Avoid management actions when no user is selected

Many management actions only make sense if a user has been selected
beforehand.

We updated :check_verified_user method to be able to check  actions that need to
have a user selected in order to avoid exceptions.

We need this control as :only_verified_user is not restrictive enough. The reason is
that the :managed_user method used in the :only_verified_user if it does not find a
user it does an initializce (find_or_initialize_by). This causes that when we have
"skip_verification" to true, it returns this non-persisted user as "verified".

These changes affect the actions of Account, Budgets and Proposals Controller
when no user is selected.

app/controllers/management/base_controller.rb

@@ -32,9 +32,10 @@ class Management::BaseController < ActionController::Base
     end
 
     def check_verified_user(alert_msg)
-      unless managed_user.level_two_or_three_verified?
-        redirect_to management_document_verifications_path, alert: alert_msg
-      end
+      return if managed_user.persisted? && managed_user.level_two_or_three_verified?
+
+      message = managed_user.persisted? ? alert_msg : t("management.sessions.need_managed_user")
+      redirect_to management_document_verifications_path, alert: message
     end
 
     def set_locale

config/locales/en/management.yml

@@ -106,6 +106,7 @@ en:
         one: " containing the term '%{search_term}'"
         other: " containing the term '%{search_term}'"
     sessions:
+      need_managed_user: To perform this action you must select a user
       signed_out: Signed out successfully.
       signed_out_managed_user: User session signed out successfully.
     username_label: Username

config/locales/es/management.yml

@@ -106,6 +106,7 @@ es:
         one: " que contiene '%{search_term}'"
         other: " que contienen '%{search_term}'"
     sessions:
+      need_managed_user: Para realizar esta acción debes seleccionar un usuario.
       signed_out: Has cerrado la sesión correctamente.
       signed_out_managed_user: Se ha cerrado correctamente la sesión del usuario.
     username_label: Nombre de usuario

spec/system/management/account_spec.rb

@@ -98,4 +98,28 @@ describe "Account" do
     expect(page).to have_css("a[href='javascript:window.print();']", text: "Print password")
     expect(page).to have_css("div.for-print-only", text: "another_new_password", visible: :hidden)
   end
+
+  describe "When a user has not been selected" do
+    before do
+      Setting["feature.user.skip_verification"] = "true"
+    end
+
+    scenario "we can't reset password via email" do
+      login_as_manager
+
+      click_link "Reset password via email"
+
+      expect(page).to have_content "To perform this action you must select a user"
+      expect(page).to have_current_path management_document_verifications_path
+    end
+
+    scenario "we can't reset password manually" do
+      login_as_manager
+
+      click_link "Reset password manually"
+
+      expect(page).to have_content "To perform this action you must select a user"
+      expect(page).to have_current_path management_document_verifications_path
+    end
+  end
 end

spec/system/management/budget_investments_spec.rb

@@ -100,6 +100,16 @@ describe "Budget Investments" do
         expect(page).not_to have_content "Plant trees"
       end
     end
+
+    scenario "when user has not been selected we can't create a budget investment" do
+      Setting["feature.user.skip_verification"] = "true"
+      login_as_manager(manager)
+
+      click_link "Create budget investment"
+
+      expect(page).to have_content "To perform this action you must select a user"
+      expect(page).to have_current_path management_document_verifications_path
+    end
   end
 
   context "Searching" do
@@ -286,6 +296,16 @@ describe "Budget Investments" do
 
       expect(page).to have_content "User is not verified"
     end
+
+    scenario "when user has not been selected we can't support budget investments" do
+      Setting["feature.user.skip_verification"] = "true"
+      login_as_manager(manager)
+
+      click_link "Support budget investments"
+
+      expect(page).to have_content "To perform this action you must select a user"
+      expect(page).to have_current_path management_document_verifications_path
+    end
   end
 
   context "Printing" do

spec/system/management/proposals_spec.rb

@@ -44,6 +44,16 @@ describe "Proposals" do
 
       expect(page).to have_content "User is not verified"
     end
+
+    scenario "when user has not been selected we can't create a proposal" do
+      Setting["feature.user.skip_verification"] = "true"
+      login_as_manager
+
+      click_link "Create proposal"
+
+      expect(page).to have_content "To perform this action you must select a user"
+      expect(page).to have_current_path management_document_verifications_path
+    end
   end
 
   context "Show" do
@@ -171,6 +181,16 @@ describe "Proposals" do
 
       expect(page).to have_content "User is not verified"
     end
+
+    scenario "when user has not been selected we can't support proposals" do
+      Setting["feature.user.skip_verification"] = "true"
+      login_as_manager
+
+      click_link "Support proposals"
+
+      expect(page).to have_content "To perform this action you must select a user"
+      expect(page).to have_current_path management_document_verifications_path
+    end
   end
 
   context "Printing" do
@@ -214,5 +234,19 @@ describe "Proposals" do
         expect(best_proposal.title).to appear_before(worst_proposal.title)
       end
     end
+
+    scenario "when user has not been selected we can't support a proposal" do
+      create(:proposal)
+      Setting["feature.user.skip_verification"] = "true"
+      login_as_manager
+
+      click_link "Print proposals"
+      within ".proposals-list" do
+        click_link "Support"
+      end
+
+      expect(page).to have_content "To perform this action you must select a user"
+      expect(page).to have_current_path management_document_verifications_path
+    end
   end
 end