users can view their own spending proposals

2016-02-21 14:28:48 +01:00
parent 575b0e105f
commit 2291caa3fd
2 changed files with 30 additions and 7 deletions
--- a/app/controllers/spending_proposals_controller.rb
+++ b/app/controllers/spending_proposals_controller.rb
@@ -1,11 +1,11 @@
 class SpendingProposalsController < ApplicationController
  include FeatureFlags

-  before_action :authenticate_user!, except: [:index]
-  before_action :verify_valuator, only: [:show]
-
  load_and_authorize_resource

+  before_action :authenticate_user!, except: [:index]
+  before_action :verify_access, only: [:show]
+
  feature_flag :spending_proposals

  def index
@@ -20,7 +20,7 @@ class SpendingProposalsController < ApplicationController
    @spending_proposal.author = current_user

    if @spending_proposal.save_with_captcha
-      redirect_to spending_proposals_path, notice: t("flash.actions.create.spending_proposal")
+      redirect_to @spending_proposal, notice: t("flash.actions.create.spending_proposal")
    else
      render :new
    end
@@ -32,8 +32,8 @@ class SpendingProposalsController < ApplicationController
      params.require(:spending_proposal).permit(:title, :description, :external_url, :geozone_id, :association_name, :terms_of_service, :captcha, :captcha_key)
    end

-    def verify_valuator
-      raise CanCan::AccessDenied unless current_user.try(:valuator?) || current_user.try(:administrator?)
+    def verify_access
+      raise CanCan::AccessDenied unless current_user.try(:valuator?) || current_user.try(:administrator?) || @spending_proposal.author == current_user
    end

 end
--- a/spec/features/spending_proposals_spec.rb
+++ b/spec/features/spending_proposals_spec.rb
@@ -2,7 +2,7 @@ require 'rails_helper'

 feature 'Spending proposals' do

-  let(:author) { create(:user, :level_two) }
+  let(:author) { create(:user, :level_two, username: 'Isabel') }

  scenario 'Index' do
    visit spending_proposals_path
@@ -33,6 +33,11 @@ feature 'Spending proposals' do
    click_button 'Create'

    expect(page).to have_content 'Spending proposal created successfully'
+    expect(page).to have_content('Build a skyscraper')
+    expect(page).to have_content('I want to live in a high tower over the clouds')
+    expect(page).to have_content('Isabel')
+    expect(page).to have_content('People of the neighbourhood')
+    expect(page).to have_content('All city')
  end

  scenario 'Captcha is required for proposal creation' do
@@ -100,6 +105,24 @@ feature 'Spending proposals' do
    expect(page).to have_content(spending_proposal.geozone.name)
  end

+  scenario "Show (as author)" do
+    author = create(:user)
+    login_as(author)
+
+    spending_proposal = create(:spending_proposal,
+                                geozone: create(:geozone),
+                                association_name: 'People of the neighbourhood',
+                                author: author)
+
+    visit spending_proposal_path(spending_proposal)
+
+    expect(page).to have_content(spending_proposal.title)
+    expect(page).to have_content(spending_proposal.description)
+    expect(page).to have_content(spending_proposal.author.name)
+    expect(page).to have_content(spending_proposal.association_name)
+    expect(page).to have_content(spending_proposal.geozone.name)
+  end
+
  scenario "Show (as user)" do
    user = create(:user)
    login_as(user)