From c34fc7f0b871baabf295da4ca2933a4eea9fb908 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javi=20Mart=C3=ADn?= <javim@elretirao.net>
Date: Thu, 30 Dec 2021 17:19:49 +0100
Subject: [PATCH] Remove unneeded lines restricting permissions

In the past, users had permission to edit their own legislation
proposals. However, that changed in commit ebfa3fb01, where we replaced
the `can` method with `cannot`.

An easier way to remove this permission is to simply remove the whole
statement, since by default users don't have permissions to do anything.

We're also adding a test checking users can't edit their own legislation
proposals, since it was missing.
---
 app/models/abilities/common.rb       | 3 ---
 spec/models/abilities/common_spec.rb | 4 ++++
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/app/models/abilities/common.rb b/app/models/abilities/common.rb
index 4d3a6b6ac..ce55d8734 100644
--- a/app/models/abilities/common.rb
+++ b/app/models/abilities/common.rb
@@ -39,9 +39,6 @@ module Abilities
       can [:retire_form, :retire], Proposal, author_id: user.id
 
       can :read, Legislation::Proposal
-      cannot [:edit, :update], Legislation::Proposal do |proposal|
-        proposal.editable_by?(user)
-      end
       can [:retire_form, :retire], Legislation::Proposal, author_id: user.id
 
       can :create, Comment
diff --git a/spec/models/abilities/common_spec.rb b/spec/models/abilities/common_spec.rb
index 8cce034f2..5299d068c 100644
--- a/spec/models/abilities/common_spec.rb
+++ b/spec/models/abilities/common_spec.rb
@@ -14,6 +14,7 @@ describe Abilities::Common do
   let(:own_debate)   { create(:debate,   author: user) }
   let(:own_comment)  { create(:comment,  author: user) }
   let(:own_proposal) { create(:proposal, author: user) }
+  let(:own_legislation_proposal) { create(:legislation_proposal, author: user) }
 
   let(:accepting_budget) { create(:budget, :accepting) }
   let(:reviewing_budget) { create(:budget, :reviewing) }
@@ -167,6 +168,9 @@ describe Abilities::Common do
     it { should_not be_able_to(:destroy, proposal_document)      }
   end
 
+  it { should_not be_able_to(:edit, own_legislation_proposal) }
+  it { should_not be_able_to(:update, own_legislation_proposal) }
+
   describe "proposals dashboard" do
     it { should be_able_to(:dashboard, own_proposal) }
     it { should_not be_able_to(:dashboard, proposal) }