Don’t allow comments on questions for unverified users and when the phase is closed

2017-02-08 18:19:10 +01:00
parent 60c7947cb4
commit 3009706b0d
13 changed files with 155 additions and 18 deletions
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -1,6 +1,10 @@
 class CommentsController < ApplicationController
  include CustomUrlsHelper
  before_action :authenticate_user!, only: :create
  before_action :load_commentable, only: :create
  before_action :verify_resident_for_commentable!, only: :create
  before_action :verify_comments_open!, only: [:create, :vote]
  before_action :build_comment, only: :create
  load_and_authorize_resource
@@ -77,4 +81,20 @@ class CommentsController < ApplicationController
      Notification.add(notifiable.author_id, notifiable) unless comment.author_id == notifiable.author_id
    end
    def verify_resident_for_commentable!
      return if current_user.administrator? || current_user.moderator?
      if @commentable.respond_to?(:comments_for_verified_residents_only?) && @commentable.comments_for_verified_residents_only?
        verify_resident!
      end
    end
    def verify_comments_open!
      return if current_user.administrator? || current_user.moderator?
      if @commentable.respond_to?(:comments_closed?) && @commentable.comments_closed?
        redirect_to @commentable, alert: t('comments.comments_closed')
      end
    end
 end
--- a/app/helpers/comments_helper.rb
+++ b/app/helpers/comments_helper.rb
@@ -75,4 +75,22 @@ module CommentsHelper
    end
  end
  def require_verified_resident_for_commentable?(commentable, current_user)
    return false if current_user.administrator? || current_user.moderator?
    commentable.respond_to?(:comments_for_verified_residents_only?) && commentable.comments_for_verified_residents_only? && !current_user.residence_verified?
  end
  def comments_closed_for_commentable?(commentable)
    commentable.respond_to?(:comments_closed?) && commentable.comments_closed?
  end
  def comments_closed_text(commentable)
    if commentable.class == Legislation::Question
      t("legislation.questions.comments.comments_closed")
    else
      t("comments.comments_closed")
    end
  end
 end
--- a/app/models/legislation/question.rb
+++ b/app/models/legislation/question.rb
@@ -27,4 +27,16 @@ class Legislation::Question < ActiveRecord::Base
  def answer_for_user(user)
    answers.where(user: user).first
  end
  def comments_for_verified_residents_only?
    true
  end
  def comments_closed?
    !comments_open?
  end
  def comments_open?
    process.open_phase?(:debate)
  end
 end
--- a/app/views/comments/_comment.html.erb
+++ b/app/views/comments/_comment.html.erb
@@ -81,7 +81,7 @@
            <%= t("comments.comment.responses", count: 0) %>
          <% end %>
-          <% if user_signed_in? %>
+          <% if user_signed_in? && !comments_closed_for_commentable?(comment.commentable) && !require_verified_resident_for_commentable?(comment.commentable, current_user) %>
            <span class="divider">&nbsp;|&nbsp;</span>
            <%= link_to(comment_link_text(comment), "",
                        class: "js-add-comment-link", data: {'id': dom_id(comment)}) %>
--- a/app/views/comments/_comment_tree.html.erb
+++ b/app/views/comments/_comment_tree.html.erb
@@ -13,10 +13,21 @@
        <%= render 'shared/wide_order_selector', i18n_namespace: "comments" %>
        <% if user_signed_in? %>
          <% if comments_closed_for_commentable?(commentable) %>
            <br>
            <div data-alert class="callout primary">
              <%= comments_closed_text(commentable) %>
            </div>
          <% elsif require_verified_resident_for_commentable?(commentable, current_user) %>
            <br>
            <div data-alert class="callout primary">
              <%= t("comments.verified_only", verify_account: link_to(t("comments.verify_account"), verification_path )).html_safe %>
            </div>
          <% else %>
            <%= render 'comments/form', {commentable: commentable, parent_id: nil, toggeable: false} %>
          <% end %>
        <% else %>
          <br>
          <div data-alert class="callout primary">
            <%= t("debates.show.login_to_comment",
                signin: link_to(t("votes.signin"), new_user_session_path),
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -34,6 +34,9 @@ en:
    close: Close
    menu: Menu
  comments:
    comments_closed: Comments are closed
    verified_only: To participate %{verify_account}
    verify_account: verify your account
    comment:
      admin: Administrator
      author: Author
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -34,6 +34,9 @@ es:
    close: Cerrar
    menu: Menú
  comments:
    comments_closed: Los comentarios están cerrados
    verified_only: Para participar %{verify_account}
    verify_account: verifica tu cuenta
    comment:
      admin: Administrador
      author: Autor
--- a/config/locales/legislation.en.yml
+++ b/config/locales/legislation.en.yml
@@ -84,6 +84,7 @@ en:
      comments:
        comment_button: Publish answer
        comments_title: Open answers
        comments_closed: Closed phase
        form:
          leave_comment: Leave your answer
      question:
--- a/config/locales/legislation.es.yml
+++ b/config/locales/legislation.es.yml
@@ -84,6 +84,7 @@ es:
      comments:
        comment_button: Publicar respuesta
        comments_title: Respuestas abiertas
        comments_closed: Fase cerrada
        form:
          leave_comment: Deja tu respuesta
      question:
--- a/spec/controllers/comments_controller_spec.rb
+++ b/spec/controllers/comments_controller_spec.rb
@@ -0,0 +1,38 @@
 require 'rails_helper'
 describe CommentsController do
  describe 'POST create' do
    before(:each) do
