consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

manages permissions for debate editing

Browse Source
This commit is contained in:
Juanjo Bazán
2015-07-19 14:47:14 +02:00
parent df1a800d94
commit 2a63d1f953
3 changed files with 40 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/controllers/debates_controller.rb
View File

@@ -1,6 +1,7 @@
class DebatesController < ApplicationController class DebatesController < ApplicationController
before_action :set_debate, only: [:show, :edit, :update] before_action :set_debate, only: [:show, :edit, :update]
before_action :authenticate_user!, only: [:new, :create] before_action :authenticate_user!, except: [:show, :index]
before_action :validate_ownership, only: [:edit, :update]
def index def index
if params[:tag] if params[:tag]
@@ -42,4 +43,8 @@ class DebatesController < ApplicationController
params.require(:debate).permit(:title, :description, :tag_list, :terms_of_service) params.require(:debate).permit(:title, :description, :tag_list, :terms_of_service)
end end
def validate_ownership
raise ActiveRecord::RecordNotFound unless @debate.editable_by?(current_user)
end
end end

4
app/views/debates/show.html.erb
View File

@@ -35,5 +35,7 @@
<%= render @debate.root_comments %> <%= render @debate.root_comments %>
</div> </div>
<%= link_to 'Edit', edit_debate_path(@debate) %> | <% if current_user && @debate.editable_by?(current_user) %>
<%= link_to 'Edit', edit_debate_path(@debate) %> |
<% end %>
<%= link_to 'Back', debates_path %> <%= link_to 'Back', debates_path %>

25
spec/features/debates_spec.rb
View File

@@ -45,10 +45,33 @@ feature 'Debates' do
expect(page).to have_content "por: #{author.name}" expect(page).to have_content "por: #{author.name}"
end end
scenario 'Update' do scenario 'Update should not be posible if logged user is not the author' do
debate = create(:debate) debate = create(:debate)
expect(debate).to be_editable
login_as(create(:user))
expect {
visit edit_debate_path(debate) visit edit_debate_path(debate)
}.to raise_error ActiveRecord::RecordNotFound
end
scenario 'Update should not be posible if debate is not editable' do
debate = create(:debate)
vote = create(:vote, votable: debate)
expect(debate).to_not be_editable
login_as(debate.author)
expect {
visit edit_debate_path(debate)
}.to raise_error ActiveRecord::RecordNotFound
end
scenario 'Update should be posible for the author of an editable debate' do
debate = create(:debate)
login_as(debate.author)
visit debate_path(debate)
click_link 'Edit'
fill_in 'debate_title', with: 'Dimisión Rajoy' fill_in 'debate_title', with: 'Dimisión Rajoy'
fill_in 'debate_description', with: 'Podríamos...' fill_in 'debate_description', with: 'Podríamos...'