Add a (non-admin) feed policy

lib/changelog/policies/feed.ex

@@ -0,0 +1,18 @@
+defmodule Changelog.Policies.Feed do
+  use Changelog.Policies.Default
+
+  def index(actor), do: is_active_member(actor)
+  def create(actor), do: is_active_member(actor)
+
+  def update(actor, feed), do: is_owner(actor, feed)
+  def delete(actor, feed), do: is_owner(actor, feed)
+
+  defp is_active_member(nil), do: false
+  defp is_active_member(actor), do: Map.get(actor, :active_membership, false)
+
+  defp is_owner(actor, feed) do
+    feed
+    |> Map.get(:owner, nil)
+    |> Kernel.==(actor)
+  end
+end

test/changelog/policies/feed_test.exs

@@ -0,0 +1,26 @@
+defmodule Changelog.Policies.FeedTest do
+  use Changelog.PolicyCase
+
+  alias Changelog.Policies.Feed
+
+  test "only active members can index" do
+    refute Feed.index(@guest)
+    assert Feed.index(@member)
+  end
+
+  test "only active members can new/create" do
+    refute Feed.new(@user)
+    assert Feed.new(@member)
+
+    refute Feed.create(@guest)
+    assert Feed.create(@member)
+  end
+
+  test "only active members can manage their own feeds" do
+    refute Feed.update(@user, %{owner: @member})
+    assert Feed.update(@member, %{owner: @member})
+
+    refute Feed.delete(@user, %{owner: @member})
+    assert Feed.delete(@member, %{owner: @member})
+  end
+end

test/support/policy_case.ex

@@ -10,7 +10,14 @@ defmodule Changelog.PolicyCase do
       @admin %{id: 2, admin: true}
       @editor %{id: 3, editor: true}
       @host %{id: 4, host: true}
-      @all [@guest, @user, @admin, @host]
+      @member %{
+        id: 5,
+        admin: false,
+        editor: false,
+        host: false,
+        active_membership: %{}
+      }
+      @all [@guest, @user, @admin, @host, @member]
     end
   end
 end