Merge branch 'develop' into feature/realtime.video

Gemfile

@@ -7,7 +7,6 @@ gem 'devise'
 gem 'redis'
 gem 'pg'
 gem 'pundit'
-gem 'cancan'
 gem 'pundit_extra'
 gem 'formula'
 gem 'formtastic'

Gemfile.lock

@@ -57,7 +57,6 @@ GEM
       debug_inspector (>= 0.0.1)
     builder (3.2.2)
     byebug (8.2.2)
-    cancan (1.6.10)
     cancancan (1.10.1)
     climate_control (0.0.3)
       activesupport (>= 3.0)
@@ -265,7 +264,6 @@ DEPENDENCIES
   best_in_place
   better_errors
   binding_of_caller
-  cancan
   coffee-rails
   delayed_job (~> 4.0.2)
   delayed_job_active_record (~> 4.0.1)
@@ -301,6 +299,3 @@ DEPENDENCIES
   tunemygc
   uglifier
   uservoice-ruby
-
-BUNDLED WITH
-   1.11.2

app/assets/javascripts/src/Metamaps.JIT.js.erb

@@ -108,7 +108,7 @@ Metamaps.JIT = {
         _.each(results[1], function (synapse) {
             mapping = synapse.getMapping();
             Metamaps.Synapses.remove(synapse);
-            Metamaps.Mappings.remove(mapping);
+            if (Metamaps.Mappings) Metamaps.Mappings.remove(mapping);
         });
 
         if (self.vizData.length == 0) {

app/assets/javascripts/src/Metamaps.js.erb

@@ -4364,11 +4364,11 @@ Metamaps.Topic = {
                 nodeOnViz.setPos(new $jit.Complex(mapping.get('xloc'), mapping.get('yloc')), "end");
             }
             if (Metamaps.Create.newTopic.addSynapse && permitCreateSynapseAfter) {
-                Metamaps.Create.newSynapse.topic1id = tempNode.getData('topic').id;
-
+                Metamaps.Create.newSynapse.topic1id = Metamaps.tempNode.getData('topic').id;
+                
                 // position the form
-                midpoint.x = tempNode.pos.getc().x + (nodeOnViz.pos.getc().x - tempNode.pos.getc().x) / 2;
-                midpoint.y = tempNode.pos.getc().y + (nodeOnViz.pos.getc().y - tempNode.pos.getc().y) / 2;
+                midpoint.x = Metamaps.tempNode.pos.getc().x + (nodeOnViz.pos.getc().x - Metamaps.tempNode.pos.getc().x) / 2;
+                midpoint.y = Metamaps.tempNode.pos.getc().y + (nodeOnViz.pos.getc().y - Metamaps.tempNode.pos.getc().y) / 2;
                 pixelPos = Metamaps.Util.coordsToPixels(midpoint);
                 $('#new_synapse').css('left', pixelPos.x + "px");
                 $('#new_synapse').css('top', pixelPos.y + "px");
@@ -4378,9 +4378,9 @@ Metamaps.Topic = {
                     modes: ["node-property:dim"],
                     duration: 500,
                     onComplete: function () {
-                        tempNode = null;
-                        tempNode2 = null;
-                        tempInit = false;
+                        Metamaps.tempNode = null;
+                        Metamaps.tempNode2 = null;
+                        Metamaps.tempInit = false;
                     }
                 });
             } else {

app/controllers/topics_controller.rb

@@ -24,9 +24,10 @@ class TopicsController < ApplicationController
 
         respond_to do |format|
             format.html { 
-                @alltopics = ([@topic] + policy_scope(Topic.relatives(@topic.id)))
-                @allsynapses = policy_scope(Synapse.for_topic(@topic.id))
-
+                @alltopics = [@topic].concat(policy_scope(Topic.relatives1(@topic.id)).to_a).concat(policy_scope(Topic.relatives2(@topic.id)).to_a)
+                @allsynapses = policy_scope(Synapse.for_topic(@topic.id)).to_a
+puts @alltopics.length
+puts @allsynapses.length
                 @allcreators = @alltopics.map(&:user).uniq
                 @allcreators += @allsynapses.map(&:user).uniq
 
@@ -41,8 +42,8 @@ class TopicsController < ApplicationController
         @topic = Topic.find(params[:id])
         authorize @topic
 
