consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1104 from consul/admin-access-to-management

Browse Source 
Admin access to management
This commit is contained in:
Raimond Garcia
2016-04-28 16:55:10 +02:00
parent 6760199a90 325d4e0544
commit 712e42ca9d
10 changed files with 62 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/controllers/management/base_controller.rb
View File

@@ -16,16 +16,16 @@ class Management::BaseController < ActionController::Base
session[:manager]
end
def managed_user
@managed_user ||= Verification::Management::ManagedUser.find(session[:document_type], session[:document_number])
end
def current_user
managed_user
end
def managed_user
@managed_user ||= Verification::Management::ManagedUser.find(session[:document_type], session[:document_number])
end
def check_verified_user(alert_msg)
unless current_user.level_two_or_three_verified?
unless managed_user.level_two_or_three_verified?
redirect_to management_document_verifications_path, alert: alert_msg
end
end

8
app/controllers/management/proposals_controller.rb
View File

@@ -17,7 +17,7 @@ class Management::ProposalsController < Management::BaseController
end
def vote
@proposal.register_vote(current_user, 'yes')
@proposal.register_vote(managed_user, 'yes')
set_proposal_votes(@proposal)
end
@@ -44,14 +44,12 @@ class Management::ProposalsController < Management::BaseController
check_verified_user t("management.proposals.alert.unverified_user")
end
### Duplicated in application_controller. Move to a concern.
def set_proposal_votes(proposals)
@proposal_votes = current_user ? current_user.proposal_votes(proposals) : {}
@proposal_votes = managed_user ? managed_user.proposal_votes(proposals) : {}
end
def set_comment_flags(comments)
@comment_flags = current_user ? current_user.comment_flags(comments) : {}
@comment_flags = managed_user ? managed_user.comment_flags(comments) : {}
end
###
end

19
app/controllers/management/sessions_controller.rb
View File

@@ -4,11 +4,10 @@ class Management::SessionsController < ActionController::Base
def create
destroy_session
if manager = ManagerAuthenticator.new(params).auth
session[:manager] = manager
if admin? || manager?
redirect_to management_root_path
else
raise ActionController::RoutingError.new('Not Found')
raise CanCan::AccessDenied
end
end
@@ -25,4 +24,16 @@ class Management::SessionsController < ActionController::Base
session[:document_number] = nil
end
end
def admin?
if current_user.try(:administrator?)
session[:manager] = {login: "admin_user_#{current_user.id}"}
end
end
def manager?
if manager = ManagerAuthenticator.new(params).auth
session[:manager] = manager
end
end
end

4
app/controllers/management/spending_proposals_controller.rb
View File

@@ -28,7 +28,7 @@ class Management::SpendingProposalsController < Management::BaseController
end
def vote
@spending_proposal.register_vote(current_user, 'yes')
@spending_proposal.register_vote(managed_user, 'yes')
set_spending_proposal_votes(@spending_proposal)
end
@@ -54,7 +54,7 @@ class Management::SpendingProposalsController < Management::BaseController
# This should not be necessary. Maybe we could create a specific show view for managers.
def set_spending_proposal_votes(spending_proposals)
@spending_proposal_votes = current_user ? current_user.spending_proposal_votes(spending_proposals) : {}
@spending_proposal_votes = managed_user ? managed_user.spending_proposal_votes(spending_proposals) : {}
end
def set_geozone_name

6
app/views/shared/_admin_login_items.html.erb
View File

@@ -16,4 +16,10 @@
<%= link_to t("layouts.header.valuation"), valuation_root_path %>
</li>
<% end %>
<% if current_user.administrator? %>
<li>
<%= link_to t("layouts.header.management"), management_sign_in_path %>
</li>
<% end %>
<% end %>

1
config/locales/en.yml
View File

@@ -188,6 +188,7 @@ en:
external_link_transparency_url: https://transparencia.madrid.es
locale: 'Language:'
logo: Madrid
management: Management
moderation: Moderation
valuation: Valuation
more_information: More information

