consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent valuators from editing finished valuation

Browse Source 
Valuators should not be able to edit a finished valuation (only admins
should).

The valuation form is only shown to the valuator if he has that ability
(we've previously modified app/models/abilities/valuator.rb to be able
to rely on `valuate` over an investment to check that)

If the valuator can't see the form, we present him just the data in
plain text.
This commit is contained in:
Bertocq
2018-03-06 12:28:31 +01:00
parent 1ef2789640
commit 0516bc3e91
2 changed files with 146 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

181
app/views/valuation/budget_investments/edit.html.erb
View File

@@ -4,96 +4,125 @@
<% end %> <% end %>
<h2><%= t("valuation.budget_investments.edit.dossier") %></h2> <h2><%= t("valuation.budget_investments.edit.dossier") %></h2>
<% if can?(:valuate, @investment) %>
<%= form_for(@investment, url: valuate_valuation_budget_budget_investment_path(@budget, @investment), html: {id: "valuation_budget_investment_edit_form"}) do |f| %> <%= form_for(@investment, url: valuate_valuation_budget_budget_investment_path(@budget, @investment), html: {id: "valuation_budget_investment_edit_form"}) do |f| %>
<%= render 'shared/errors', resource: @investment %> <%= render 'shared/errors', resource: @investment %>
<div class="row">
<div class="small-12 column">
<fieldset class="fieldset">
<legend><%= t('valuation.budget_investments.edit.feasibility') %></legend>
<div class="small-4 column">
<span class="radio">
<%= f.radio_button :feasibility, 'undecided', label: false %>
<%= f.label :feasibility_undecided, t('valuation.budget_investments.edit.undefined_feasible') %>
</span>
</div>
<div class="small-4 column">
<span class="radio">
<%= f.radio_button :feasibility, 'feasible', label: false %>
<%= f.label :feasibility_feasible, t('valuation.budget_investments.edit.feasible') %>
</span>
</div>
<div class="small-4 column">
<span class="radio">
<%= f.radio_button :feasibility, 'unfeasible', label: false %>
<%= f.label :feasibility_unfeasible, t('valuation.budget_investments.edit.unfeasible') %>
</span>
</div>
</fieldset>
</div>
</div>
<div id="unfeasible_fields" >
<div class="row"> <div class="row">
<div class="small-12 column"> <div class="small-12 column">
<%= f.label :unfeasibility_explanation, t("valuation.budget_investments.edit.feasible_explanation_html") %> <fieldset class="fieldset">
<%= f.text_area :unfeasibility_explanation, label: false, rows: 3 %> <legend><%= t('valuation.budget_investments.edit.feasibility') %></legend>
<div class="small-4 column">
<span class="radio">
<%= f.radio_button :feasibility, 'undecided', label: false %>
<%= f.label :feasibility_undecided, t('valuation.budget_investments.edit.undefined_feasible') %>
</span>
</div>
<div class="small-4 column">
<span class="radio">
<%= f.radio_button :feasibility, 'feasible', label: false %>
<%= f.label :feasibility_feasible, t('valuation.budget_investments.edit.feasible') %>
</span>
</div>
<div class="small-4 column">
<span class="radio">
<%= f.radio_button :feasibility, 'unfeasible', label: false %>
<%= f.label :feasibility_unfeasible, t('valuation.budget_investments.edit.unfeasible') %>
</span>
</div>
</fieldset>
</div> </div>
</div> </div>
</div> <div id="unfeasible_fields" >
<div id="feasible_fields"> <div class="row">
<div class="small-12 column">
<div class="row"> <%= f.label :unfeasibility_explanation, t("valuation.budget_investments.edit.feasible_explanation_html") %>
<div class="small-12 medium-6 column"> <%= f.text_area :unfeasibility_explanation, label: false, rows: 3 %>
<%= f.label :price, "#{t('valuation.budget_investments.edit.price_html', currency: @budget.currency_symbol)}" %> </div>
<%= f.number_field :price, label: false, max: 1000000000000000 %>
</div> </div>
<div class="small-12 medium-6 column end"> </div>
<%= f.label :price_first_year, "#{t('valuation.budget_investments.edit.price_first_year_html', currency: @budget.currency_symbol)}" %>
<%= f.number_field :price_first_year, label: false, max: 1000000000000000 %> <div id="feasible_fields">
<div class="row">
<div class="small-12 medium-6 column">
<%= f.label :price, "#{t('valuation.budget_investments.edit.price_html', currency: @budget.currency_symbol)}" %>
<%= f.number_field :price, label: false, max: 1000000000000000 %>
</div>
<div class="small-12 medium-6 column end">
<%= f.label :price_first_year, "#{t('valuation.budget_investments.edit.price_first_year_html', currency: @budget.currency_symbol)}" %>
<%= f.number_field :price_first_year, label: false, max: 1000000000000000 %>
</div>
</div>
<div class="row">
<div class="small-12 column">
<%= f.label :price_explanation, t("valuation.budget_investments.edit.price_explanation_html") %>
<%= f.text_area :price_explanation, label: false, rows: 3 %>
</div>
</div>
<div class="row">
<div class="small-12 medium-6 column">
<%= f.label :duration, t("valuation.budget_investments.edit.duration_html") %>
<%= f.text_field :duration, label: false %>
</div>
</div>
</div>
<div class="row">
<div class="small-12 medium-8 column">
<%= f.label :valuation_finished do %>
<%= f.check_box :valuation_finished,
title: t('valuation.budget_investments.edit.valuation_finished'),
label: false, id: 'js-investment-report-alert',
"data-alert": t("valuation.budget_investments.edit.valuation_finished_alert"),
"data-not-feasible-alert": t("valuation.budget_investments.edit.not_feasible_alert") %>
<span class="checkbox"><%= t("valuation.budget_investments.edit.valuation_finished") %></span>
<% end %>
</div> </div>
</div> </div>
<div class="row"> <div class="row">
<div class="small-12 column"> <div class="actions small-12 medium-4 column">
<%= f.label :price_explanation, t("valuation.budget_investments.edit.price_explanation_html") %> <%= f.submit(class: "button expanded large", value: t("valuation.budget_investments.edit.save")) %>
<%= f.text_area :price_explanation, label: false, rows: 3 %>
</div> </div>
</div> </div>
<% end %>
<div class="row"> <% else %>
<div class="small-12 medium-6 column"> <p>
<%= f.label :duration, t("valuation.budget_investments.edit.duration_html") %> <h3><%= t('valuation.budget_investments.edit.valuation_finished') %></h3>
<%= f.text_field :duration, label: false %> </p>
</div> <p>
</div> <strong><%= t('valuation.budget_investments.edit.feasibility') %>:</strong>
<%= t("admin.budget_investments.index.feasibility.#{@investment.feasibility}") %>
</div> </p>
<p>
<div class="row"> <strong><%= t("valuation.budget_investments.edit.feasible_explanation_html") %>:</strong>
<div class="small-12 medium-8 column"> <%= @investment.unfeasibility_explanation.presence || '-' %>
<%= f.label :valuation_finished do %> </p>
<%= f.check_box :valuation_finished, <p>
title: t('valuation.budget_investments.edit.valuation_finished'), <strong><%= t('valuation.budget_investments.edit.price_html', currency: @budget.currency_symbol) %>:</strong>
label: false, id: 'js-investment-report-alert', <%= @investment.price.presence || '-' %>
"data-alert": t("valuation.budget_investments.edit.valuation_finished_alert"), </p>
"data-not-feasible-alert": t("valuation.budget_investments.edit.not_feasible_alert") %> <p>
<span class="checkbox"><%= t("valuation.budget_investments.edit.valuation_finished") %></span> <strong><%= t('valuation.budget_investments.show.price_first_year', currency: @budget.currency_symbol) %>:</strong>
<% end %> <%= @investment.price_first_year.presence || '-' %>
</div> </p>
</div> <p>
<strong><%= t('valuation.budget_investments.edit.price_explanation_html') %>:</strong>
<div class="row"> <%= @investment.price_explanation.presence || '-'%>
<div class="actions small-12 medium-4 column"> </p>
<%= f.submit(class: "button expanded large", value: t("valuation.budget_investments.edit.save")) %> <p>
</div> <strong><%= t('valuation.budget_investments.edit.duration_html') %>:</strong>
</div> <%= @investment.duration.presence || '-' %>
</p>
<% end %> <% end %>
<%= render 'valuation/budget_investments/valuation_comments' %> <%= render 'valuation/budget_investments/valuation_comments' %>

