Merge pull request #27 from AyuntamientoMadrid/20-edit-debate-permissions

Edit debate permissions

app/controllers/debates_controller.rb

@@ -1,7 +1,8 @@
 class DebatesController < ApplicationController
   before_action :set_debate, only: [:show, :edit, :update]
-  before_action :authenticate_user!, only: [:new, :create]
+  before_action :authenticate_user!, except: [:show, :index]
-  
+  before_action :validate_ownership, only: [:edit, :update]
+
   def index
     if params[:tag]
       @debates = Debate.tagged_with(params[:tag])
@@ -42,4 +43,8 @@ class DebatesController < ApplicationController
       params.require(:debate).permit(:title, :description, :tag_list, :terms_of_service)
     end
 
+    def validate_ownership
+      raise ActiveRecord::RecordNotFound unless @debate.editable_by?(current_user)
+    end
+
 end

app/models/debate.rb

@@ -3,7 +3,7 @@ class Debate < ActiveRecord::Base
   acts_as_votable
   acts_as_commentable
   acts_as_taggable
-  
+
   belongs_to :author, class_name: 'User', foreign_key: 'author_id'
 
   validates :title, presence: true
@@ -24,4 +24,12 @@ class Debate < ActiveRecord::Base
     votes_for.size
   end
 
+  def editable?
+    total_votes == 0
+  end
+
+  def editable_by?(user)
+    editable? && author == user
+  end
+
 end

app/views/debates/show.html.erb

@@ -12,12 +12,12 @@
     <%= link_to "up", debate_votes_path(@debate, value: 'yes'), method: "post" %>
     <%= percentage('likes', @debate) %>
   </div>
-  
+
   <div id='against'>
     <%= link_to "down", debate_votes_path(@debate, value: 'no'), method: "post" %>
     <%= percentage('dislikes', @debate) %>
   </div>
-  
+
   Votos <%= @debate.total_votes %>
 </span>
 
@@ -35,5 +35,7 @@
   <%= render @debate.root_comments %>
 </div>
 
-<%= link_to 'Edit', edit_debate_path(@debate) %> |
+<% if current_user && @debate.editable_by?(current_user) %>
+  <%= link_to 'Edit', edit_debate_path(@debate) %> |
+<% end %>
 <%= link_to 'Back', debates_path %>

app/views/layouts/application.html.erb

@@ -4,7 +4,7 @@
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
 
-    <title><%= content_for?(:title) ? yield(:title) : "foundation-rails" %></title>
+    <title><%= content_for?(:title) ? yield(:title) : "Participación" %></title>
 
     <%= stylesheet_link_tag    "application" %>
     <%= javascript_include_tag "vendor/modernizr" %>
@@ -13,7 +13,7 @@
   </head>
   <body style="margin:50px">
     <p class="alert"><%= notice %></p>
-    <p class="alert"><%= alert %></p> 
+    <p class="alert"><%= alert %></p>
 
     <%= render 'devise/menu/login_items' %>
 

spec/features/debates_spec.rb

@@ -1,7 +1,7 @@
 require 'rails_helper'
 
 feature 'Debates' do
-  
+
   scenario 'Index' do
     3.times { create(:debate) }
 
@@ -35,7 +35,7 @@ feature 'Debates' do
     fill_in 'debate_title', with: 'Acabar con los desahucios'
     fill_in 'debate_description', with: 'Esto es un tema muy importante porque...'
     check 'debate_terms_of_service'
-    
+
     click_button 'Crear Debate'
 
     expect(page).to have_content 'Debate creado correctamente'
@@ -45,13 +45,36 @@ feature 'Debates' do
     expect(page).to have_content "por: #{author.name}"
   end
 
-  scenario 'Update' do
+  scenario 'Update should not be posible if logged user is not the author' do
     debate = create(:debate)
+    expect(debate).to be_editable
+    login_as(create(:user))
 
-    visit edit_debate_path(debate)
+    expect {
+      visit edit_debate_path(debate)
+    }.to raise_error ActiveRecord::RecordNotFound
+  end
+
+  scenario 'Update should not be posible if debate is not editable' do
+    debate = create(:debate)
+    vote = create(:vote, votable: debate)
+    expect(debate).to_not be_editable
+    login_as(debate.author)
+
+    expect {
+      visit edit_debate_path(debate)
+    }.to raise_error ActiveRecord::RecordNotFound
+  end
+
+  scenario 'Update should be posible for the author of an editable debate' do
+    debate = create(:debate)
+    login_as(debate.author)
+
+    visit debate_path(debate)
+    click_link 'Edit'
     fill_in 'debate_title', with: 'Dimisión Rajoy'
     fill_in 'debate_description', with: 'Podríamos...'
-    
+
     click_button 'Actualizar Debate'
 
     expect(page).to have_content 'Debate actualizado correctamente'

spec/models/debate_spec.rb

@@ -29,5 +29,42 @@ describe Debate do
     @debate.terms_of_service = nil
     expect(@debate).to_not be_valid
   end
-  
+
+  describe "#editable?" do
+    before(:each) do
+      @debate = create(:debate)
+    end
+
+    it "should be true if debate has no votes yet" do
+      expect(@debate.total_votes).to eq(0)
+      expect(@debate.editable?).to be true
+    end
+
+    it "should be false if debate has votes" do
+      create(:vote, votable: @debate)
+      expect(@debate.total_votes).to eq(1)
+      expect(@debate.editable?).to be false
+    end
+  end
+
+  describe "#editable_by?" do
+    before(:each) do
+      @debate = create(:debate)
+    end
+
+    it "should be true if user is the author and debate is editable" do
+      expect(@debate.editable_by?(@debate.author)).to be true
+    end
+
+    it "should be false if debate is not editable" do
+      create(:vote, votable: @debate)
+      expect(@debate.editable_by?(@debate.author)).to be false
+    end
+
+    it "should be false if user is not the author" do
+      expect(@debate.editable_by?(create(:user))).to be false
+
+    end
+  end
+
 end