Merge pull request #27 from AyuntamientoMadrid/20-edit-debate-permissions

Edit debate permissions

app/controllers/debates_controller.rb

@@ -1,6 +1,7 @@
 class DebatesController < ApplicationController
   before_action :set_debate, only: [:show, :edit, :update]
-  before_action :authenticate_user!, only: [:new, :create]
+  before_action :authenticate_user!, except: [:show, :index]
+  before_action :validate_ownership, only: [:edit, :update]
 
   def index
     if params[:tag]
@@ -42,4 +43,8 @@ class DebatesController < ApplicationController
       params.require(:debate).permit(:title, :description, :tag_list, :terms_of_service)
     end
 
+    def validate_ownership
+      raise ActiveRecord::RecordNotFound unless @debate.editable_by?(current_user)
+    end
+
 end

app/models/debate.rb

@@ -24,4 +24,12 @@ class Debate < ActiveRecord::Base
     votes_for.size
   end
 
+  def editable?
+    total_votes == 0
+  end
+
+  def editable_by?(user)
+    editable? && author == user
+  end
+
 end

app/views/debates/show.html.erb

@@ -35,5 +35,7 @@
   <%= render @debate.root_comments %>
 </div>
 
-<%= link_to 'Edit', edit_debate_path(@debate) %> |
+<% if current_user && @debate.editable_by?(current_user) %>
+  <%= link_to 'Edit', edit_debate_path(@debate) %> |
+<% end %>
 <%= link_to 'Back', debates_path %>

app/views/layouts/application.html.erb

@@ -4,7 +4,7 @@
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
 
-    <title><%= content_for?(:title) ? yield(:title) : "foundation-rails" %></title>
+    <title><%= content_for?(:title) ? yield(:title) : "Participación" %></title>
 
     <%= stylesheet_link_tag    "application" %>
     <%= javascript_include_tag "vendor/modernizr" %>

spec/features/debates_spec.rb

@@ -45,10 +45,33 @@ feature 'Debates' do
     expect(page).to have_content "por: #{author.name}"
   end
 
-  scenario 'Update' do
+  scenario 'Update should not be posible if logged user is not the author' do
     debate = create(:debate)
+    expect(debate).to be_editable
+    login_as(create(:user))
 
-    visit edit_debate_path(debate)
+    expect {
+      visit edit_debate_path(debate)
+    }.to raise_error ActiveRecord::RecordNotFound
+  end
+
+  scenario 'Update should not be posible if debate is not editable' do
+    debate = create(:debate)
+    vote = create(:vote, votable: debate)
+    expect(debate).to_not be_editable
+    login_as(debate.author)
+
+    expect {
+      visit edit_debate_path(debate)
+    }.to raise_error ActiveRecord::RecordNotFound
+  end
+
+  scenario 'Update should be posible for the author of an editable debate' do
+    debate = create(:debate)
+    login_as(debate.author)
+
+    visit debate_path(debate)
+    click_link 'Edit'
     fill_in 'debate_title', with: 'Dimisión Rajoy'
     fill_in 'debate_description', with: 'Podríamos...'
 

spec/models/debate_spec.rb

@@ -30,4 +30,41 @@ describe Debate do
     expect(@debate).to_not be_valid
   end
 
+  describe "#editable?" do
+    before(:each) do
+      @debate = create(:debate)
+    end
+
+    it "should be true if debate has no votes yet" do
+      expect(@debate.total_votes).to eq(0)
+      expect(@debate.editable?).to be true
+    end
+
+    it "should be false if debate has votes" do
+      create(:vote, votable: @debate)
+      expect(@debate.total_votes).to eq(1)
+      expect(@debate.editable?).to be false
+    end
+  end
+
+  describe "#editable_by?" do
+    before(:each) do
+      @debate = create(:debate)
+    end
+
+    it "should be true if user is the author and debate is editable" do
+      expect(@debate.editable_by?(@debate.author)).to be true
+    end
+
+    it "should be false if debate is not editable" do
+      create(:vote, votable: @debate)
+      expect(@debate.editable_by?(@debate.author)).to be false
+    end
+
+    it "should be false if user is not the author" do
+      expect(@debate.editable_by?(create(:user))).to be false
+
+    end
+  end
+
 end