From c2457e36a585748caea63f541685d54d99ea26c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mar=C3=ADa=20Checa?= <MariaCheca@users.noreply.github.com>
Date: Thu, 5 Jul 2018 18:40:17 +0200
Subject: [PATCH] Add budget stats permissions for normal users and admins

---
 app/models/abilities/administrator.rb |  1 +
 app/models/abilities/everyone.rb      |  2 +-
 spec/features/budgets/stats_spec.rb   | 37 +++++++++++++++++++++++++++
 3 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 spec/features/budgets/stats_spec.rb

diff --git a/app/models/abilities/administrator.rb b/app/models/abilities/administrator.rb
index a72997dbf..9f8c7e965 100644
--- a/app/models/abilities/administrator.rb
+++ b/app/models/abilities/administrator.rb
@@ -66,6 +66,7 @@ module Abilities
       can [:hide, :update, :toggle_selection], Budget::Investment
       can [:valuate, :comment_valuation], Budget::Investment
       can :create, Budget::ValuatorAssignment
+      can :read_stats, Budget, phase: "reviewing_ballots"
 
       can [:search, :edit, :update, :create, :index, :destroy], Banner
 
diff --git a/app/models/abilities/everyone.rb b/app/models/abilities/everyone.rb
index 90d4161c2..626be1c0a 100644
--- a/app/models/abilities/everyone.rb
+++ b/app/models/abilities/everyone.rb
@@ -21,7 +21,7 @@ module Abilities
       can [:read], Budget::Group
       can [:read, :print, :json_data], Budget::Investment
       can [:read_results, :read_executions], Budget, phase: "finished"
-      can :read_stats, Budget, phase: ["reviewing_ballots", "finished"]
+      can :read_stats, Budget, phase: "finished"
       can :new, DirectMessage
       can [:read, :debate, :draft_publication, :allegations, :result_publication,
            :proposals, :milestones], Legislation::Process, published: true
diff --git a/spec/features/budgets/stats_spec.rb b/spec/features/budgets/stats_spec.rb
new file mode 100644
index 000000000..ce1982cdf
--- /dev/null
+++ b/spec/features/budgets/stats_spec.rb
@@ -0,0 +1,37 @@
+require "rails_helper"
+
+feature "Stats" do
+
+  let(:budget)  { create(:budget) }
+  let(:group)   { create(:budget_group, budget: budget) }
+  let(:heading) { create(:budget_heading, group: group, price: 1000) }
+
+  describe "Show" do
+
+    it "is not accessible to normal users if phase is not 'finished'" do
+      budget.update(phase: "reviewing_ballots")
+
+      visit budget_stats_path(budget.id)
+      expect(page).to have_content "You do not have permission to carry out the action "\
+                                   "'read_stats' on budget."
+    end
+
+    it "is accessible to normal users if phase is 'finished'" do
+      budget.update(phase: "finished")
+
+      visit budget_stats_path(budget.id)
+      expect(page).to have_content "Stats"
+    end
+
+    it "is accessible to administrators when budget has phase 'reviewing_ballots'" do
+      budget.update(phase: "reviewing_ballots")
+
+      login_as(create(:administrator).user)
+
+      visit budget_stats_path(budget.id)
+      expect(page).to have_content "Stats"
+    end
+
+  end
+
+end