consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adapts debates controller to new permissions system

Browse Source
This commit is contained in:
kikito
2015-08-10 15:00:14 +02:00
parent 30e738a2fe
commit c1c1362780
2 changed files with 11 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/controllers/debates_controller.rb
View File

@@ -1,8 +1,6 @@
class DebatesController < ApplicationController class DebatesController < ApplicationController
include RecaptchaHelper include RecaptchaHelper
before_action :set_debate, only: [:show, :edit, :update, :vote] load_and_authorize_resource
before_action :authenticate_user!, except: [:index, :show]
before_action :validate_ownership, only: [:edit, :update]
def index def index
if params[:tag] if params[:tag]
@@ -56,10 +54,6 @@ class DebatesController < ApplicationController
params.require(:debate).permit(:title, :description, :tag_list, :terms_of_service) params.require(:debate).permit(:title, :description, :tag_list, :terms_of_service)
end end
def validate_ownership
raise ActiveRecord::RecordNotFound unless @debate.editable_by?(current_user)
end
def set_voted_values(debates_ids) def set_voted_values(debates_ids)
@voted_values = current_user ? current_user.votes_on_debates(debates_ids) : {} @voted_values = current_user ? current_user.votes_on_debates(debates_ids) : {}
end end

18
spec/features/debates_spec.rb
View File

@@ -98,9 +98,9 @@ feature 'Debates' do
expect(debate).to be_editable expect(debate).to be_editable
login_as(create(:user)) login_as(create(:user))
expect { visit edit_debate_path(debate)
visit edit_debate_path(debate) expect(current_path).to eq(root_path)
}.to raise_error ActiveRecord::RecordNotFound expect(page).to have_content 'not authorized'
end end
scenario 'Update should not be posible if debate is not editable' do scenario 'Update should not be posible if debate is not editable' do
@@ -109,17 +109,19 @@ feature 'Debates' do
expect(debate).to_not be_editable expect(debate).to_not be_editable
login_as(debate.author) login_as(debate.author)
expect { visit edit_debate_path(debate)
visit edit_debate_path(debate) edit_debate_path(debate)
}.to raise_error ActiveRecord::RecordNotFound expect(current_path).to eq(root_path)
expect(page).to have_content 'not authorized'
end end
scenario 'Update should be posible for the author of an editable debate' do scenario 'Update should be posible for the author of an editable debate' do
debate = create(:debate) debate = create(:debate)
login_as(debate.author) login_as(debate.author)
visit debate_path(debate) visit edit_debate_path(debate)
click_link 'Edit' expect(current_path).to eq(edit_debate_path(debate))
fill_in 'debate_title', with: "End child poverty" fill_in 'debate_title', with: "End child poverty"
fill_in 'debate_description', with: "Let's..." fill_in 'debate_description', with: "Let's..."