Valuators access to edit/valute on right phase

When a valuator tries to edit/valuate an investment outside valuating phase, an explanatory message will be shown along with a redirect to prevent access.
2018-03-12 20:22:50 +01:00
parent 5f5e9c4f26
commit 8fd6f8f1d6
4 changed files with 43 additions and 0 deletions
--- a/app/controllers/valuation/budget_investments_controller.rb
+++ b/app/controllers/valuation/budget_investments_controller.rb
@@ -5,6 +5,7 @@ class Valuation::BudgetInvestmentsController < Valuation::BaseController
  feature_flag :budgets

  before_action :restrict_access_to_assigned_items, only: [:show, :edit, :valuate]
+  before_action :restrict_access, only: [:edit, :valuate]
  before_action :load_budget
  before_action :load_investment, only: [:show, :edit, :valuate]

@@ -98,6 +99,12 @@ class Valuation::BudgetInvestmentsController < Valuation::BaseController
                                                :duration, :valuation_finished)
    end

+    def restrict_access
+      unless current_user.administrator? || current_budget.valuating?
+        raise CanCan::AccessDenied.new(I18n.t('valuation.budget_investments.not_in_valuating_phase'))
+      end
+    end
+
    def restrict_access_to_assigned_items
      return if current_user.administrator? ||
                Budget::ValuatorAssignment.exists?(investment_id: params[:id],
--- a/config/locales/en/valuation.yml
+++ b/config/locales/en/valuation.yml
@@ -74,6 +74,7 @@ en:
      notice:
        valuate: "Dossier updated"
      valuation_comments: Valuation comments
+      not_in_valuating_phase: Investments can only be valuated when Budget is in valuating phase
    spending_proposals:
      index:
        geozone_filter_all: All zones
--- a/config/locales/es/valuation.yml
+++ b/config/locales/es/valuation.yml
@@ -74,6 +74,7 @@ es:
      notice:
        valuate: "Dossier actualizado"
      valuation_comments: Comentarios de evaluación
+      not_in_valuating_phase: Los proyectos sólo pueden ser evaluados cuando el Presupuesto este en fase de evaluación
    spending_proposals:
      index:
        geozone_filter_all: Todos los ámbitos de actuación
--- a/spec/features/valuation/budget_investments_spec.rb
+++ b/spec/features/valuation/budget_investments_spec.rb
@@ -406,5 +406,39 @@ feature 'Valuation budget investments' do
      expect(page).to have_content('2 errors')
      expect(page).to have_content('Only integer numbers', count: 2)
    end
+
+    scenario 'not visible to valuators when budget is not valuating' do
+      budget.update(phase: 'publishing_prices')
+
+      investment = create(:budget_investment,
+                           :visible_to_valuators,
+                           budget: budget)
+      investment.valuators << [valuator]
+
+      login_as(valuator.user)
+      visit edit_valuation_budget_budget_investment_path(budget, investment)
+
+      expect(page).to have_content('Investments can only be valuated when Budget is in valuating phase')
+    end
+
+    scenario 'visible to admins regardless of not being in valuating phase' do
+      budget.update(phase: 'publishing_prices')
+
+      user = create(:user)
+      admin = create(:administrator, user: user)
+      valuator = create(:valuator, user: user)
+
+      investment = create(:budget_investment,
+                           :visible_to_valuators,
+                           budget: budget)
+      investment.valuators << [valuator]
+
+
+      login_as(admin.user)
+      visit valuation_budget_budget_investment_path(budget, investment)
+      click_link 'Edit dossier'
+
+      expect(page).to have_content investment.title
+    end
  end
 end