41
spec/features/valuation/budget_investments_spec.rb
View File

@@ -352,6 +352,47 @@ feature 'Valuation budget investments' do
expect(page).to have_content('Valuation finished') expect(page).to have_content('Valuation finished')
end end
context 'Reopen valuation' do
background do
investment.update(
valuation_finished: true,
feasibility: 'feasible',
unfeasibility_explanation: 'Explanation is explanatory',
price: 999,
price_first_year: 666,
price_explanation: 'Democracy is not cheap',
duration: '1 light year'
)
end
scenario 'Admins can reopen & modify finished valuation' do
logout
login_as(admin.user)
visit edit_valuation_budget_budget_investment_path(budget, investment)
expect(page).to have_selector("input[id='budget_investment_feasibility_undecided']")
expect(page).to have_selector("textarea[id='budget_investment_unfeasibility_explanation']")
expect(page).to have_selector("input[name='budget_investment[valuation_finished]']")
expect(page).to have_button('Save changes')
end
scenario 'Valuators that are not admins cannot reopen or modify a finished valuation' do
visit edit_valuation_budget_budget_investment_path(budget, investment)
expect(page).not_to have_selector("input[id='budget_investment_feasibility_undecided']")
expect(page).not_to have_selector("textarea[id='budget_investment_unfeasibility_explanation']")
expect(page).not_to have_selector("input[name='budget_investment[valuation_finished]']")
expect(page).to have_content('Valuation finished')
expect(page).to have_content('Feasibility: Feasible')
expect(page).to have_content('Feasibility explanation: Explanation is explanatory')
expect(page).to have_content('Price (€): 999')
expect(page).to have_content('Cost during the first year: 666')
expect(page).to have_content('Price explanation: Democracy is not cheap')
expect(page).to have_content('Time scope: 1 light year')
expect(page).not_to have_button('Save changes')
end
end
scenario 'Validates price formats' do scenario 'Validates price formats' do
visit valuation_budget_budget_investments_path(budget) visit valuation_budget_budget_investments_path(budget)
within("#budget_investment_#{investment.id}") do within("#budget_investment_#{investment.id}") do