consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent valuators from editing finished valuation

Browse Source 
Valuators should not be able to edit a finished valuation (only admins
should).

The valuation form is only shown to the valuator if he has that ability
(we've previously modified app/models/abilities/valuator.rb to be able
to rely on `valuate` over an investment to check that)

If the valuator can't see the form, we present him just the data in
plain text.
This commit is contained in:
Bertocq
2018-03-06 12:28:31 +01:00
parent 1ef2789640
commit 0516bc3e91
2 changed files with 146 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
app/views/valuation/budget_investments/edit.html.erb
View File

@@ -4,8 +4,8 @@
<% end %> <% end %>
<h2><%= t("valuation.budget_investments.edit.dossier") %></h2> <h2><%= t("valuation.budget_investments.edit.dossier") %></h2>
<% if can?(:valuate, @investment) %>
<%= form_for(@investment, url: valuate_valuation_budget_budget_investment_path(@budget, @investment), html: {id: "valuation_budget_investment_edit_form"}) do |f| %> <%= form_for(@investment, url: valuate_valuation_budget_budget_investment_path(@budget, @investment), html: {id: "valuation_budget_investment_edit_form"}) do |f| %>
<%= render 'shared/errors', resource: @investment %> <%= render 'shared/errors', resource: @investment %>
<div class="row"> <div class="row">
<div class="small-12 column"> <div class="small-12 column">
@@ -94,6 +94,35 @@
<%= f.submit(class: "button expanded large", value: t("valuation.budget_investments.edit.save")) %> <%= f.submit(class: "button expanded large", value: t("valuation.budget_investments.edit.save")) %>
</div> </div>
</div> </div>
<% end %>
<% else %>
<p>
<h3><%= t('valuation.budget_investments.edit.valuation_finished') %></h3>
</p>
<p>
<strong><%= t('valuation.budget_investments.edit.feasibility') %>:</strong>
<%= t("admin.budget_investments.index.feasibility.#{@investment.feasibility}") %>
</p>
<p>
<strong><%= t("valuation.budget_investments.edit.feasible_explanation_html") %>:</strong>
<%= @investment.unfeasibility_explanation.presence || '-' %>
</p>
<p>
<strong><%= t('valuation.budget_investments.edit.price_html', currency: @budget.currency_symbol) %>:</strong>
<%= @investment.price.presence || '-' %>
</p>
<p>
<strong><%= t('valuation.budget_investments.show.price_first_year', currency: @budget.currency_symbol) %>:</strong>
<%= @investment.price_first_year.presence || '-' %>
</p>
<p>
<strong><%= t('valuation.budget_investments.edit.price_explanation_html') %>:</strong>
<%= @investment.price_explanation.presence || '-'%>
</p>
<p>
<strong><%= t('valuation.budget_investments.edit.duration_html') %>:</strong>
<%= @investment.duration.presence || '-' %>
</p>
<% end %> <% end %>
<%= render 'valuation/budget_investments/valuation_comments' %> <%= render 'valuation/budget_investments/valuation_comments' %>

41
spec/features/valuation/budget_investments_spec.rb
View File

@@ -352,6 +352,47 @@ feature 'Valuation budget investments' do
expect(page).to have_content('Valuation finished') expect(page).to have_content('Valuation finished')
end end
context 'Reopen valuation' do
background do
investment.update(
valuation_finished: true,
feasibility: 'feasible',
unfeasibility_explanation: 'Explanation is explanatory',
price: 999,
price_first_year: 666,
price_explanation: 'Democracy is not cheap',
duration: '1 light year'
)
end
scenario 'Admins can reopen & modify finished valuation' do
logout
login_as(admin.user)
visit edit_valuation_budget_budget_investment_path(budget, investment)
expect(page).to have_selector("input[id='budget_investment_feasibility_undecided']")
expect(page).to have_selector("textarea[id='budget_investment_unfeasibility_explanation']")
expect(page).to have_selector("input[name='budget_investment[valuation_finished]']")
expect(page).to have_button('Save changes')
end
scenario 'Valuators that are not admins cannot reopen or modify a finished valuation' do
visit edit_valuation_budget_budget_investment_path(budget, investment)
expect(page).not_to have_selector("input[id='budget_investment_feasibility_undecided']")
expect(page).not_to have_selector("textarea[id='budget_investment_unfeasibility_explanation']")
expect(page).not_to have_selector("input[name='budget_investment[valuation_finished]']")
expect(page).to have_content('Valuation finished')
expect(page).to have_content('Feasibility: Feasible')
expect(page).to have_content('Feasibility explanation: Explanation is explanatory')
expect(page).to have_content('Price (€): 999')
expect(page).to have_content('Cost during the first year: 666')
expect(page).to have_content('Price explanation: Democracy is not cheap')
expect(page).to have_content('Time scope: 1 light year')
expect(page).not_to have_button('Save changes')
end
end
scenario 'Validates price formats' do scenario 'Validates price formats' do
visit valuation_budget_budget_investments_path(budget) visit valuation_budget_budget_investments_path(budget)
within("#budget_investment_#{investment.id}") do within("#budget_investment_#{investment.id}") do