From a887d16d6ba9c5bedf6c848af5753d94d6a53a92 Mon Sep 17 00:00:00 2001
From: Jerod Santo <jerod@changelog.com>
Date: Tue, 25 Jun 2024 12:10:28 -0500
Subject: [PATCH] Add a (non-admin) feed policy

---
 lib/changelog/policies/feed.ex        | 18 ++++++++++++++++++
 test/changelog/policies/feed_test.exs | 26 ++++++++++++++++++++++++++
 test/support/policy_case.ex           |  9 ++++++++-
 3 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 lib/changelog/policies/feed.ex
 create mode 100644 test/changelog/policies/feed_test.exs

diff --git a/lib/changelog/policies/feed.ex b/lib/changelog/policies/feed.ex
new file mode 100644
index 0000000000..3380f7e9a0
--- /dev/null
+++ b/lib/changelog/policies/feed.ex
@@ -0,0 +1,18 @@
+defmodule Changelog.Policies.Feed do
+  use Changelog.Policies.Default
+
+  def index(actor), do: is_active_member(actor)
+  def create(actor), do: is_active_member(actor)
+
+  def update(actor, feed), do: is_owner(actor, feed)
+  def delete(actor, feed), do: is_owner(actor, feed)
+
+  defp is_active_member(nil), do: false
+  defp is_active_member(actor), do: Map.get(actor, :active_membership, false)
+
+  defp is_owner(actor, feed) do
+    feed
+    |> Map.get(:owner, nil)
+    |> Kernel.==(actor)
+  end
+end
diff --git a/test/changelog/policies/feed_test.exs b/test/changelog/policies/feed_test.exs
new file mode 100644
index 0000000000..0af46b10a4
--- /dev/null
+++ b/test/changelog/policies/feed_test.exs
@@ -0,0 +1,26 @@
+defmodule Changelog.Policies.FeedTest do
+  use Changelog.PolicyCase
+
+  alias Changelog.Policies.Feed
+
+  test "only active members can index" do
+    refute Feed.index(@guest)
+    assert Feed.index(@member)
+  end
+
+  test "only active members can new/create" do
+    refute Feed.new(@user)
+    assert Feed.new(@member)
+
+    refute Feed.create(@guest)
+    assert Feed.create(@member)
+  end
+
+  test "only active members can manage their own feeds" do
+    refute Feed.update(@user, %{owner: @member})
+    assert Feed.update(@member, %{owner: @member})
+
+    refute Feed.delete(@user, %{owner: @member})
+    assert Feed.delete(@member, %{owner: @member})
+  end
+end
diff --git a/test/support/policy_case.ex b/test/support/policy_case.ex
index bda07dff90..f1408b938e 100644
--- a/test/support/policy_case.ex
+++ b/test/support/policy_case.ex
@@ -10,7 +10,14 @@ defmodule Changelog.PolicyCase do
       @admin %{id: 2, admin: true}
       @editor %{id: 3, editor: true}
       @host %{id: 4, host: true}
-      @all [@guest, @user, @admin, @host]
+      @member %{
+        id: 5,
+        admin: false,
+        editor: false,
+        host: false,
+        active_membership: %{}
+      }
+      @all [@guest, @user, @admin, @host, @member]
     end
   end
 end