consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Valuators access to edit/valute on right phase

Browse Source 
When a valuator tries to edit/valuate an investment outside valuating
phase, an explanatory message will be shown along with a redirect to
prevent access.
This commit is contained in:
Bertocq
2018-03-12 20:22:50 +01:00
parent 5f5e9c4f26
commit 8fd6f8f1d6
4 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/controllers/valuation/budget_investments_controller.rb
View File

@@ -5,6 +5,7 @@ class Valuation::BudgetInvestmentsController < Valuation::BaseController
feature_flag :budgets feature_flag :budgets
before_action :restrict_access_to_assigned_items, only: [:show, :edit, :valuate] before_action :restrict_access_to_assigned_items, only: [:show, :edit, :valuate]
before_action :restrict_access, only: [:edit, :valuate]
before_action :load_budget before_action :load_budget
before_action :load_investment, only: [:show, :edit, :valuate] before_action :load_investment, only: [:show, :edit, :valuate]
@@ -98,6 +99,12 @@ class Valuation::BudgetInvestmentsController < Valuation::BaseController
:duration, :valuation_finished) :duration, :valuation_finished)
end end
def restrict_access
unless current_user.administrator? || current_budget.valuating?
raise CanCan::AccessDenied.new(I18n.t('valuation.budget_investments.not_in_valuating_phase'))
end
end
def restrict_access_to_assigned_items def restrict_access_to_assigned_items
return if current_user.administrator? || return if current_user.administrator? ||
Budget::ValuatorAssignment.exists?(investment_id: params[:id], Budget::ValuatorAssignment.exists?(investment_id: params[:id],

1
config/locales/en/valuation.yml
View File

@@ -74,6 +74,7 @@ en:
notice: notice:
valuate: "Dossier updated" valuate: "Dossier updated"
valuation_comments: Valuation comments valuation_comments: Valuation comments
not_in_valuating_phase: Investments can only be valuated when Budget is in valuating phase
spending_proposals: spending_proposals:
index: index:
geozone_filter_all: All zones geozone_filter_all: All zones

1
config/locales/es/valuation.yml
View File

@@ -74,6 +74,7 @@ es:
notice: notice:
valuate: "Dossier actualizado" valuate: "Dossier actualizado"
valuation_comments: Comentarios de evaluación valuation_comments: Comentarios de evaluación
not_in_valuating_phase: Los proyectos sólo pueden ser evaluados cuando el Presupuesto este en fase de evaluación
spending_proposals: spending_proposals:
index: index:
geozone_filter_all: Todos los ámbitos de actuación geozone_filter_all: Todos los ámbitos de actuación

34
spec/features/valuation/budget_investments_spec.rb
View File

@@ -406,5 +406,39 @@ feature 'Valuation budget investments' do
expect(page).to have_content('2 errors') expect(page).to have_content('2 errors')
expect(page).to have_content('Only integer numbers', count: 2) expect(page).to have_content('Only integer numbers', count: 2)
end end
scenario 'not visible to valuators when budget is not valuating' do
budget.update(phase: 'publishing_prices')
investment = create(:budget_investment,
:visible_to_valuators,
budget: budget)
investment.valuators << [valuator]
login_as(valuator.user)
visit edit_valuation_budget_budget_investment_path(budget, investment)
expect(page).to have_content('Investments can only be valuated when Budget is in valuating phase')
end
scenario 'visible to admins regardless of not being in valuating phase' do
budget.update(phase: 'publishing_prices')
user = create(:user)
admin = create(:administrator, user: user)
valuator = create(:valuator, user: user)
investment = create(:budget_investment,
:visible_to_valuators,
budget: budget)
investment.valuators << [valuator]
login_as(admin.user)
visit valuation_budget_budget_investment_path(budget, investment)
click_link 'Edit dossier'
expect(page).to have_content investment.title
end
end end
end end