Merge pull request #3776 from consul/valuator_edit_investment

Don't let valuators update investments

app/models/abilities/valuator.rb

@@ -7,9 +7,9 @@ module Abilities
       assigned_investment_ids = valuator.assigned_investment_ids
       finished = { phase: "finished" }
 
-      can [:read, :update], Budget::Investment, id: assigned_investment_ids
+      can [:read], Budget::Investment, id: assigned_investment_ids
       can [:valuate], Budget::Investment, { id: assigned_investment_ids, valuation_finished: false }
-      cannot [:update, :valuate, :comment_valuation], Budget::Investment, budget: finished
+      cannot [:valuate, :comment_valuation], Budget::Investment, budget: finished
 
       if valuator.can_edit_dossier?
         can [:edit_dossier], Budget::Investment, id: assigned_investment_ids

spec/models/abilities/valuator_spec.rb

@@ -18,16 +18,12 @@ describe Abilities::Valuator do
     should_not be_able_to(:valuate, assigned_investment)
   end
 
-  it { should_not be_able_to(:update, non_assigned_investment) }
+  it { should_not be_able_to(:update, assigned_investment) }
-  it { should_not be_able_to(:valuate, non_assigned_investment) }
 
-  it { should be_able_to(:update, assigned_investment) }
   it { should be_able_to(:valuate, assigned_investment) }
-
-  it { should be_able_to(:update, group_assigned_investment) }
   it { should be_able_to(:valuate, group_assigned_investment) }
 
-  it { should_not be_able_to(:update, finished_assigned_investment) }
+  it { should_not be_able_to(:valuate, non_assigned_investment) }
   it { should_not be_able_to(:valuate, finished_assigned_investment) }
 
   it "can update dossier information if not set can_edit_dossier attribute" do