-        @alltopics = [@topic] + policy_scope(@topic.relatives)
-        @allsynapses = policy_scope(@topic.synapses)
+        @alltopics = [@topic].concat(policy_scope(Topic.relatives1(@topic.id)).to_a).concat(policy_scope(Topic.relatives2(@topic.id)).to_a)
+        @allsynapses = policy_scope(Synapse.for_topic(@topic.id))
 
         @allcreators = @alltopics.map(&:user).uniq
         @allcreators += @allsynapses.map(&:user).uniq
@@ -65,8 +66,8 @@ class TopicsController < ApplicationController
 
         topicsAlreadyHas = params[:network] ? params[:network].split(',').map(&:to_i) : []
 
-        @alltopics = policy_scope(@topic.relatives).to_a.uniq
-        @alltopics.delete_if! do |topic|
+        @alltopics = policy_scope(Topic.relatives1(@topic.id)).to_a.concat(policy_scope(Topic.relatives2(@topic.id)).to_a).uniq
+        @alltopics.delete_if do |topic|
           topicsAlreadyHas.index(topic.id) != nil
         end
 
@@ -87,14 +88,15 @@ class TopicsController < ApplicationController
 
       topicsAlreadyHas = params[:network] ? params[:network].split(',').map(&:to_i) : []
 
-      alltopics = policy_scope(@topic.relatives).to_a.uniq.delete_if do |topic| 
+      alltopics =  policy_scope(Topic.relatives1(@topic.id)).to_a.concat(policy_scope(Topic.relatives2(@topic.id)).to_a).uniq
+      alltopics.delete_if do |topic| 
         topicsAlreadyHas.index(topic.id.to_s) != nil
       end
 
       #find synapses between topics in alltopics array
-      allsynapses = policy_scope(@topic.synapses)
-      synapse_ids = (allsynapses.map(&:topic1_id) + allsynapses.map(&:topic2_id)).uniq
-      allsynapses.delete_if! do |synapse|
+      allsynapses = policy_scope(Synapse.for_topic(@topic.id)).to_a
+      synapse_ids = (allsynapses.map(&:node1_id) + allsynapses.map(&:node2_id)).uniq
+      allsynapses.delete_if do |synapse|
         synapse_ids.index(synapse.id) != nil
       end
 

app/models/topic.rb

@@ -5,8 +5,8 @@ class Topic < ActiveRecord::Base
 
   has_many :synapses1, :class_name => 'Synapse', :foreign_key => 'node1_id', dependent: :destroy
   has_many :synapses2, :class_name => 'Synapse', :foreign_key => 'node2_id', dependent: :destroy
-  has_many :topics1, :through => :synapses2, :source => :topic1
-  has_many :topics2, :through => :synapses1, :source => :topic2
+  has_many :topics1, :through => :synapses2, source: :topic1
+  has_many :topics2, :through => :synapses1, source: :topic2
 
   has_many :mappings, as: :mappable, dependent: :destroy
   has_many :maps, :through => :mappings
@@ -41,10 +41,15 @@ class Topic < ActiveRecord::Base
 
   belongs_to :metacode
 
-  scope :relatives, ->(topic_id = nil) { 
-    includes(:synapses1)
-    .includes(:synapses2)
-    .where('synapses.node1_id = ? OR synapses.node2_id = ?', topic_id, topic_id)
+  scope :relatives1, ->(topic_id = nil) { 
+    includes(:topics1)
+    .where('synapses.node1_id = ?', topic_id)
+    .references(:synapses)
+  }
+
+  scope :relatives2, ->(topic_id = nil) {
+    includes(:topics2)
+    .where('synapses.node2_id = ?', topic_id)
     .references(:synapses)
   }
 
@@ -83,47 +88,4 @@ class Topic < ActiveRecord::Base
   def mk_permission
     Perm.short(permission)
   end
-
-  # has no viewable synapses helper function
-  def has_viewable_synapses(current)
-  	result = false
-  	synapses.each do |synapse|
-  		if synapse.authorize_to_show(current)
-  			result = true
-  		end
-  	end
-  	result
-  end
-
-  # TODO move to a decorator?
-  def synapses_csv(output_format = 'array')
-    output = []
-    synapses.each do |synapse|
-      if synapse.category == 'from-to'
-        if synapse.node1_id == id
-          output << synapse.node1_id.to_s + '->' + synapse.node2_id.to_s
-        elsif synapse.node2_id == id
-          output << synapse.node2_id.to_s + '<-' + synapse.node1_id.to_s
-        else
-          fail 'invalid synapse on topic in synapse_csv'
-        end
-      elsif synapse.category == 'both'
-        if synapse.node1_id == id
-          output << synapse.node1_id.to_s + '<->' + synapse.node2_id.to_s
-        elsif synapse.node2_id == id
-          output << synapse.node2_id.to_s + '<->' + synapse.node1_id.to_s
-        else
-          fail 'invalid synapse on topic in synapse_csv'
-        end
-      end
-    end
-    if output_format == 'array'
-      return output
-    elsif output_format == 'text'
-      return output.join('; ')
-    else
-      fail 'invalid argument to synapses_csv'
-    end
-    output
-  end
 end

