diff --git a/app/controllers/management/base_controller.rb b/app/controllers/management/base_controller.rb index f01bbebbc..f7a9c2214 100644 --- a/app/controllers/management/base_controller.rb +++ b/app/controllers/management/base_controller.rb @@ -16,16 +16,16 @@ class Management::BaseController < ActionController::Base session[:manager] end - def managed_user - @managed_user ||= Verification::Management::ManagedUser.find(session[:document_type], session[:document_number]) - end - def current_user managed_user end + def managed_user + @managed_user ||= Verification::Management::ManagedUser.find(session[:document_type], session[:document_number]) + end + def check_verified_user(alert_msg) - unless current_user.level_two_or_three_verified? + unless managed_user.level_two_or_three_verified? redirect_to management_document_verifications_path, alert: alert_msg end end diff --git a/app/controllers/management/proposals_controller.rb b/app/controllers/management/proposals_controller.rb index 7d3925e95..b00372eb8 100644 --- a/app/controllers/management/proposals_controller.rb +++ b/app/controllers/management/proposals_controller.rb @@ -17,7 +17,7 @@ class Management::ProposalsController < Management::BaseController end def vote - @proposal.register_vote(current_user, 'yes') + @proposal.register_vote(managed_user, 'yes') set_proposal_votes(@proposal) end @@ -44,14 +44,12 @@ class Management::ProposalsController < Management::BaseController check_verified_user t("management.proposals.alert.unverified_user") end - ### Duplicated in application_controller. Move to a concern. def set_proposal_votes(proposals) - @proposal_votes = current_user ? current_user.proposal_votes(proposals) : {} + @proposal_votes = managed_user ? managed_user.proposal_votes(proposals) : {} end def set_comment_flags(comments) - @comment_flags = current_user ? current_user.comment_flags(comments) : {} + @comment_flags = managed_user ? managed_user.comment_flags(comments) : {} end - ### end diff --git a/app/controllers/management/sessions_controller.rb b/app/controllers/management/sessions_controller.rb index bad38663e..d3a85402b 100644 --- a/app/controllers/management/sessions_controller.rb +++ b/app/controllers/management/sessions_controller.rb @@ -4,11 +4,10 @@ class Management::SessionsController < ActionController::Base def create destroy_session - if manager = ManagerAuthenticator.new(params).auth - session[:manager] = manager + if admin? || manager? redirect_to management_root_path else - raise ActionController::RoutingError.new('Not Found') + raise CanCan::AccessDenied end end @@ -25,4 +24,16 @@ class Management::SessionsController < ActionController::Base session[:document_number] = nil end -end \ No newline at end of file + def admin? + if current_user.try(:administrator?) + session[:manager] = {login: "admin_user_#{current_user.id}"} + end + end + + def manager? + if manager = ManagerAuthenticator.new(params).auth + session[:manager] = manager + end + end + +end diff --git a/app/controllers/management/spending_proposals_controller.rb b/app/controllers/management/spending_proposals_controller.rb index ca723cccc..6b2c4c0f1 100644 --- a/app/controllers/management/spending_proposals_controller.rb +++ b/app/controllers/management/spending_proposals_controller.rb @@ -28,7 +28,7 @@ class Management::SpendingProposalsController < Management::BaseController end def vote - @spending_proposal.register_vote(current_user, 'yes') + @spending_proposal.register_vote(managed_user, 'yes') set_spending_proposal_votes(@spending_proposal) end @@ -54,7 +54,7 @@ class Management::SpendingProposalsController < Management::BaseController # This should not be necessary. Maybe we could create a specific show view for managers. def set_spending_proposal_votes(spending_proposals) - @spending_proposal_votes = current_user ? current_user.spending_proposal_votes(spending_proposals) : {} + @spending_proposal_votes = managed_user ? managed_user.spending_proposal_votes(spending_proposals) : {} end def set_geozone_name diff --git a/app/views/shared/_admin_login_items.html.erb b/app/views/shared/_admin_login_items.html.erb index 390b8c924..3625432a8 100644 --- a/app/views/shared/_admin_login_items.html.erb +++ b/app/views/shared/_admin_login_items.html.erb @@ -16,4 +16,10 @@ <%= link_to t("layouts.header.valuation"), valuation_root_path %> <% end %> + + <% if current_user.administrator? %> +
  • + <%= link_to t("layouts.header.management"), management_sign_in_path %> +
