diff --git a/app/controllers/documents_controller.rb b/app/controllers/documents_controller.rb index bfafb2a34..2f9adb977 100644 --- a/app/controllers/documents_controller.rb +++ b/app/controllers/documents_controller.rb @@ -1,7 +1,7 @@ class DocumentsController < ApplicationController before_action :authenticate_user! before_filter :find_documentable, except: [:destroy] - before_filter :prepare_new_document, only: :new + before_filter :prepare_new_document, only: [:new, :new_nested] before_filter :prepare_document_for_creation, only: :create load_and_authorize_resource :except => [:upload] @@ -10,6 +10,9 @@ class DocumentsController < ApplicationController def new end + def new_nested + end + def create recover_attachment_from_cache if @document.save diff --git a/app/models/abilities/common.rb b/app/models/abilities/common.rb index 34ee06f23..311b0dade 100644 --- a/app/models/abilities/common.rb +++ b/app/models/abilities/common.rb @@ -36,8 +36,8 @@ module Abilities can [:create, :destroy], Follow - can [:create, :destroy], Document, documentable: { author_id: user.id } - can [:new, :destroy_upload], Document + can [:create, :destroy, :new], Document, documentable: { author_id: user.id } + can [:new_nested, :upload, :destroy_upload], Document unless user.organization? can :vote, Debate diff --git a/app/views/documents/_nested_documents.html.erb b/app/views/documents/_nested_documents.html.erb index 1520b8485..c1af35058 100644 --- a/app/views/documents/_nested_documents.html.erb +++ b/app/views/documents/_nested_documents.html.erb @@ -9,7 +9,7 @@ <% if resource.documents.count < resource.class.max_documents_allowed %> <%= link_to t("documents.form.add_new_document"), - new_document_path(documentable_type: resource.class.name, index: resource.documents.size), + new_nested_documents_path(documentable_type: resource.class.name, index: resource.documents.size), remote: true, id: "new_document_link" %>
diff --git a/app/views/documents/new.js.erb b/app/views/documents/new_nested.js.erb similarity index 72% rename from app/views/documents/new.js.erb rename to app/views/documents/new_nested.js.erb index 33873d565..2b4707815 100644 --- a/app/views/documents/new.js.erb +++ b/app/views/documents/new_nested.js.erb @@ -1,7 +1,7 @@ <% nested_fields = render 'documents/nested_document', document: @document, index: params[:index] new_document_link = link_to t("documents.form.add_new_document"), - new_document_path(documentable_type: params[:documentable_type], index: params[:index].to_i + 1), + new_nested_documents_path(documentable_type: params[:documentable_type], index: params[:index].to_i + 1), remote: true, id: "new_document_link" %> diff --git a/config/routes.rb b/config/routes.rb index f8afd632c..8095b215e 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -97,6 +97,7 @@ Rails.application.routes.draw do resources :documents, only: [:new, :create, :destroy] do collection do + get :new_nested delete :destroy_upload post :upload post :progress diff --git a/spec/models/abilities/common_spec.rb b/spec/models/abilities/common_spec.rb index a3f8227b3..dfaac3598 100644 --- a/spec/models/abilities/common_spec.rb +++ b/spec/models/abilities/common_spec.rb @@ -87,6 +87,9 @@ describe "Abilities::Common" do it { should_not be_able_to(:create, DirectMessage) } it { should_not be_able_to(:show, DirectMessage) } + it { should be_able_to(:new_nested, Document) } + it { should be_able_to(:destroy_upload, Document) } + it { should be_able_to(:new, own_proposal_document) } it { should be_able_to(:create, own_proposal_document) } it { should be_able_to(:destroy, own_proposal_document) } diff --git a/spec/shared/features/documentable.rb b/spec/shared/features/documentable.rb index f93c9ae1f..bcc41f71b 100644 --- a/spec/shared/features/documentable.rb +++ b/spec/shared/features/documentable.rb @@ -155,7 +155,7 @@ shared_examples "documentable" do |documentable_factory_name, documentable_path, expect(page).to have_content("You must sign in or register to continue.") end - scenario "Should not be able for other users" do + scenario "Should be able for other users" do login_as create(:user) visit new_document_path(documentable_type: documentable.class.name,