Fix abilities definition and related specs

app/controllers/documents_controller.rb

@@ -1,7 +1,7 @@
 class DocumentsController < ApplicationController
   before_action :authenticate_user!
   before_filter :find_documentable, except: [:destroy]
-  before_filter :prepare_new_document, only: :new
+  before_filter :prepare_new_document, only: [:new, :new_nested]
   before_filter :prepare_document_for_creation, only: :create
 
   load_and_authorize_resource :except => [:upload]
@@ -10,6 +10,9 @@ class DocumentsController < ApplicationController
   def new
   end
 
+  def new_nested
+  end
+
   def create
     recover_attachment_from_cache
     if @document.save

app/models/abilities/common.rb

@@ -36,8 +36,8 @@ module Abilities
 
       can [:create, :destroy], Follow
 
-      can [:create, :destroy], Document, documentable: { author_id: user.id }
-      can [:new, :destroy_upload], Document
+      can [:create, :destroy, :new], Document, documentable: { author_id: user.id }
+      can [:new_nested, :upload, :destroy_upload], Document
 
       unless user.organization?
         can :vote, Debate

app/views/documents/_nested_documents.html.erb

@@ -9,7 +9,7 @@
 
 <% if resource.documents.count < resource.class.max_documents_allowed %>
   <%= link_to t("documents.form.add_new_document"),
-              new_document_path(documentable_type: resource.class.name, index: resource.documents.size),
+              new_nested_documents_path(documentable_type: resource.class.name, index: resource.documents.size),
               remote: true,
               id: "new_document_link"  %>
   <div class="max-documents-notice callout warning text-center hide">

app/views/documents/new_nested.js.erb

@@ -1,7 +1,7 @@
 <%
   nested_fields = render 'documents/nested_document', document: @document, index: params[:index]
   new_document_link = link_to t("documents.form.add_new_document"),
-                              new_document_path(documentable_type: params[:documentable_type], index: params[:index].to_i + 1),
+                              new_nested_documents_path(documentable_type: params[:documentable_type], index: params[:index].to_i + 1),
                               remote: true,
                               id: "new_document_link"
 %>

config/routes.rb

@@ -97,6 +97,7 @@ Rails.application.routes.draw do
 
   resources :documents, only: [:new, :create, :destroy] do
     collection do
+      get :new_nested
       delete :destroy_upload
       post :upload
       post :progress

spec/models/abilities/common_spec.rb

@@ -87,6 +87,9 @@ describe "Abilities::Common" do
   it { should_not be_able_to(:create, DirectMessage) }
   it { should_not be_able_to(:show,   DirectMessage) }
 
+  it { should  be_able_to(:new_nested, Document) }
+  it { should  be_able_to(:destroy_upload, Document) }
+
   it { should be_able_to(:new, own_proposal_document) }
   it { should be_able_to(:create, own_proposal_document) }
   it { should be_able_to(:destroy, own_proposal_document) }

spec/shared/features/documentable.rb

@@ -155,7 +155,7 @@ shared_examples "documentable" do |documentable_factory_name, documentable_path,
       expect(page).to have_content("You must sign in or register to continue.")
     end
 
-    scenario "Should not be able for other users" do
+    scenario "Should be able for other users" do
       login_as create(:user)
 
       visit new_document_path(documentable_type: documentable.class.name,