refactor: refactors company controller policies and tests to include …

[MDelarosa1993]

…authorization

Type of Change

• feature ⛲
• [?] documentation update 📃
• refactor 🧑‍💻
• testing 🧪

Description

Refactored our Companies controller to include the Pundit and rollify functionality, Also refactored the company__policy spec to test the authorization our users had for the companies. We added the rollify method in our company model to use the roles.

Motivation and Context

This change was required because, we introduced authorization to our app and our companies controller wasn't set up for that.

Added Test?

• Yes 🫡
• All previous tests still pass 🥳

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.

[stefanjbloom]

So you only want to check if a user is present and, if true, allow this action? Check out the admin? and user? methods inherited from application_policy.rb.

Correct me if I'm wrong, but it looks like it is checking the presence of a user and not checking the role of a user.

Furthermore, should an admin also be authorized to take these controller actions? As of now, a user can ONLY be either a :user (by default) or an :admin (by using the set_role(role_name)) method in user.rb)

[jimmacur]

Yes - good catch. We have updated the index? to utilize the ApplicationPolicy and allow admin access to the index (not create)

We pushed the change.