app/policies/mapping_policy.rb

@@ -16,20 +16,28 @@ class MappingPolicy < ApplicationPolicy
   end
 
   def show?
-    map = Pundit.policy(user, record.map)
-    mappable = Pundit.policy(user, record.mappable)
-    map.show? && mappable.show?
+    map_policy.show? && mappable_policy.show?
   end
 
   def create?
-    Pundit.policy(user, record.map).update?
+    record.map.present? && map_policy.update?
   end
 
   def update?
-    Pundit.policy(user, record.map).update?
+    record.mappable_type == 'Topic' && map_policy.update?
   end
 
   def destroy?
-    record.user == user || admin_override
+    map_policy.update? || admin_override
+  end
+
+  # Helpers
+
+  def map_policy
+    @map_policy ||= Pundit.policy(user, record.map)
+  end
+
+  def mappable_policy
+    @mappable_policy ||= Pundit.policy(user, record.mappable)
   end
 end

spec/controllers/maps_controller_spec.rb

@@ -89,7 +89,8 @@ RSpec.describe MapsController, type: :controller do
       expect do
         delete :destroy, { id: unowned_map.to_param, format: :json }
       end.to change(Map, :count).by(0)
-      expect(response.body).to eq("unauthorized")
+      expect(response.body).to eq ''
+      expect(response.status).to eq 403
     end
 
     it 'deletes owned map' do
@@ -97,7 +98,8 @@ RSpec.describe MapsController, type: :controller do
       expect do
         delete :destroy, { id: owned_map.to_param, format: :json }
       end.to change(Map, :count).by(-1)
-      expect(response.body).to eq("success")
+      expect(response.body).to eq ''
+      expect(response.status).to eq 204
     end
   end
 end

spec/controllers/topics_controller_spec.rb

@@ -92,10 +92,7 @@ RSpec.describe TopicsController, type: :controller do
       expect do
         delete :destroy, { id: owned_topic.to_param, format: :json }
       end.to change(Topic, :count).by(-1)
-    end
-
-    it 'return 204 NO CONTENT' do 
-      delete :destroy, { id: topic.to_param, format: :json }
+      expect(response.body).to eq ''
       expect(response.status).to eq 204
     end
   end

spec/models/map_spec.rb

@@ -5,34 +5,5 @@ RSpec.describe Map, type: :model do
   it { is_expected.to validate_presence_of :name }
   it { is_expected.to validate_presence_of :permission }
   it { is_expected.to validate_inclusion_of(:permission).in_array Perm::ISSIONS.map(&:to_s) }
-
-  context 'permissions' do
-    let(:owner) { create :user }
-    let(:other_user) { create :user }
-    let(:map) { create :map, user: owner, permission: :commons }
-    let(:private_map) { create :map, user: owner, permission: :private }
-    let(:public_map) { create :map, user: owner, permission: :public }
-
-    it 'prevents deletion by non-owner' do
-      expect(map.authorize_to_delete(other_user)).to eq false
-      expect(map.authorize_to_delete(owner)).to eq map
-    end
-
-    it 'prevents visibility if private' do
-      expect(map.authorize_to_show(other_user)).to eq map
-      expect(map.authorize_to_show(owner)).to eq map
-      expect(private_map.authorize_to_show(owner)).to eq private_map
-      expect(private_map.authorize_to_show(other_user)).to eq false
-    end
-
-    it 'only allows editing if commons or owned' do
-      expect(map.authorize_to_edit(other_user)).to eq map
-      expect(map.authorize_to_edit(owner)).to eq map
-      expect(private_map.authorize_to_edit(other_user)).to eq false
-      expect(private_map.authorize_to_edit(owner)).to eq private_map
-      expect(public_map.authorize_to_edit(other_user)).to eq false
-      expect(public_map.authorize_to_edit(owner)).to eq public_map
-    end
-  end
 end
 

