consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Limit admin access to poll stats and results

Browse Source 
There's no reason to allow administrators to check stats and results for
a poll when it isn't finished or when results and stats are not enabled.

Now admins have the same permissions as everyone else.
This commit is contained in:
Javi Martín
2019-11-08 20:49:28 +01:00
parent 8dbad5c3d2
commit 2029d7baa5
2 changed files with 1 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/abilities/administrator.rb
View File

@@ -75,7 +75,7 @@ module Abilities
can [:index, :create, :edit, :update, :destroy], Geozone
can [:read, :create, :update, :destroy, :add_question, :search_booths, :search_officers, :booth_assignments, :results, :stats], Poll
can [:read, :create, :update, :destroy, :add_question, :search_booths, :search_officers, :booth_assignments], Poll
can [:read, :create, :update, :destroy, :available], Poll::Booth
can [:search, :create, :index, :destroy], ::Poll::Officer
can [:create, :destroy, :manage], ::Poll::BoothAssignment

4
spec/models/abilities/administrator_spec.rb
View File

@@ -6,7 +6,6 @@ describe Abilities::Administrator do
let(:user) { administrator.user }
let(:administrator) { create(:administrator) }
let(:poll) { create(:poll, :current, stats_enabled: false, results_enabled: false) }
let(:other_user) { create(:user) }
let(:hidden_user) { create(:user, :hidden) }
@@ -89,9 +88,6 @@ describe Abilities::Administrator do
it { should_not be_able_to(:destroy, budget_investment_document) }
it { should be_able_to(:manage, Dashboard::Action) }
it { should be_able_to(:stats, poll) }
it { should be_able_to(:results, poll) }
it { should be_able_to(:read, Poll::Question) }
it { should be_able_to(:create, Poll::Question) }
it { should be_able_to(:update, Poll::Question) }