consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't allow to modify answer's videos for started polls

Browse Source 
Same rules that will apply for the answer itself should apply for the
attachments like videos, images, and/or documents.
This commit is contained in:
Julian Herrero
2022-09-02 14:29:04 +02:00
committed by Javi Martín
parent 14542df0de
commit 5fe86264ca
8 changed files with 182 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/components/admin/poll/questions/answers/videos/table_actions_component.html.erb Normal file
View File

@@ -0,0 +1 @@
<%= render Admin::TableActionsComponent.new(video, actions: actions) %>

14
app/components/admin/poll/questions/answers/videos/table_actions_component.rb Normal file
View File

@@ -0,0 +1,14 @@
class Admin::Poll::Questions::Answers::Videos::TableActionsComponent < ApplicationComponent
attr_reader :video
delegate :can?, to: :helpers
def initialize(video)
@video = video
end
private
def actions
[:edit, :destroy].select { |action| can?(action, video) }
end
end

5
app/models/abilities/administrator.rb
View File

@@ -99,7 +99,10 @@ module Abilities
can [:create, :update, :destroy], Poll::Question::Answer do |answer|
can?(:update, answer.question)
end
can :manage, Poll::Question::Answer::Video
can :read, Poll::Question::Answer::Video
can [:create, :update, :destroy], Poll::Question::Answer::Video do |video|
can?(:update, video.answer)
end
can [:create, :destroy], Image do |image|
image.imageable_type == "Poll::Question::Answer"
end

8
app/views/admin/poll/questions/answers/videos/index.html.erb
View File

@@ -6,9 +6,15 @@
<%= t("admin.answers.videos.index.title") %>
</h2>
<% if can?(:create, Poll::Question::Answer.new(question: @answer.question)) %>
<%= link_to t("admin.answers.videos.index.add_video"),
new_admin_answer_video_path(@answer),
class: "button success float-right" %>
<% else %>
<div class="callout warning">
<strong><%= t("admin.questions.no_edit") %></strong>
</div>
<% end %>
<div>
@@ -27,7 +33,7 @@
<td><%= video.title %></td>
<td><%= link_to video.url, video.url %></td>
<td>
<%= render Admin::TableActionsComponent.new(video) %>
<%= render Admin::Poll::Questions::Answers::Videos::TableActionsComponent.new(video) %>
</td>
</tr>
<% end %>

23
spec/components/admin/poll/questions/answers/videos/table_actions_component_spec.rb Normal file
View File

@@ -0,0 +1,23 @@
require "rails_helper"
describe Admin::Poll::Questions::Answers::Videos::TableActionsComponent, controller: Admin::BaseController do
before { sign_in(create(:administrator).user) }
it "displays the edit and destroy actions when the poll has not started" do
video = create(:poll_answer_video, poll: create(:poll, :future))
render_inline Admin::Poll::Questions::Answers::Videos::TableActionsComponent.new(video)
expect(page).to have_link "Edit"
expect(page).to have_button "Delete"
end
it "does not display the edit and destroy actions when the poll has started" do
video = create(:poll_answer_video, poll: create(:poll))
render_inline Admin::Poll::Questions::Answers::Videos::TableActionsComponent.new(video)
expect(page).not_to have_link "Edit"
expect(page).not_to have_button "Delete"
end
end

87
spec/controllers/admin/poll/questions/answers/videos_controller_spec.rb Normal file
View File

@@ -0,0 +1,87 @@
require "rails_helper"
describe Admin::Poll::Questions::Answers::VideosController, :admin do
let(:current_answer) { create(:poll_question_answer, poll: create(:poll)) }
let(:future_answer) { create(:poll_question_answer, poll: create(:poll, :future)) }
describe "POST create" do
it "is not possible for an already started poll" do
post :create, params: {
poll_question_answer_video: {
title: "Video from started poll",
url: "https://www.youtube.com/watch?v=-JMf43st-1A"
},
answer_id: current_answer
}
expect(flash[:alert]).to eq "You do not have permission to carry out the action 'create' on Video."
expect(Poll::Question::Answer::Video.count).to eq 0
end
it "is possible for a not started poll" do
post :create, params: {
poll_question_answer_video: {
title: "Video from not started poll",
url: "https://www.youtube.com/watch?v=-JMf43st-1A"
},
answer_id: future_answer
}
expect(response).to redirect_to admin_answer_videos_path(future_answer)
expect(flash[:notice]).to eq "Video created successfully"
expect(Poll::Question::Answer::Video.count).to eq 1
end
end
describe "PATCH update" do
it "is not possible for an already started poll" do
current_video = create(:poll_answer_video, answer: current_answer, title: "Sample title")
patch :update, params: {
poll_question_answer_video: {
title: "New title"
},
id: current_video,
answer_id: current_answer
}
expect(flash[:alert]).to eq "You do not have permission to carry out the action 'update' on Video."
expect(current_video.reload.title).to eq "Sample title"
end
it "is possible for a not started poll" do
future_video = create(:poll_answer_video, answer: future_answer)
patch :update, params: {
poll_question_answer_video: {
title: "New title"
},
id: future_video,
answer_id: future_answer
}
expect(response).to redirect_to admin_answer_videos_path(future_answer)
expect(flash[:notice]).to eq "Changes saved"
expect(future_video.reload.title).to eq "New title"
end
end
describe "DELETE destroy" do
it "is not possible for an already started poll" do
current_video = create(:poll_answer_video, answer: current_answer)
delete :destroy, params: { answer_id: current_answer, id: current_video }
expect(flash[:alert]).to eq "You do not have permission to carry out the action 'destroy' on Video."
expect(Poll::Question::Answer::Video.count).to eq 1
end
it "is possible for a not started poll" do
future_video = create(:poll_answer_video, answer: future_answer)
delete :destroy, params: { answer_id: future_answer, id: future_video }
expect(response).to redirect_to admin_answer_videos_path(future_answer)
expect(flash[:notice]).to eq "Answer video deleted successfully."
expect(Poll::Question::Answer::Video.count).to eq 0
end
end
end