    • + <% end %> <% end %> diff --git a/config/locales/en.yml b/config/locales/en.yml index e43cf2a06..fffb3de2d 100755 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -188,6 +188,7 @@ en: external_link_transparency_url: https://transparencia.madrid.es locale: 'Language:' logo: Madrid + management: Management moderation: Moderation valuation: Valuation more_information: More information diff --git a/config/locales/es.yml b/config/locales/es.yml index 3e52ae198..0f1a70be3 100755 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -188,6 +188,7 @@ es: external_link_transparency_url: https://transparencia.madrid.es locale: 'Idioma:' logo: Madrid + management: Gestión moderation: Moderar valuation: Evaluación more_information: Más información diff --git a/config/routes.rb b/config/routes.rb index 9c125664b..1c7af6800 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -229,7 +229,7 @@ Rails.application.routes.draw do resource :account, controller: "account", only: [:show] - get 'sign_in', to: 'sessions#create' + get 'sign_in', to: 'sessions#create', as: :sign_in resource :session, only: [:create, :destroy] resources :proposals, only: [:index, :new, :create, :show] do diff --git a/spec/controllers/management/sessions_controller_spec.rb b/spec/controllers/management/sessions_controller_spec.rb index af53f4ae0..a07067ed9 100644 --- a/spec/controllers/management/sessions_controller_spec.rb +++ b/spec/controllers/management/sessions_controller_spec.rb @@ -3,9 +3,9 @@ require 'rails_helper' describe Management::SessionsController do describe 'Sign in' do - it "should return 404 if wrong credentials" do + it "should deny access if wrong manager credentials" do allow_any_instance_of(ManagerAuthenticator).to receive(:auth).and_return(false) - expect { get :create, login: "nonexistent" , clave_usuario: "wrong"}.to raise_error "Not Found" + expect { get :create, login: "nonexistent" , clave_usuario: "wrong"}.to raise_error CanCan::AccessDenied end it "should redirect to management root path if right credentials" do @@ -15,6 +15,17 @@ describe Management::SessionsController do get :create, login: "JJB033" , clave_usuario: "31415926", fecha_conexion: "20151031135905" expect(response).to be_redirect end + + it "should redirect to management root path if user is admin" do + sign_in create(:administrator).user + get :create + expect(response).to be_redirect + end + + it "should deny access if user is not admin" do + sign_in create(:user) + expect { get :create}.to raise_error CanCan::AccessDenied + end end describe 'Sign out' do diff --git a/spec/features/admin/spending_proposals_spec.rb b/spec/features/admin/spending_proposals_spec.rb index f8cc12133..fe1b87fc3 100644 --- a/spec/features/admin/spending_proposals_spec.rb +++ b/spec/features/admin/spending_proposals_spec.rb @@ -87,11 +87,11 @@ feature 'Admin spending proposals' do expect(page).to have_link("Realocate visitors") click_link("Realocate visitors") - click_on("Edit classification") + click_link("Edit classification") expect(page).to have_button("Update") - click_on("Back") + click_link("Back") expect(page).to_not have_button("Update") - click_on("Back") + click_link("Back") expect(page).to_not have_link("Destroy the city") expect(page).to have_link("Realocate visitors") @@ -131,11 +131,11 @@ feature 'Admin spending proposals' do expect(page).to have_link("Realocate visitors") click_link("Realocate visitors") - click_on("Edit classification") + click_link("Edit classification") expect(page).to have_button("Update") - click_on("Back") + click_link("Back") expect(page).to_not have_button("Update") - click_on("Back") + click_link("Back") expect(page).to have_content('There is 1 spending proposal') expect(page).to_not have_link("Destroy the city") @@ -178,11 +178,11 @@ feature 'Admin spending proposals' do expect(page).to have_link("Realocate visitors") click_link("Realocate visitors") - click_on("Edit classification") + click_link("Edit classification") expect(page).to have_button("Update") - click_on("Back") + click_link("Back") expect(page).to_not have_button("Update") - click_on("Back") + click_link("Back") expect(page).to have_content('There is 1 spending proposal') expect(page).to_not have_link("Destroy the city") @@ -287,11 +287,11 @@ feature 'Admin spending proposals' do expect(page).to have_content("More schools") click_link("Educate the children") - click_on("Edit classification") + click_link("Edit classification") expect(page).to have_button("Update") - click_on("Back") + click_link("Back") expect(page).to_not have_button("Update") - click_on("Back") + click_link("Back") expect(page).to_not have_content("More hospitals") expect(page).to have_content("Educate the children") @@ -401,6 +401,9 @@ feature 'Admin spending proposals' do click_link 'Edit classification' find('.js-add-tag-link', text: 'Education').click + + fill_in 'spending_proposal_title', with: 'Updated title' + click_button 'Update' expect(page).to have_content 'Investment project updated succesfully.'