Merge branch 'master' into proposal-dashboard

app/controllers/application_controller.rb

@@ -3,6 +3,9 @@ require "application_responder"
 class ApplicationController < ActionController::Base
   include HasFilters
   include HasOrders
+  include AccessDeniedHandler
+
+  protect_from_forgery with: :exception
 
   before_action :authenticate_http_basic, if: :http_basic_auth_site?
 
@@ -15,15 +18,6 @@ class ApplicationController < ActionController::Base
   check_authorization unless: :devise_controller?
   self.responder = ApplicationResponder
 
-  protect_from_forgery with: :exception
-
-  rescue_from CanCan::AccessDenied do |exception|
-    respond_to do |format|
-      format.html { redirect_to main_app.root_url, alert: exception.message }
-      format.json { render json: {error: exception.message}, status: :forbidden }
-    end
-  end
-
   layout :set_layout
   respond_to :html
   helper_method :current_budget

app/controllers/concerns/access_denied_handler.rb

@@ -0,0 +1,12 @@
+module AccessDeniedHandler
+  extend ActiveSupport::Concern
+
+  included do
+    rescue_from CanCan::AccessDenied do |exception|
+      respond_to do |format|
+        format.html { redirect_to main_app.root_url, alert: exception.message }
+        format.json { render json: { error: exception.message }, status: :forbidden }
+      end
+    end
+  end
+end

app/controllers/management/sessions_controller.rb

@@ -1,6 +1,7 @@
 require "manager_authenticator"
 
 class Management::SessionsController < ActionController::Base
+  include AccessDeniedHandler
 
   def create
     destroy_session

app/controllers/pages_controller.rb

@@ -15,6 +15,6 @@ class PagesController < ApplicationController
       render action: params[:id]
     end
   rescue ActionView::MissingTemplate
-    head 404
+    head 404, content_type: "text/html"
   end
 end

app/models/poll/ballot.rb

@@ -1,4 +1,4 @@
-class Poll::Ballot < ActiveRecord::Base
+class Poll::Ballot < ApplicationRecord
   belongs_to :ballot_sheet, class_name: Poll::BallotSheet
 
   validates :ballot_sheet_id, presence: true

app/models/poll/ballot_sheet.rb

@@ -1,4 +1,4 @@
-class Poll::BallotSheet < ActiveRecord::Base
+class Poll::BallotSheet < ApplicationRecord
   belongs_to :poll
   belongs_to :officer_assignment
   has_many :ballots, class_name: Poll::Ballot

config/locales/ar/budgets.yml

@@ -97,7 +97,7 @@ ar:
           confidence_score: اعلى تقييم
           price: حسب السعر
       share:
-        message: "لقد أنشأت مشروع استثماري %{title} في %{org}. أنشىء مشروع الاستثماري أنت أيضاً!"
+        message: "لقد أنشأت مشروع استثماري %{title} في %{handle}. أنشىء مشروع الاستثماري أنت أيضاً!"
       show:
         author_deleted: تم حذف المستخدم
         price_explanation: توضيح الاسعار

config/locales/de-DE/budgets.yml

@@ -106,7 +106,7 @@ de:
           confidence_score: am besten bewertet
           price: nach Preis
       share:
-        message: "Ich habe einen Ausgabenvorschlag %{title} in %{org} erstellt. Erstellen Sie auch einen Ausgabenvorschlag!"
+        message: "Ich habe einen Ausgabenvorschlag %{title} in %{handle} erstellt. Erstellen Sie auch einen Ausgabenvorschlag!"
       show:
         author_deleted: Benutzer gelöscht
         price_explanation: Preiserklärung

config/locales/gl/budgets.yml

@@ -106,7 +106,7 @@ gl:
           confidence_score: Máis apoiados
           price: por custo
       share:
-        message: "Acabo de crear o proxecto de investimento %{title} en %{org}. Anímote a crear o teu proxecto de investimento!"
+        message: "Acabo de crear o proxecto de investimento %{title} en %{handle}. Anímote a crear o teu proxecto de investimento!"
       show:
         author_deleted: Usuario/a borrado/a
         price_explanation: Informe de custo <small>(opcional, dato público)</small>

