From b1884c82f6764e397eedd8ee04c58179bd6acec4 Mon Sep 17 00:00:00 2001
From: Thorsten Eckel <te@znuny.com>
Date: Mon, 19 Jun 2017 10:16:46 +0200
Subject: [PATCH] Only active instances have access to Groups.

---
 app/models/concerns/has_groups.rb           |  7 ++++-
 spec/models/concerns/has_groups_examples.rb | 34 +++++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/app/models/concerns/has_groups.rb b/app/models/concerns/has_groups.rb
index c5be27977..337da8222 100644
--- a/app/models/concerns/has_groups.rb
+++ b/app/models/concerns/has_groups.rb
@@ -61,6 +61,8 @@ module HasGroups
   #
   # @return [Boolean]
   def group_access?(group_id, access)
+    return false if !active?
+
     group_id = self.class.ensure_group_id_parameter(group_id)
     access   = self.class.ensure_group_access_list_parameter(access)
 
@@ -92,8 +94,9 @@ module HasGroups
   #
   # @return [Array<Integer>] Group IDs the instance has the given access(es) to.
   def group_ids_access(access)
-    access = self.class.ensure_group_access_list_parameter(access)
+    return [] if !active?
 
+    access      = self.class.ensure_group_access_list_parameter(access)
     foreign_key = group_through.foreign_key
     klass       = group_through.klass
 
@@ -124,6 +127,7 @@ module HasGroups
   #
   # @return [Array<Group>] Groups the instance has the given access(es) to.
   def groups_access(access)
+    return [] if !active?
     group_ids = group_ids_access(access)
     Group.where(id: group_ids)
   end
@@ -182,6 +186,7 @@ module HasGroups
   private
 
   def groups_access_map(key)
+    return {} if !active?
     {}.tap do |hash|
       groups.access.where(active: true).pluck(key, :access).each do |entry|
         hash[ entry[0] ] ||= []
diff --git a/spec/models/concerns/has_groups_examples.rb b/spec/models/concerns/has_groups_examples.rb
index 0fd9b3f43..0e1177a61 100644
--- a/spec/models/concerns/has_groups_examples.rb
+++ b/spec/models/concerns/has_groups_examples.rb
@@ -111,6 +111,14 @@ RSpec.shared_examples 'HasGroups' do
 
         expect(instance.group_access?(group_inactive.id, 'read')).to be false
       end
+
+      it 'prevents inactive instances' do
+        instance_inactive.group_names_access_map = {
+          group_read.name => 'read',
+        }
+
+        expect(instance_inactive.group_access?(group_read.id, 'read')).to be false
+      end
     end
 
     context '#group_ids_access' do
@@ -135,6 +143,14 @@ RSpec.shared_examples 'HasGroups' do
         expect(result).not_to include(group_inactive.id)
       end
 
+      it "doesn't list for inactive instances" do
+        instance_inactive.group_names_access_map = {
+          group_read.name => 'read',
+        }
+
+        expect(instance_inactive.group_ids_access('read')).to be_empty
+      end
+
       context 'single access' do
 
         it 'lists access Group IDs' do
@@ -258,6 +274,15 @@ RSpec.shared_examples 'HasGroups' do
 
         expect(instance.group_names_access_map).to eq(expected)
       end
+
+      it "doesn't map for inactive instances" do
+        instance_inactive.group_names_access_map = {
+          group_full.name => ['full'],
+          group_read.name => ['read'],
+        }
+
+        expect(instance_inactive.group_names_access_map).to be_empty
+      end
     end
 
     context '#group_ids_access_map=' do
@@ -336,6 +361,15 @@ RSpec.shared_examples 'HasGroups' do
 
         expect(instance.group_ids_access_map).to eq(expected)
       end
+
+      it "doesn't map for inactive instances" do
+        instance_inactive.group_ids_access_map = {
+          group_full.id => ['full'],
+          group_read.id => ['read'],
+        }
+
+        expect(instance_inactive.group_ids_access_map).to be_empty
+      end
     end
 
     context '#associations_from_param' do