9
spec/models/abilities/administrator_spec.rb
View File

@@ -22,6 +22,8 @@ describe Abilities::Administrator do
let(:future_poll_question) { create(:poll_question, poll: future_poll) }
let(:current_poll_question_answer) { create(:poll_question_answer) }
let(:future_poll_question_answer) { create(:poll_question_answer, poll: future_poll) }
let(:current_poll_answer_video) { create(:poll_answer_video, answer: current_poll_question_answer) }
let(:future_poll_answer_video) { create(:poll_answer_video, answer: future_poll_question_answer) }
let(:answer_image) { build(:image, imageable: current_poll_question_answer) }
let(:past_process) { create(:legislation_process, :past) }
@@ -132,7 +134,12 @@ describe Abilities::Administrator do
it { should_not be_able_to(:update, current_poll_question_answer) }
it { should_not be_able_to(:destroy, current_poll_question_answer) }
it { should be_able_to(:manage, Poll::Question::Answer::Video) }
it { should be_able_to(:create, future_poll_answer_video) }
it { should be_able_to(:update, future_poll_answer_video) }
it { should be_able_to(:destroy, future_poll_answer_video) }
it { should_not be_able_to(:create, current_poll_answer_video) }
it { should_not be_able_to(:update, current_poll_answer_video) }
it { should_not be_able_to(:destroy, current_poll_answer_video) }
it { should be_able_to(:create, answer_image) }
it { should be_able_to(:destroy, answer_image) }

35
spec/system/admin/poll/questions/answers/videos/videos_spec.rb
View File

@@ -1,12 +1,16 @@
require "rails_helper"
describe "Videos", :admin do
let!(:question) { create(:poll_question) }
let!(:answer) { create(:poll_question_answer, question: question) }
let(:future_poll) { create(:poll, :future) }
let(:current_poll) { create(:poll) }
let(:title) { "'Magical' by Junko Ohashi" }
let(:url) { "https://www.youtube.com/watch?v=-JMf43st-1A" }
scenario "Create" do
describe "Create" do
scenario "Is possible for a not started poll" do
question = create(:poll_question, poll: future_poll)
answer = create(:poll_question_answer, question: question)
visit admin_question_path(question)
within("#poll_question_answer_#{answer.id}") do
@@ -19,37 +23,50 @@ describe "Videos", :admin do
click_button "Save"
expect(page).to have_content "Video created successfully"
expect(page).to have_content title
expect(page).to have_content url
end
scenario "Is not possible for an already started poll" do
answer = create(:poll_question_answer, poll: current_poll)
visit admin_answer_videos_path(answer)
expect(page).not_to have_link "Add video"
expect(page).to have_content "Once the poll has started it will not be possible to create, edit or"
end
end
scenario "Update" do
video = create(:poll_answer_video, answer: answer)
video = create(:poll_answer_video, poll: future_poll)
visit edit_admin_answer_video_path(answer, video)
visit edit_admin_answer_video_path(video.answer, video)
expect(page).to have_link "Go back", href: admin_answer_videos_path(answer)
expect(page).to have_link "Go back", href: admin_answer_videos_path(video.answer)
fill_in "Title", with: title
fill_in "External video", with: url
click_button "Save"
expect(page).to have_content "Changes saved"
expect(page).to have_content title
expect(page).to have_content url
end
scenario "Destroy" do
video = create(:poll_answer_video, answer: answer)
video = create(:poll_answer_video, poll: future_poll)
visit admin_answer_videos_path(answer)
visit admin_answer_videos_path(video.answer)
within("#poll_question_answer_video_#{video.id}") do
within("tr", text: video.title) do
accept_confirm("Are you sure? This action will delete \"#{video.title}\" and can't be undone.") do
click_button "Delete"
end
end
expect(page).to have_content "Answer video deleted successfully."
expect(page).not_to have_content video.title
end
end