spec/models/synapse_spec.rb

@@ -10,33 +10,4 @@ RSpec.describe Synapse, type: :model do
   it { is_expected.to validate_inclusion_of(:permission).in_array Perm::ISSIONS.map(&:to_s) }
   it { is_expected.to validate_inclusion_of(:category).in_array ['from-to', 'both'] }
   it { is_expected.to validate_length_of(:desc).is_at_least(0) } # TODO don't allow nil
-
-  context 'permissions' do
-    let(:owner) { create :user }
-    let(:other_user) { create :user }
-    let(:synapse) { create :synapse, user: owner, permission: :commons }
-    let(:private_synapse) { create :synapse, user: owner, permission: :private }
-    let(:public_synapse) { create :synapse, user: owner, permission: :public }
-
-    it 'prevents deletion by non-owner' do
-      expect(synapse.authorize_to_delete(other_user)).to eq false
-      expect(synapse.authorize_to_delete(owner)).to eq synapse
-    end
-
-    it 'prevents visibility if private' do
-      expect(synapse.authorize_to_show(other_user)).to eq synapse
-      expect(synapse.authorize_to_show(owner)).to eq synapse
-      expect(private_synapse.authorize_to_show(owner)).to eq private_synapse
-      expect(private_synapse.authorize_to_show(other_user)).to eq false
-    end
-
-    it 'only allows editing if commons or owned' do
-      expect(synapse.authorize_to_edit(other_user)).to eq synapse
-      expect(synapse.authorize_to_edit(owner)).to eq synapse
-      expect(private_synapse.authorize_to_edit(other_user)).to eq false
-      expect(private_synapse.authorize_to_edit(owner)).to eq private_synapse
-      expect(public_synapse.authorize_to_edit(other_user)).to eq false
-      expect(public_synapse.authorize_to_edit(owner)).to eq public_synapse
-    end
-  end
 end

spec/models/topic_spec.rb

@@ -7,75 +7,4 @@ RSpec.describe Topic, type: :model do
   it { is_expected.to have_many :mappings }
   it { is_expected.to validate_presence_of :permission }
   it { is_expected.to validate_inclusion_of(:permission).in_array Perm::ISSIONS.map(&:to_s) }
-
-  context 'has_viewable_synapses function' do
-    let (:user) { create(:user) }
-    let (:other_user) { create(:user) }
-
-    context 'topic with no synapses' do
-      let (:topic) { create(:topic) }
-
-      it 'returns false' do
-        expect(topic.has_viewable_synapses(user)).to eq false
-      end
-    end
-
-    context 'topic with one unpermitted synapse' do
-      let (:synapse) { create(:synapse, permission: :private, user: other_user) }
-      let (:topic) { create(:topic, synapses1: [synapse]) }
-
-      it 'returns false' do
-        expect(topic.has_viewable_synapses(user)).to eq false
-      end
-    end
-
-    context 'topic with one permitted synapse' do
-      let (:synapse) { create(:synapse, permission: :private, user: user) }
-      let(:topic) { create(:topic, synapses1: [synapse]) }
-
-      it 'returns true' do
-        expect(topic.has_viewable_synapses(user)).to eq true
-      end
-    end
-
-    context 'topic with one unpermitted, one permitted synapse' do
-      let (:synapse1) { create(:synapse, permission: :private, user: other_user) }
-      let (:synapse2) { create(:synapse, permission: :private, user: user) }
-      let (:topic) { create(:topic, synapses1: [synapse1, synapse2]) }
-
-      it 'returns true' do
-        expect(topic.synapses.count).to eq 2
-        expect(topic.has_viewable_synapses(user)).to eq true
-      end
-    end
-  end
-
-  context 'permssions' do
-    let(:owner) { create :user }
-    let(:other_user) { create :user }
-    let(:topic) { create :topic, user: owner, permission: :commons }
-    let(:private_topic) { create :topic, user: owner, permission: :private }
-    let(:public_topic) { create :topic, user: owner, permission: :public }
-
-    it 'prevents deletion by non-owner' do
-      expect(topic.authorize_to_delete(other_user)).to eq false
-      expect(topic.authorize_to_delete(owner)).to eq topic
-    end
-
-    it 'prevents visibility if private' do
-      expect(topic.authorize_to_show(other_user)).to eq topic
-      expect(topic.authorize_to_show(owner)).to eq topic
-      expect(private_topic.authorize_to_show(owner)).to eq private_topic
-      expect(private_topic.authorize_to_show(other_user)).to eq false
-    end
-
-    it 'only allows editing if commons or owned' do
-      expect(topic.authorize_to_edit(other_user)).to eq topic
-      expect(topic.authorize_to_edit(owner)).to eq topic
-      expect(private_topic.authorize_to_edit(other_user)).to eq false
-      expect(private_topic.authorize_to_edit(owner)).to eq private_topic
-      expect(public_topic.authorize_to_edit(other_user)).to eq false
-      expect(public_topic.authorize_to_edit(owner)).to eq public_topic
-    end
-  end
 end