1
config/locales/es.yml
View File

@@ -188,6 +188,7 @@ es:
external_link_transparency_url: https://transparencia.madrid.es
locale: 'Idioma:'
logo: Madrid
management: Gestión
moderation: Moderar
valuation: Evaluación
more_information: Más información

2
config/routes.rb
View File

@@ -229,7 +229,7 @@ Rails.application.routes.draw do
resource :account, controller: "account", only: [:show]
get 'sign_in', to: 'sessions#create'
get 'sign_in', to: 'sessions#create', as: :sign_in
resource :session, only: [:create, :destroy]
resources :proposals, only: [:index, :new, :create, :show] do

15
spec/controllers/management/sessions_controller_spec.rb
View File

@@ -3,9 +3,9 @@ require 'rails_helper'
describe Management::SessionsController do
describe 'Sign in' do
it "should return 404 if wrong credentials" do
it "should deny access if wrong manager credentials" do
allow_any_instance_of(ManagerAuthenticator).to receive(:auth).and_return(false)
expect { get :create, login: "nonexistent" , clave_usuario: "wrong"}.to raise_error "Not Found"
expect { get :create, login: "nonexistent" , clave_usuario: "wrong"}.to raise_error CanCan::AccessDenied
end
it "should redirect to management root path if right credentials" do
@@ -15,6 +15,17 @@ describe Management::SessionsController do
get :create, login: "JJB033" , clave_usuario: "31415926", fecha_conexion: "20151031135905"
expect(response).to be_redirect
end
it "should redirect to management root path if user is admin" do
sign_in create(:administrator).user
get :create
expect(response).to be_redirect
end
it "should deny access if user is not admin" do
sign_in create(:user)
expect { get :create}.to raise_error CanCan::AccessDenied
end
end
describe 'Sign out' do

27
spec/features/admin/spending_proposals_spec.rb
View File

@@ -87,11 +87,11 @@ feature 'Admin spending proposals' do
expect(page).to have_link("Realocate visitors")
click_link("Realocate visitors")
click_on("Edit classification")
click_link("Edit classification")
expect(page).to have_button("Update")
click_on("Back")
click_link("Back")
expect(page).to_not have_button("Update")
click_on("Back")
click_link("Back")
expect(page).to_not have_link("Destroy the city")
expect(page).to have_link("Realocate visitors")
@@ -131,11 +131,11 @@ feature 'Admin spending proposals' do
expect(page).to have_link("Realocate visitors")
click_link("Realocate visitors")
click_on("Edit classification")
click_link("Edit classification")
expect(page).to have_button("Update")
click_on("Back")
click_link("Back")
expect(page).to_not have_button("Update")
click_on("Back")
click_link("Back")
expect(page).to have_content('There is 1 spending proposal')
expect(page).to_not have_link("Destroy the city")
@@ -178,11 +178,11 @@ feature 'Admin spending proposals' do
expect(page).to have_link("Realocate visitors")
click_link("Realocate visitors")
click_on("Edit classification")
click_link("Edit classification")
expect(page).to have_button("Update")
click_on("Back")
click_link("Back")
expect(page).to_not have_button("Update")
click_on("Back")
click_link("Back")
expect(page).to have_content('There is 1 spending proposal')
expect(page).to_not have_link("Destroy the city")
@@ -287,11 +287,11 @@ feature 'Admin spending proposals' do
expect(page).to have_content("More schools")
click_link("Educate the children")
click_on("Edit classification")
click_link("Edit classification")
expect(page).to have_button("Update")
click_on("Back")
click_link("Back")
expect(page).to_not have_button("Update")
click_on("Back")
click_link("Back")
expect(page).to_not have_content("More hospitals")
expect(page).to have_content("Educate the children")
@@ -401,6 +401,9 @@ feature 'Admin spending proposals' do
click_link 'Edit classification'
find('.js-add-tag-link', text: 'Education').click
fill_in 'spending_proposal_title', with: 'Updated title'
click_button 'Update'
expect(page).to have_content 'Investment project updated succesfully.'