Prevent valuators from editing finished valuation

Valuators should not be able to edit a finished valuation (only admins should). The valuation form is only shown to the valuator if he has that ability (we've previously modified app/models/abilities/valuator.rb to be able to rely on `valuate` over an investment to check that) If the valuator can't see the form, we present him just the data in plain text.
2018-03-06 12:28:31 +01:00
parent 1ef2789640
commit 0516bc3e91
2 changed files with 146 additions and 76 deletions
--- a/app/views/valuation/budget_investments/edit.html.erb
+++ b/app/views/valuation/budget_investments/edit.html.erb
@@ -4,8 +4,8 @@
 <% end %>

 <h2><%= t("valuation.budget_investments.edit.dossier") %></h2>
-
-<%= form_for(@investment, url: valuate_valuation_budget_budget_investment_path(@budget, @investment), html: {id: "valuation_budget_investment_edit_form"}) do |f| %>
+<% if can?(:valuate, @investment) %>
+  <%= form_for(@investment, url: valuate_valuation_budget_budget_investment_path(@budget, @investment), html: {id: "valuation_budget_investment_edit_form"}) do |f| %>
    <%= render 'shared/errors', resource: @investment %>
    <div class="row">
      <div class="small-12 column">
@@ -94,6 +94,35 @@
        <%= f.submit(class: "button expanded large", value: t("valuation.budget_investments.edit.save")) %>
      </div>
    </div>
+  <% end %>
+<% else %>
+  <p>
+    <h3><%= t('valuation.budget_investments.edit.valuation_finished') %></h3>
+  </p>
+  <p>
+    <strong><%= t('valuation.budget_investments.edit.feasibility') %>:</strong>
+    <%= t("admin.budget_investments.index.feasibility.#{@investment.feasibility}") %>
+  </p>
+  <p>
+    <strong><%= t("valuation.budget_investments.edit.feasible_explanation_html") %>:</strong>
+    <%= @investment.unfeasibility_explanation.presence || '-' %>
+  </p>
+  <p>
+    <strong><%= t('valuation.budget_investments.edit.price_html', currency: @budget.currency_symbol) %>:</strong>
+    <%= @investment.price.presence || '-' %>
+  </p>
+  <p>
+    <strong><%= t('valuation.budget_investments.show.price_first_year', currency: @budget.currency_symbol) %>:</strong>
+    <%= @investment.price_first_year.presence || '-' %>
+  </p>
+  <p>
+    <strong><%= t('valuation.budget_investments.edit.price_explanation_html') %>:</strong>
+    <%= @investment.price_explanation.presence || '-'%>
+  </p>
+  <p>
+    <strong><%= t('valuation.budget_investments.edit.duration_html') %>:</strong>
+    <%= @investment.duration.presence || '-' %>
+  </p>
 <% end %>

 <%= render 'valuation/budget_investments/valuation_comments' %>
--- a/spec/features/valuation/budget_investments_spec.rb
+++ b/spec/features/valuation/budget_investments_spec.rb
@@ -352,6 +352,47 @@ feature 'Valuation budget investments' do
      expect(page).to have_content('Valuation finished')
    end

+    context 'Reopen valuation' do
+      background do
+        investment.update(
+          valuation_finished: true,
+          feasibility: 'feasible',
+          unfeasibility_explanation: 'Explanation is explanatory',
+          price: 999,
+          price_first_year: 666,
+          price_explanation: 'Democracy is not cheap',
+          duration: '1 light year'
+        )
+      end
+
+      scenario 'Admins can reopen & modify finished valuation' do
+        logout
+        login_as(admin.user)
+        visit edit_valuation_budget_budget_investment_path(budget, investment)
+
+        expect(page).to have_selector("input[id='budget_investment_feasibility_undecided']")
+        expect(page).to have_selector("textarea[id='budget_investment_unfeasibility_explanation']")
+        expect(page).to have_selector("input[name='budget_investment[valuation_finished]']")
+        expect(page).to have_button('Save changes')
+      end
+
+      scenario 'Valuators that are not admins cannot reopen or modify a finished valuation' do
+        visit edit_valuation_budget_budget_investment_path(budget, investment)
+
+        expect(page).not_to have_selector("input[id='budget_investment_feasibility_undecided']")
+        expect(page).not_to have_selector("textarea[id='budget_investment_unfeasibility_explanation']")
+        expect(page).not_to have_selector("input[name='budget_investment[valuation_finished]']")
+        expect(page).to have_content('Valuation finished')
+        expect(page).to have_content('Feasibility: Feasible')
+        expect(page).to have_content('Feasibility explanation: Explanation is explanatory')
+        expect(page).to have_content('Price (€): 999')
+        expect(page).to have_content('Cost during the first year: 666')
+        expect(page).to have_content('Price explanation: Democracy is not cheap')
+        expect(page).to have_content('Time scope: 1 light year')
+        expect(page).not_to have_button('Save changes')
+      end
+    end
+
    scenario 'Validates price formats' do
      visit valuation_budget_budget_investments_path(budget)
      within("#budget_investment_#{investment.id}") do