spec/policies/map_policy_spec.rb

@@ -7,12 +7,12 @@ RSpec.describe MapPolicy, type: :policy do
     context 'commons' do
       let(:map) { create(:map, permission: :commons) }
       permissions :show? do
-        it 'can view' do
+        it 'permits access' do
           expect(subject).to permit(nil, map)
         end
       end
       permissions :create?, :update?, :destroy? do
-        it 'can not modify' do
+        it 'denies access' do
           expect(subject).to_not permit(nil, map)
         end
       end
@@ -21,7 +21,7 @@ RSpec.describe MapPolicy, type: :policy do
     context 'private' do
       let(:map) { create(:map, permission: :private) }
       permissions :show?, :create?, :update?, :destroy? do
-        it 'can not view or modify' do
+        it 'permits access' do
           expect(subject).to_not permit(nil, map)
         end
       end
@@ -39,15 +39,15 @@ RSpec.describe MapPolicy, type: :policy do
       let(:owner) { create(:user) }
       let(:map) { create(:map, permission: :commons, user: owner) }
       permissions :show?, :create?, :update? do
-        it 'can view and modify' do
+        it 'permits access' do
           expect(subject).to permit(user, map)
         end
       end
       permissions :destroy? do
-        it 'can not destroy' do
+        it 'denies access' do
           expect(subject).to_not permit(user, map)
         end
-        it 'owner can destroy' do
+        it 'permits access to owner' do
           expect(subject).to permit(owner, map)
         end
       end
@@ -56,21 +56,16 @@ RSpec.describe MapPolicy, type: :policy do
     context 'public' do
       let(:owner) { create(:user) }
       let(:map) { create(:map, permission: :public, user: owner) }
-      permissions :show? do
-        it 'can view' do
-          expect(subject).to permit(user, map)
-        end
-      end
-      permissions :create? do
-        it 'can create' do
+      permissions :show?, :create? do
+        it 'permits access' do
           expect(subject).to permit(user, map)
         end
       end
       permissions :update?, :destroy? do
-        it 'can not update/destroy' do
+        it 'denies access' do
           expect(subject).to_not permit(user, map)
         end
-        it 'owner can update/destroy' do
+        it 'permits access to owner' do
           expect(subject).to permit(owner, map)
         end
       end
@@ -80,15 +75,15 @@ RSpec.describe MapPolicy, type: :policy do
       let(:owner) { create(:user) }
       let(:map) { create(:map, permission: :private, user: owner) }
       permissions :create? do
-        it 'can create' do
+        it 'permits access' do
           expect(subject).to permit(user, map)
         end
       end
       permissions :show?, :update?, :destroy? do
-        it 'can not view or modify' do
+        it 'denies access' do
           expect(subject).to_not permit(user, map)
         end
-        it 'owner can view and modify' do
+        it 'permits access to owner' do
           expect(subject).to permit(owner, map)
         end
       end

spec/policies/mapping_policy_spec.rb

@@ -0,0 +1,7 @@
+require 'rails_helper'
+
+RSpec.describe MappingPolicy, type: :policy do
+  subject { described_class }
+
+  pending 'Implement some mapping tests!'
+end

