From c1c136278082d67248606dfbe4f74b054e5e74f5 Mon Sep 17 00:00:00 2001 From: kikito Date: Mon, 10 Aug 2015 15:00:14 +0200 Subject: [PATCH] Adapts debates controller to new permissions system --- app/controllers/debates_controller.rb | 8 +------- spec/features/debates_spec.rb | 18 ++++++++++-------- 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/app/controllers/debates_controller.rb b/app/controllers/debates_controller.rb index a395f9c5e..e4e55b8a7 100644 --- a/app/controllers/debates_controller.rb +++ b/app/controllers/debates_controller.rb @@ -1,8 +1,6 @@ class DebatesController < ApplicationController include RecaptchaHelper - before_action :set_debate, only: [:show, :edit, :update, :vote] - before_action :authenticate_user!, except: [:index, :show] - before_action :validate_ownership, only: [:edit, :update] + load_and_authorize_resource def index if params[:tag] @@ -56,10 +54,6 @@ class DebatesController < ApplicationController params.require(:debate).permit(:title, :description, :tag_list, :terms_of_service) end - def validate_ownership - raise ActiveRecord::RecordNotFound unless @debate.editable_by?(current_user) - end - def set_voted_values(debates_ids) @voted_values = current_user ? current_user.votes_on_debates(debates_ids) : {} end diff --git a/spec/features/debates_spec.rb b/spec/features/debates_spec.rb index f8b96e2ed..894b09b19 100644 --- a/spec/features/debates_spec.rb +++ b/spec/features/debates_spec.rb @@ -98,9 +98,9 @@ feature 'Debates' do expect(debate).to be_editable login_as(create(:user)) - expect { - visit edit_debate_path(debate) - }.to raise_error ActiveRecord::RecordNotFound + visit edit_debate_path(debate) + expect(current_path).to eq(root_path) + expect(page).to have_content 'not authorized' end scenario 'Update should not be posible if debate is not editable' do @@ -109,17 +109,19 @@ feature 'Debates' do expect(debate).to_not be_editable login_as(debate.author) - expect { - visit edit_debate_path(debate) - }.to raise_error ActiveRecord::RecordNotFound + visit edit_debate_path(debate) + edit_debate_path(debate) + expect(current_path).to eq(root_path) + expect(page).to have_content 'not authorized' end scenario 'Update should be posible for the author of an editable debate' do debate = create(:debate) login_as(debate.author) - visit debate_path(debate) - click_link 'Edit' + visit edit_debate_path(debate) + expect(current_path).to eq(edit_debate_path(debate)) + fill_in 'debate_title', with: "End child poverty" fill_in 'debate_description', with: "Let's..."