consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adds permissions with cancan for new, create and show

Browse Source
This commit is contained in:
rgarcia
2016-06-08 13:46:17 +02:00
parent 21c2220626
commit 0e86cd89d6
3 changed files with 26 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/controllers/proposal_notifications_controller.rb
View File

@@ -1,14 +1,15 @@
class ProposalNotificationsController < ApplicationController class ProposalNotificationsController < ApplicationController
skip_authorization_check load_and_authorize_resource except: [:new]
def new def new
@notification = ProposalNotification.new
@proposal = Proposal.find(params[:proposal_id]) @proposal = Proposal.find(params[:proposal_id])
@notification = ProposalNotification.new(proposal_id: @proposal.id)
authorize! :new, @notification
end end
def create def create
@notification = ProposalNotification.new(notification_params) @notification = ProposalNotification.new(proposal_notification_params)
@proposal = Proposal.find(notification_params[:proposal_id]) @proposal = Proposal.find(proposal_notification_params[:proposal_id])
if @notification.save if @notification.save
@proposal.voters.each do |voter| @proposal.voters.each do |voter|
Notification.add(voter.id, @notification) Notification.add(voter.id, @notification)
@@ -28,7 +29,7 @@ class ProposalNotificationsController < ApplicationController
private private
def notification_params def proposal_notification_params
params.require(:proposal_notification).permit(:title, :body, :proposal_id) params.require(:proposal_notification).permit(:title, :body, :proposal_id)
end end

5
app/models/abilities/common.rb
View File

@@ -48,9 +48,12 @@ module Abilities
can :create, SpendingProposal can :create, SpendingProposal
end end
can [:new, :create, :show], ProposalNotification do |notification|
notification.proposal.author_id == user.id
end
can :create, Annotation can :create, Annotation
can [:update, :destroy], Annotation, user_id: user.id can [:update, :destroy], Annotation, user_id: user.id
end end
end end
end end

17
spec/features/proposal_notifications_spec.rb
View File

@@ -73,10 +73,25 @@ feature 'Proposal Notifications' do
end end
end end
scenario "Accessing form directly" do
user = create(:user)
author = create(:user)
proposal = create(:proposal, author: author)
login_as(user)
visit new_proposal_notification_path(proposal_id: proposal.id)
expect(current_path).to eq(proposals_path)
expect(page).to have_content("You do not have permission to carry out the action")
end
end end
scenario "Error messages" do scenario "Error messages" do
proposal = create(:proposal) author = create(:user)
proposal = create(:proposal, author: author)
login_as(author)
visit new_proposal_notification_path(proposal_id: proposal.id) visit new_proposal_notification_path(proposal_id: proposal.id)
click_button "Send message" click_button "Send message"