#34 Removed all that fancy stuff I was trying to do with namespaced policies. Don't even bother.

Author: nadnoslen

app/assets/stylesheets/application-mailer.scss

@@ -1,2 +1,7 @@
+/**
+ * This SASS file is used to create our Bootstrap 4 emails.
+ * Keep in mind this is a Rails API application; we needed to uncomment `require 'sprockets/railtie'`
+ * in `config/application.rb`
+ */
 //noinspection CssUnknownTarget
 @import 'bootstrap-email';

app/policies/api/v1/role_policy.rb

@@ -1,9 +1,6 @@
 # frozen_string_literal: true
 
-require 'namespaced_authorizing_processor'
-
 JSONAPI.configure do |config|
-  # using a customer authorizing processor that applied namespace to all policies
-  config.default_processor_klass = NamespacedAuthorizingProcessor
+  config.default_processor_klass = JSONAPI::Authorization::AuthorizingProcessor
   config.exception_class_whitelist = [JWTSessions::Errors::Unauthorized, Pundit::NotAuthorizedError]
 end

app/policies/api/v1/session_activity_policy.rb

@@ -93,4 +93,30 @@ class CookieAuthenticationsControllerTest < ActionDispatch::IntegrationTest
     assert mallory_archer.sessions.first.invalidated?
     assert mallory_archer.sessions.first.invalidated_by.present?
   end
+
+  test 'when access to the protected users index route is forbidden for a guest user' do
+    Timecop.freeze
+
+    login(users(:sterling_archer))
+
+    Timecop.travel 30.seconds.from_now
+
+    get api_v1_users_url, headers: @headers
+
+    assert_response :forbidden
+    assert_equal 'You are forbidden from performing this action', JSON.parse(response.body)['errors'].first['detail']
+  end
+
+  test 'when access to the protected users index route is granted for an administrator user' do
+    Timecop.freeze
+
+    login(users(:some_administrator))
+
+    Timecop.travel 30.seconds.from_now
+
+    get api_v1_users_url, headers: @headers
+
+    assert_response :ok
+    assert_equal 5, JSON.parse(response.body)['data'].length
+  end
 end

app/policies/api/v1/session_policy.rb

@@ -82,7 +82,7 @@ class TokenAuthenticationsControllerTest < ActionDispatch::IntegrationTest
     assert mallory_archer.sessions.first.invalidated_by.present?
   end
 
-  test 'when access to a protected resource with token authentication is forbidden' do
+  test 'when access to the protected users index route is forbidden for a guest user' do
     Timecop.freeze
 
     token(users(:sterling_archer))
@@ -95,7 +95,7 @@ class TokenAuthenticationsControllerTest < ActionDispatch::IntegrationTest
     assert_equal 'You are forbidden from performing this action', JSON.parse(response.body)['errors'].first['detail']
   end
 
-  test 'when accessing a protected resource with token authentication is permitted' do
+  test 'when access to the protected users index route is granted for an administrator user' do
     Timecop.freeze
 
     token(users(:some_administrator))