      @process = create(:legislation_process, debate_start_date: Date.current - 3.day, debate_end_date: Date.current + 2.days)
      @question = create(:legislation_question, process: @process, title: "Question 1")
      @user = create(:user, :level_two)
      @unverified_user = create(:user)
    end
    it 'should create an comment if the comments are open' do
      sign_in @user
      expect do
        xhr :post, :create, comment: {commentable_id: @question.id, commentable_type: "Legislation::Question", body: "a comment"}
      end.to change { @question.reload.comments_count }.by(1)
    end
    it 'should not create a comment if the comments are closed' do
      sign_in @user
      @process.update_attribute(:debate_end_date, Date.current - 1.day)
      expect do
        xhr :post, :create, comment: {commentable_id: @question.id, commentable_type: "Legislation::Question", body: "a comment"}
      end.to_not change { @question.reload.comments_count }
    end
    it 'should not create a comment for unverified users when the commentable requires it' do
      sign_in @unverified_user
      expect do
        xhr :post, :create, comment: {commentable_id: @question.id, commentable_type: "Legislation::Question", body: "a comment"}
      end.to_not change { @question.reload.comments_count }
    end
  end
 end
--- a/spec/factories.rb
+++ b/spec/factories.rb
@@ -486,6 +486,17 @@ FactoryGirl.define do
      allegations_end_date Date.current - 4.days
      final_publication_date Date.current - 2.days
    end
    trait :in_debate_phase do
      start_date Date.current - 5.days
      end_date Date.current + 5.days
      debate_start_date Date.current - 5.days
      debate_end_date Date.current + 1.days
      draft_publication_date Date.current + 1.day
      allegations_start_date Date.current + 2.days
      allegations_end_date Date.current + 3.days
      final_publication_date Date.current + 5.days
    end
  end
  factory :legislation_draft_version, class: 'Legislation::DraftVersion' do
--- a/spec/features/comments/legislation_questions_spec.rb
+++ b/spec/features/comments/legislation_questions_spec.rb
@@ -2,8 +2,9 @@ require 'rails_helper'
 include ActionView::Helpers::DateHelper
 feature 'Commenting legislation questions' do
-  let(:user)   { create :user }
+  let(:user)   { create :user, :level_two }
-  let(:legislation_question) { create :legislation_question }
+  let(:process) { create :legislation_process, :in_debate_phase }
  let(:legislation_question) { create :legislation_question, process: process }
  scenario 'Index' do
    3.times { create(:comment, commentable: legislation_question) }
@@ -181,9 +182,27 @@ feature 'Commenting legislation questions' do
    expect(page).to have_content "Can't be blank"
  end
  scenario "Unverified user can't create comments", :js do
    unverified_user = create :user
    login_as(unverified_user)
    visit legislation_process_question_path(legislation_question.process, legislation_question)
    expect(page).to have_content "To participate verify your account"
  end
  scenario "Can't create comments if debate phase is not open", :js do
    process.update_attributes(debate_start_date: Date.current - 2.days, debate_end_date: Date.current - 1.days)
    login_as(user)
    visit legislation_process_question_path(legislation_question.process, legislation_question)
    expect(page).to have_content "Closed phase"
  end
  scenario 'Reply', :js do
    citizen = create(:user, username: 'Ana')
-    manuela = create(:user, username: 'Manuela')
+    manuela = create(:user, :level_two, username: 'Manuela')
    comment = create(:comment, commentable: legislation_question, user: citizen)
    login_as(manuela)
@@ -264,7 +283,7 @@ feature 'Commenting legislation questions' do
  end
  scenario "Flagging turbolinks sanity check", :js do
-    legislation_question = create(:legislation_question, title: "Should we change the world?")
+    legislation_question = create(:legislation_question, process: process, title: "Should we change the world?")
    comment = create(:comment, commentable: legislation_question)
    login_as(user)
@@ -278,7 +297,6 @@ feature 'Commenting legislation questions' do
  end
  scenario "Erasing a comment's author" do
    legislation_question = create(:legislation_question)
    comment = create(:comment, commentable: legislation_question, body: 'this should be visible')
    comment.user.erase
@@ -290,7 +308,6 @@ feature 'Commenting legislation questions' do
  end
  scenario 'Submit button is disabled after clicking', :js do
    legislation_question = create(:legislation_question)
    login_as(user)
    visit legislation_process_question_path(legislation_question.process, legislation_question)
--- a/spec/features/notifications_spec.rb
+++ b/spec/features/notifications_spec.rb
@@ -10,7 +10,8 @@ feature "Notifications" do
  let(:user) { create :user }
  let(:debate) { create :debate, author: author }
  let(:proposal) { create :proposal, author: author }
-  let(:legislation_question) { create(:legislation_question, author: administrator) }
+  let(:process) { create :legislation_process, :in_debate_phase }
  let(:legislation_question) { create(:legislation_question, process: process, author: administrator) }
  let(:legislation_annotation) { create(:legislation_annotation, author: author) }
  scenario "User commented on my debate", :js do
@@ -36,7 +37,8 @@ feature "Notifications" do
  end
  scenario "User commented on my legislation question", :js do
-    login_as user
+    verified_user = create(:user, :level_two)
    login_as verified_user
    visit legislation_process_question_path legislation_question.process, legislation_question
    fill_in "comment-body-legislation_question_#{legislation_question.id}", with: "I answered your question"