config/locales/gl/general.yml

@@ -446,7 +446,7 @@ gl:
       form:
         submit_button: Gardar so cambios
     share:
-      message: "Veño de apoiar a proposta %{summary} en %{handle}. Se che interesa, apoia ti tamén!"
+      message: "Veño de apoiar a proposta %{title} en %{handle}. Se che interesa, apoia ti tamén!"
   polls:
     all: "Todo"
     no_dates: "sen data asignada"

config/locales/nl/budgets.yml

@@ -106,7 +106,7 @@ nl:
           confidence_score: best gescored
           price: op bedrag
       share:
-        message: "Ik heb investeringsvoorstel %{title} gemaakt in %{org}. Jij kunt ook een investeringsvoorstel doen!"
+        message: "Ik heb investeringsvoorstel %{title} gemaakt in %{handle}. Jij kunt ook een investeringsvoorstel doen!"
       show:
         author_deleted: Gebruiker verwijderd
         price_explanation: Price explanation

config/locales/ru/general.yml

@@ -423,7 +423,7 @@ ru:
       form:
         submit_button: Сохранить изменения
     share:
-      message: "Я поддержал(а) предложение %{summary} в %{org}. Если вам интересно, поддержите его тоже!"
+      message: "Я поддержал(а) предложение %{title} в %{handle}. Если вам интересно, поддержите его тоже!"
   polls:
     all: "Все"
     no_dates: "дата не назначена"

config/locales/so-SO/budgets.yml

@@ -106,7 +106,7 @@ so:
           confidence_score: ugu sareeya
           price: qiime ahaan
       share:
-        message: "Waxaan abuuray mashruuca maalgashiga%{title} ee%{org} Samee mashruuc maal-gashi aad adigu leedahay!"
+        message: "Waxaan abuuray mashruuca maalgashiga%{title} ee%{handle} Samee mashruuc maal-gashi aad adigu leedahay!"
       show:
         author_deleted: Isticmalaha la tirtiray
         price_explanation: Faahfaahinta qiimaha

config/locales/so-SO/general.yml

@@ -445,7 +445,7 @@ so:
       form:
         submit_button: Badbaadi beddelka
     share:
-      message: "Waxaan taageeray hindisaha%{summary} ee%{handle} Haddii aad xiiseyneyso, sidoo kale waa inaad taageertaa!"
+      message: "Waxaan taageeray hindisaha%{title} ee%{handle} Haddii aad xiiseyneyso, sidoo kale waa inaad taageertaa!"
   polls:
     all: "Dhamaan"
     no_dates: "tirada taariikhda la magacaabay"

config/locales/sq-AL/budgets.yml

@@ -106,7 +106,7 @@ sq:
           confidence_score: më të vlerësuarat
           price: nga çmimi
       share:
-        message: "Kam krijuar projektin e investimeve%{title} në %{org}. Krijoni një projekt investimi edhe ju!"
+        message: "Kam krijuar projektin e investimeve%{title} në %{handle}. Krijoni një projekt investimi edhe ju!"
       show:
         author_deleted: Përdoruesi u fshi
         price_explanation: Shpjegimi i çmimit

config/locales/sq-AL/general.yml

@@ -445,7 +445,7 @@ sq:
       form:
         submit_button: Ruaj ndryshimet
     share:
-      message: "Kam përkrahur propozimin %{summary} në%{handle}. Nëse jeni të interesuar, përkrahu gjithashtu!"
+      message: "Kam përkrahur propozimin %{title} në%{handle}. Nëse jeni të interesuar, përkrahu gjithashtu!"
   polls:
     all: "Të gjithë"
     no_dates: "Asnjë datë e caktuar"

config/locales/val/budgets.yml

@@ -106,7 +106,7 @@ val:
           confidence_score: millor valorats
           price: per cost
       share:
-        message: "Acabe de crear una proposta %{title} en %{org}. Crea una tu també!"
+        message: "Acabe de crear una proposta %{title} en %{handle}. Crea una tu també!"
       show:
         author_deleted: Usuari eliminat
         price_explanation: Informe de cost

config/locales/val/general.yml

@@ -445,7 +445,7 @@ val:
       form:
         submit_button: Guardar canvis
     share:
-      message: "He avalat la proposta %{summary} en %{handle}. Si t'interessa, avala tu també!"
+      message: "He avalat la proposta %{title} en %{handle}. Si t'interessa, avala tu també!"
   polls:
     all: "Totes"
     no_dates: "sense data asignada"

