Added restrictions to access Poll results and stats

app/models/abilities/administrator.rb

@@ -56,7 +56,7 @@ module Abilities
 
       can [:index, :create, :edit, :update, :destroy], Geozone
 
-      can [:read, :create, :update, :destroy, :add_question, :search_booths, :search_officers, :booth_assignments], Poll
+      can [:read, :create, :update, :destroy, :add_question, :search_booths, :search_officers, :booth_assignments, :results, :stats], Poll
       can [:read, :create, :update, :destroy, :available], Poll::Booth
       can [:search, :create, :index, :destroy], ::Poll::Officer
       can [:create, :destroy, :manage], ::Poll::BoothAssignment

app/models/abilities/everyone.rb

@@ -6,7 +6,9 @@ module Abilities
       can [:read, :map], Debate
       can [:read, :map, :summary, :share], Proposal
       can :read, Comment
-      can [:read, :results, :stats], Poll
+      can :read, Poll
+      cannot :results, Poll, results_enabled: false
+      cannot :stats, Poll, stats_enabled: false
       can :read, Poll::Question
       can [:read, :welcome], Budget
       can :read, SpendingProposal

app/views/polls/_poll_subnav.html.erb

@@ -1,29 +1,35 @@
-<div class="row margin-top">
-  <div class="small-12 column">
-    <ul class="menu simple clear">
-      <% if controller_name == "polls" && action_name == "results" %>
-        <li class="active">
-          <h2><%= t("polls.show.results_menu") %></h2>
-        </li>
-      <% else %>
-        <li><%= link_to t("polls.show.results_menu"), poll_results_path(@poll) %></li>
-      <% end %>
+<% if current_user.administrator? || (@poll.expired? && (@poll.results_enabled? || @poll.stats_enabled?)) %>
+  <div class="row margin-top">
+    <div class="small-12 column">
+      <ul class="menu simple clear">
+        <% if current_user.administrator? || @poll.results_enabled? %>
+          <% if controller_name == "polls" && action_name == "results" %>
+            <li class="active">
+              <h2><%= t("polls.show.results_menu") %></h2>
+            </li>
+          <% else %>
+            <li><%= link_to t("polls.show.results_menu"), poll_results_path(@poll) %></li>
+          <% end %>
+        <% end %>
 
-      <% if controller_name == "polls" && action_name == "stats" %>
-        <li class="active">
-          <h2><%= t("polls.show.stats_menu") %></h2>
-        </li>
-      <% else %>
-        <li><%= link_to t("polls.show.stats_menu"), poll_stats_path(@poll) %></li>
-      <% end %>
+        <% if current_user.administrator? || @poll.stats_enabled? %>
+          <% if controller_name == "polls" && action_name == "stats" %>
+            <li class="active">
+              <h2><%= t("polls.show.stats_menu") %></h2>
+            </li>
+          <% else %>
+            <li><%= link_to t("polls.show.stats_menu"), poll_stats_path(@poll) %></li>
+          <% end %>
+        <% end %>
 
-      <% if controller_name == "polls" && action_name == "show" %>
-        <li class="active">
-          <h2><%= t("polls.show.info_menu") %></h2>
-        </li>
-      <% else %>
-        <li><%= link_to t("polls.show.info_menu"), poll_path(@poll) %></li>
-      <% end %>
-    </ul>
+        <% if controller_name == "polls" && action_name == "show" %>
+          <li class="active">
+            <h2><%= t("polls.show.info_menu") %></h2>
+          </li>
+        <% else %>
+          <li><%= link_to t("polls.show.info_menu"), poll_path(@poll) %></li>
+        <% end %>
+      </ul>
+    </div>
   </div>
-</div>
+<% end %>

app/views/polls/show.html.erb

@@ -15,7 +15,7 @@
         </div>
       <% else %>
 
-        <% if current_user && @poll.voted_in_web?(current_user) %>
+        <% if current_user && @poll.voted_in_web?(current_user) && !@poll.expired? %>
           <div class="callout warning">
             <%= t("polls.show.already_voted_in_web") %>
           </div>