spec/policies/synapse_policy.rb

@@ -0,0 +1,92 @@
+require 'rails_helper'
+
+RSpec.describe SynapsePolicy, type: :policy do
+  subject { described_class }
+
+  context 'unauthenticated' do
+    context 'commons' do
+      let(:synapse) { create(:synapse, permission: :commons) }
+      permissions :show? do
+        it 'permits access' do
+          expect(subject).to permit(nil, synapse)
+        end
+      end
+      permissions :create?, :update?, :destroy? do
+        it 'denies access' do
+          expect(subject).to_not permit(nil, synapse)
+        end
+      end
+    end
+
+    context 'private' do
+      let(:synapse) { create(:synapse, permission: :private) }
+      permissions :show?, :create?, :update?, :destroy? do
+        it 'denies access' do
+          expect(subject).to_not permit(nil, synapse)
+        end
+      end
+    end
+  end
+
+  #
+  # Now begin the logged-in tests
+  #
+
+  context 'logged in' do
+    let(:user) { create(:user) }
+
+    context 'commons' do
+      let(:owner) { create(:user) }
+      let(:synapse) { create(:synapse, permission: :commons, user: owner) }
+      permissions :show?, :create?, :update? do
+        it 'permits access' do
+          expect(subject).to permit(user, synapse)
+        end
+      end
+      permissions :destroy? do
+        it 'denies access' do
+          expect(subject).to_not permit(user, synapse)
+        end
+        it 'permits access to owner' do
+          expect(subject).to permit(owner, synapse)
+        end
+      end
+    end
+
+    context 'public' do
+      let(:owner) { create(:user) }
+      let(:synapse) { create(:synapse, permission: :public, user: owner) }
+      permissions :show?, :create? do
+        it 'permits access' do
+          expect(subject).to permit(user, synapse)
+        end
+      end
+      permissions :update?, :destroy? do
+        it 'denies access' do
+          expect(subject).to_not permit(user, synapse)
+        end
+        it 'permits access to owner' do
+          expect(subject).to permit(owner, synapse)
+        end
+      end
+    end
+
+    context 'private' do
+      let(:owner) { create(:user) }
+      let(:synapse) { create(:synapse, permission: :private, user: owner) }
+      permissions :create? do
+        it 'permits access' do
+          expect(subject).to permit(user, synapse)
+        end
+      end
+      permissions :show?, :update?, :destroy? do
+        it 'denies access' do
+          expect(subject).to_not permit(user, synapse)
+        end
+        it 'permits access to owner' do
+          expect(subject).to permit(owner, synapse)
+        end
+      end
+    end
+  end
+end

spec/policies/topic_policy_spec.rb

@@ -0,0 +1,92 @@
+require 'rails_helper'
+
+RSpec.describe TopicPolicy, type: :policy do
+  subject { described_class }
+
+  context 'unauthenticated' do
+    context 'commons' do
+      let(:topic) { create(:topic, permission: :commons) }
+      permissions :show? do
+        it 'permits access' do
+          expect(subject).to permit(nil, topic)
+        end
+      end
+      permissions :create?, :update?, :destroy? do
+        it 'denies access' do
+          expect(subject).to_not permit(nil, topic)
+        end
+      end
+    end
+
+    context 'private' do
+      let(:topic) { create(:topic, permission: :private) }
+      permissions :show?, :create?, :update?, :destroy? do
+        it 'denies access' do
+          expect(subject).to_not permit(nil, topic)
+        end
+      end
+    end
+  end
+
+  #
+  # Now begin the logged-in tests
+  #
+
+  context 'logged in' do
+    let(:user) { create(:user) }
+
+    context 'commons' do
+      let(:owner) { create(:user) }
+      let(:topic) { create(:topic, permission: :commons, user: owner) }
+      permissions :show?, :create?, :update? do
+        it 'permits access' do
+          expect(subject).to permit(user, topic)
+        end
+      end
+      permissions :destroy? do
+        it 'denies access' do
+          expect(subject).to_not permit(user, topic)
+        end
+        it 'permits access to owner' do
+          expect(subject).to permit(owner, topic)
+        end
+      end
+    end
+
+    context 'public' do
+      let(:owner) { create(:user) }
+      let(:topic) { create(:topic, permission: :public, user: owner) }
+      permissions :show?, :create? do
+        it 'permits access' do
+          expect(subject).to permit(user, topic)
+        end
+      end
+      permissions :update?, :destroy? do
+        it 'denies access' do
+          expect(subject).to_not permit(user, topic)
+        end
+        it 'permits access to owner' do
+          expect(subject).to permit(owner, topic)
+        end
+      end
+    end
+
+    context 'private' do
+      let(:owner) { create(:user) }
+      let(:topic) { create(:topic, permission: :private, user: owner) }
+      permissions :create? do
+        it 'permits access' do
+          expect(subject).to permit(user, topic)
+        end
+      end
+      permissions :show?, :update?, :destroy? do
+        it 'denies access' do
+          expect(subject).to_not permit(user, topic)
+        end
+        it 'permits access to owner' do
+          expect(subject).to permit(owner, topic)
+        end
+      end
+    end
+  end
+end