updates permissions for direct messages

2016-06-09 17:35:19 +02:00
parent 900d997000
commit fea3aef5bb
4 changed files with 26 additions and 1 deletions
--- a/app/controllers/direct_messages_controller.rb
+++ b/app/controllers/direct_messages_controller.rb
@@ -1,5 +1,5 @@
 class DirectMessagesController < ApplicationController
-  skip_authorization_check
+  load_and_authorize_resource

  def new
    @receiver = User.find(params[:user_id])
--- a/app/models/abilities/common.rb
+++ b/app/models/abilities/common.rb
@@ -46,6 +46,8 @@ module Abilities
        can :vote_featured, Proposal
        can :vote, SpendingProposal
        can :create, SpendingProposal
+        can :create, DirectMessage
+        can :show, DirectMessage, sender_id: user.id
      end

      can [:new, :create, :show], ProposalNotification do |notification|
--- a/spec/factories.rb
+++ b/spec/factories.rb
@@ -331,4 +331,11 @@ FactoryGirl.define do
    body     "Please let others know so we can make it happen"
    proposal
  end
+
+  factory :direct_message do
+    title    "Hey!"
+    body     "How are You doing?"
+    association :sender,   factory: :user
+    association :receiver, factory: :user
+  end
 end
--- a/spec/models/abilities/common_spec.rb
+++ b/spec/models/abilities/common_spec.rb
@@ -37,6 +37,10 @@ describe "Abilities::Common" do
  it { should_not be_able_to(:comment_as_administrator, proposal) }
  it { should_not be_able_to(:comment_as_moderator, proposal) }

+  it { should be_able_to(:new, DirectMessage) }
+  it { should_not be_able_to(:create, DirectMessage) }
+  it { should_not be_able_to(:show, DirectMessage) }
+
  describe 'flagging content' do
    it { should be_able_to(:flag, debate) }
    it { should be_able_to(:unflag, debate) }
@@ -85,6 +89,7 @@ describe "Abilities::Common" do

  describe "when level 2 verified" do
    let(:own_spending_proposal) { create(:spending_proposal, author: user) }
+    let(:own_direct_message) { create(:direct_message, sender: user) }
    before{ user.update(residence_verified_at: Time.now, confirmed_phone: "1") }

    it { should be_able_to(:vote, Proposal) }
@@ -93,10 +98,16 @@ describe "Abilities::Common" do
    it { should be_able_to(:create, SpendingProposal) }
    it { should_not be_able_to(:destroy, create(:spending_proposal)) }
    it { should_not be_able_to(:destroy, own_spending_proposal) }
+
+    it { should be_able_to(:new, DirectMessage) }
+    it { should be_able_to(:create, DirectMessage) }
+    it { should be_able_to(:show, own_direct_message) }
+    it { should_not be_able_to(:show, create(:direct_message)) }
  end

  describe "when level 3 verified" do
    let(:own_spending_proposal) { create(:spending_proposal, author: user) }
+    let(:own_direct_message) { create(:direct_message, sender: user) }
    before{ user.update(verified_at: Time.now) }

    it { should be_able_to(:vote, Proposal) }
@@ -105,5 +116,10 @@ describe "Abilities::Common" do
    it { should be_able_to(:create, SpendingProposal) }
    it { should_not be_able_to(:destroy, create(:spending_proposal)) }
    it { should_not be_able_to(:destroy, own_spending_proposal) }
+
+    it { should be_able_to(:new, DirectMessage) }
+    it { should be_able_to(:create, DirectMessage) }
+    it { should be_able_to(:show, own_direct_message) }
+    it { should_not be_able_to(:show, create(:direct_message)) }
  end
 end