manages permissions for debate editing
This commit is contained in:
Juanjo Bazán
@@ -1,6 +1,7 @@
|
|||||||
class DebatesController < ApplicationController
|
class DebatesController < ApplicationController
|
||||||
before_action :set_debate, only: [:show, :edit, :update]
|
before_action :set_debate, only: [:show, :edit, :update]
|
||||||
before_action :authenticate_user!, only: [:new, :create]
|
before_action :authenticate_user!, except: [:show, :index]
|
||||||
|
before_action :validate_ownership, only: [:edit, :update]
|
||||||
|
|
||||||
def index
|
def index
|
||||||
if params[:tag]
|
if params[:tag]
|
||||||
@@ -42,4 +43,8 @@ class DebatesController < ApplicationController
|
|||||||
params.require(:debate).permit(:title, :description, :tag_list, :terms_of_service)
|
params.require(:debate).permit(:title, :description, :tag_list, :terms_of_service)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def validate_ownership
|
||||||
|
raise ActiveRecord::RecordNotFound unless @debate.editable_by?(current_user)
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -35,5 +35,7 @@
|
|||||||
<%= render @debate.root_comments %>
|
<%= render @debate.root_comments %>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<% if current_user && @debate.editable_by?(current_user) %>
|
||||||
<%= link_to 'Edit', edit_debate_path(@debate) %> |
|
<%= link_to 'Edit', edit_debate_path(@debate) %> |
|
||||||
|
<% end %>
|
||||||
<%= link_to 'Back', debates_path %>
|
<%= link_to 'Back', debates_path %>
|
||||||
@@ -45,10 +45,33 @@ feature 'Debates' do
|
|||||||
expect(page).to have_content "por: #{author.name}"
|
expect(page).to have_content "por: #{author.name}"
|
||||||
end
|
end
|
||||||
|
|
||||||
scenario 'Update' do
|
scenario 'Update should not be posible if logged user is not the author' do
|
||||||
debate = create(:debate)
|
debate = create(:debate)
|
||||||
|
expect(debate).to be_editable
|
||||||
|
login_as(create(:user))
|
||||||
|
|
||||||
|
expect {
|
||||||
visit edit_debate_path(debate)
|
visit edit_debate_path(debate)
|
||||||
|
}.to raise_error ActiveRecord::RecordNotFound
|
||||||
|
end
|
||||||
|
|
||||||
|
scenario 'Update should not be posible if debate is not editable' do
|
||||||
|
debate = create(:debate)
|
||||||
|
vote = create(:vote, votable: debate)
|
||||||
|
expect(debate).to_not be_editable
|
||||||
|
login_as(debate.author)
|
||||||
|
|
||||||
|
expect {
|
||||||
|
visit edit_debate_path(debate)
|
||||||
|
}.to raise_error ActiveRecord::RecordNotFound
|
||||||
|
end
|
||||||
|
|
||||||
|
scenario 'Update should be posible for the author of an editable debate' do
|
||||||
|
debate = create(:debate)
|
||||||
|
login_as(debate.author)
|
||||||
|
|
||||||
|
visit debate_path(debate)
|
||||||
|
click_link 'Edit'
|
||||||
fill_in 'debate_title', with: 'Dimisión Rajoy'
|
fill_in 'debate_title', with: 'Dimisión Rajoy'
|
||||||
fill_in 'debate_description', with: 'Podríamos...'
|
fill_in 'debate_description', with: 'Podríamos...'
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user