diff --git a/app/controllers/debates_controller.rb b/app/controllers/debates_controller.rb index 2bf5a0024..9ad043bb6 100644 --- a/app/controllers/debates_controller.rb +++ b/app/controllers/debates_controller.rb @@ -1,7 +1,8 @@ class DebatesController < ApplicationController before_action :set_debate, only: [:show, :edit, :update] - before_action :authenticate_user!, only: [:new, :create] - + before_action :authenticate_user!, except: [:show, :index] + before_action :validate_ownership, only: [:edit, :update] + def index if params[:tag] @debates = Debate.tagged_with(params[:tag]) @@ -42,4 +43,8 @@ class DebatesController < ApplicationController params.require(:debate).permit(:title, :description, :tag_list, :terms_of_service) end + def validate_ownership + raise ActiveRecord::RecordNotFound unless @debate.editable_by?(current_user) + end + end diff --git a/app/views/debates/show.html.erb b/app/views/debates/show.html.erb index fbdc444ac..d549ee499 100644 --- a/app/views/debates/show.html.erb +++ b/app/views/debates/show.html.erb @@ -12,12 +12,12 @@ <%= link_to "up", debate_votes_path(@debate, value: 'yes'), method: "post" %> <%= percentage('likes', @debate) %> - +
<%= link_to "down", debate_votes_path(@debate, value: 'no'), method: "post" %> <%= percentage('dislikes', @debate) %>
- + Votos <%= @debate.total_votes %> @@ -35,5 +35,7 @@ <%= render @debate.root_comments %> -<%= link_to 'Edit', edit_debate_path(@debate) %> | +<% if current_user && @debate.editable_by?(current_user) %> + <%= link_to 'Edit', edit_debate_path(@debate) %> | +<% end %> <%= link_to 'Back', debates_path %> \ No newline at end of file diff --git a/spec/features/debates_spec.rb b/spec/features/debates_spec.rb index ecc4892af..df1b8bb3c 100644 --- a/spec/features/debates_spec.rb +++ b/spec/features/debates_spec.rb @@ -1,7 +1,7 @@ require 'rails_helper' feature 'Debates' do - + scenario 'Index' do 3.times { create(:debate) } @@ -35,7 +35,7 @@ feature 'Debates' do fill_in 'debate_title', with: 'Acabar con los desahucios' fill_in 'debate_description', with: 'Esto es un tema muy importante porque...' check 'debate_terms_of_service' - + click_button 'Crear Debate' expect(page).to have_content 'Debate creado correctamente' @@ -45,13 +45,36 @@ feature 'Debates' do expect(page).to have_content "por: #{author.name}" end - scenario 'Update' do + scenario 'Update should not be posible if logged user is not the author' do debate = create(:debate) + expect(debate).to be_editable + login_as(create(:user)) - visit edit_debate_path(debate) + expect { + visit edit_debate_path(debate) + }.to raise_error ActiveRecord::RecordNotFound + end + + scenario 'Update should not be posible if debate is not editable' do + debate = create(:debate) + vote = create(:vote, votable: debate) + expect(debate).to_not be_editable + login_as(debate.author) + + expect { + visit edit_debate_path(debate) + }.to raise_error ActiveRecord::RecordNotFound + end + + scenario 'Update should be posible for the author of an editable debate' do + debate = create(:debate) + login_as(debate.author) + + visit debate_path(debate) + click_link 'Edit' fill_in 'debate_title', with: 'Dimisión Rajoy' fill_in 'debate_description', with: 'Podríamos...' - + click_button 'Actualizar Debate' expect(page).to have_content 'Debate actualizado correctamente'