user, exercise)
+      context 'when CodeHarbor is enabled' do
+        before do
+          stub_const('CodeharborLinkPolicy::CODEHARBOR_CONFIG', {enabled: true})
         end
 
-        context 'when user has codeharbor_link' do
-          before { user.codeharbor_link = build(:codeharbor_link) }
+        context 'when user is author' do
+          let(:user) { exercise.author }
+
+          it 'does not grant access' do
+            expect(policy).not_to permit(user, exercise)
+          end
+
+          context 'when user has codeharbor_link' do
+            before { user.codeharbor_link = build(:codeharbor_link) }
 
-          it 'grants access' do
-            expect(policy).to permit(user, exercise)
+            it 'grants access' do
+              expect(policy).to permit(user, exercise)
+            end
           end
         end
-      end
 
-      %i[external_user teacher].each do |factory_name|
-        context "when user is #{factory_name}" do
-          let(:user) { create(factory_name) }
+        context 'when user is admin' do
+          let(:user) { build(:admin) }
 
           it 'does not grant access' do
             expect(policy).not_to permit(user, exercise)
@@ -97,9 +109,27 @@
           context 'when user has codeharbor_link' do
             before { user.codeharbor_link = build(:codeharbor_link) }
 
+            it 'grants access' do
+              expect(policy).to permit(user, exercise)
+            end
+          end
+        end
+
+        %i[external_user teacher].each do |factory_name|
+          context "when user is #{factory_name}" do
+            let(:user) { create(factory_name) }
+
             it 'does not grant access' do
               expect(policy).not_to permit(user, exercise)
             end
+
+            context 'when user has codeharbor_link' do
+              before { user.codeharbor_link = build(:codeharbor_link) }
+
+              it 'does not grant access' do
+                expect(policy).not_to permit(user, exercise)
+              end
+            end
           end
         end
       end