config/locales/zh-CN/budgets.yml

@@ -103,7 +103,7 @@ zh-CN:
           confidence_score: 最高评分
           price: 按价格
       share:
-        message: "我在%{org} 里创建了投资项目%{title}。请您也创建一个投资项目吧！"
+        message: "我在%{handle} 里创建了投资项目%{title}。请您也创建一个投资项目吧！"
       show:
         author_deleted: 已删除的用户
         price_explanation: 价格说明

config/locales/zh-CN/general.yml

@@ -428,7 +428,7 @@ zh-CN:
       form:
         submit_button: 保存更改
     share:
-      message: "我支持%{handle} 中的提议%{summary}。如果您感兴趣，也请支持它！"
+      message: "我支持%{handle} 中的提议%{title}。如果您感兴趣，也请支持它！"
   polls:
     all: "所有"
     no_dates: "没指定日期"

db/migrate/20170514192303_add_balloted_heading_id_to_users.rb

@@ -1,4 +1,4 @@
-class AddBallotedHeadingIdToUsers < ActiveRecord::Migration
+class AddBallotedHeadingIdToUsers < ActiveRecord::Migration[4.2]
   def change
     add_column :users, :balloted_heading_id, :integer, default: nil
   end

db/migrate/20180604173248_add_budget_to_polls.rb

@@ -1,4 +1,4 @@
-class AddBudgetToPolls < ActiveRecord::Migration
+class AddBudgetToPolls < ActiveRecord::Migration[4.2]
   def change
     add_reference :polls, :budget, index: { unique: true }, foreign_key: true
   end

db/migrate/20180621182723_create_poll_ballot_sheets.rb

@@ -1,4 +1,4 @@
-class CreatePollBallotSheets < ActiveRecord::Migration
+class CreatePollBallotSheets < ActiveRecord::Migration[4.2]
   def change
     create_table :poll_ballot_sheets do |t|
       t.text :data

db/migrate/20180704093831_create_poll_ballot.rb

@@ -1,4 +1,4 @@
-class CreatePollBallot < ActiveRecord::Migration
+class CreatePollBallot < ActiveRecord::Migration[4.2]
   def change
     create_table :poll_ballots do |t|
       t.integer :ballot_sheet_id

db/migrate/20180704095538_add_physical_to_budget_ballot.rb

@@ -1,4 +1,4 @@
-class AddPhysicalToBudgetBallot < ActiveRecord::Migration
+class AddPhysicalToBudgetBallot < ActiveRecord::Migration[4.2]
   def change
     add_column :budget_ballots, :physical, :boolean, default: false
     add_column :budget_ballots, :poll_ballot_id, :integer

spec/controllers/management/sessions_controller_spec.rb

@@ -3,11 +3,13 @@ require "rails_helper"
 describe Management::SessionsController do
 
   describe "Sign in" do
+
     it "denies access if wrong manager credentials" do
       allow_any_instance_of(ManagerAuthenticator).to receive(:auth).and_return(false)
-      expect {
-        get :create, params: { login: "nonexistent", clave_usuario: "wrong" }
-      }.to raise_error CanCan::AccessDenied
+      get :create, params: { login: "nonexistent", clave_usuario: "wrong" }
+
+      expect(response).to redirect_to "/"
+      expect(flash[:alert]).to eq "You do not have permission to access this page."
       expect(session[:manager]).to be_nil
     end
 
@@ -42,7 +44,10 @@ describe Management::SessionsController do
 
     it "denies access if user is not admin or manager" do
       sign_in create(:user)
-      expect { get :create}.to raise_error CanCan::AccessDenied
+      get :create
+
+      expect(response).to redirect_to "/"
+      expect(flash[:alert]).to eq "You do not have permission to access this page."
       expect(session[:manager]).to be_nil
     end
   end

spec/controllers/pages_controller_spec.rb

@@ -42,6 +42,11 @@ describe PagesController do
       get :show, params: { id: "nonExistentPage" }
       expect(response).to be_missing
     end
+
+    it "returns a 404 message for a JavaScript request" do
+      get :show, params: { id: "nonExistentJavaScript.js" }
+      expect(response).to be_missing
+    end
   end
 
 end

spec/features/budgets/ballots_spec.rb

@@ -307,6 +307,7 @@ feature "Ballots" do
 
       within("#budget_investment_#{investment1.id}") do
         find(".remove a").click
+        expect(page).to have_link "Vote"
       end
 
       visit budget_investments_path(budget, heading_id: new_york.id)