53670602e0
When creating a budget investment with an unverified manager (for example, a manager who isn't part of the local census), there's a request to `Budgets::InvestmentsController#suggest`. Since the manager isn't verified, suggestions can't be obtained. There are serveral ways to fix this problem: * Add a `suggest` action to Management::Budgets::InvestmentsController, doing the same thing the main `suggest` action does. * Give unverified users permission to access investment suggestions * Give managers permission to access investment suggestions I've chosen the last one because I thought it was simple and only changed existing behaviour for managers, but any other solution would be as valid. I haven't added the `phase: "accepting"` condition to keep it simple, since a read-only action like this one in the management portal isn't gonna create security risks.
12 lines
185 B
Ruby
12 lines
185 B
Ruby
module Abilities
|
|
class Manager
|
|
include CanCan::Ability
|
|
|
|
def initialize(user)
|
|
merge Abilities::Common.new(user)
|
|
|
|
can :suggest, Budget::Investment
|
|
end
|
|
end
|
|
end
|