consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1020 from consul/cannot-delete-proposals

Browse Source 
allows only admins to delete spending proposals
This commit is contained in:
Juanjo Bazán
2016-03-29 18:23:34 +02:00
parent f2291070b2 d5453f1733
commit 5166d0ce06
7 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/spending_proposals_controller.rb
View File

@@ -31,7 +31,7 @@ class SpendingProposalsController < ApplicationController
end
def destroy
spending_proposal = current_user.spending_proposals.find(params[:id])
spending_proposal = SpendingProposal.find(params[:id])
spending_proposal.destroy
redirect_to user_path(current_user, filter: 'spending_proposals'), notice: t('flash.actions.destroy.spending_proposal')
end

2
app/models/abilities/administrator.rb
View File

@@ -37,7 +37,7 @@ module Abilities
can :manage, Annotation
can [:read, :update], SpendingProposal
can [:read, :update, :destroy], SpendingProposal
end
end
end

1
app/models/abilities/common.rb
View File

@@ -44,7 +44,6 @@ module Abilities
can :vote, Proposal
can :vote_featured, Proposal
can :create, SpendingProposal
can :destroy, SpendingProposal, author_id: user.id
end
can :create, Annotation

6
spec/features/spending_proposals_spec.rb
View File

@@ -132,10 +132,12 @@ feature 'Spending proposals' do
context "Destroy" do
scenario "User can destroy owned spending proposals" do
scenario "Admin can destroy owned spending proposals" do
admin = create(:administrator)
user = create(:user, :level_two)
spending_proposal = create(:spending_proposal, author: user)
login_as(user)
login_as(admin.user)
visit user_path(user)
within("#spending_proposal_#{spending_proposal.id}") do

8
spec/features/users_spec.rb
View File

@@ -240,19 +240,19 @@ feature 'Users' do
expect(page).to have_content('Build a school')
end
scenario 'delete button is shown if logged in user is author' do
scenario 'delete button is not shown if logged in user is author' do
login_as(@author)
visit user_path(@author)
within("#spending_proposal_#{@spending_proposal.id}") do
expect(page).to have_content('Delete')
expect(page).to_not have_content('Delete')
end
end
scenario 'delete button is not shown if logged in user is admin' do
scenario 'delete button is shown if logged in user is admin' do
login_as(create(:administrator).user)
visit user_path(@author)
within("#spending_proposal_#{@spending_proposal.id}") do
expect(page).to_not have_content('Delete')
expect(page).to have_content('Delete')
end
end

1
spec/models/abilities/administrator_spec.rb
View File

@@ -55,4 +55,5 @@ describe "Abilities::Administrator" do
it { should be_able_to(:read, SpendingProposal) }
it { should be_able_to(:update, SpendingProposal) }
it { should be_able_to(:valuate, SpendingProposal) }
it { should be_able_to(:destroy, SpendingProposal) }
end

4
spec/models/abilities/common_spec.rb
View File

@@ -92,7 +92,7 @@ describe "Abilities::Common" do
it { should be_able_to(:create, SpendingProposal) }
it { should_not be_able_to(:destroy, create(:spending_proposal)) }
it { should be_able_to(:destroy, own_spending_proposal) }
it { should_not be_able_to(:destroy, own_spending_proposal) }
end
describe "when level 3 verified" do
@@ -104,6 +104,6 @@ describe "Abilities::Common" do
it { should be_able_to(:create, SpendingProposal) }
it { should_not be_able_to(:destroy, create(:spending_proposal)) }
it { should be_able_to(:destroy, own_spending_proposal) }
it { should_not be_able_to(:destroy, own_spending_proposal) }
end
end