consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adds authorization for poll officers

Browse Source
This commit is contained in:
Juanjo Bazán
2016-12-28 20:54:02 +01:00
parent b3b6f51b7a
commit ca0e6d6694
2 changed files with 115 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/controllers/officing/base_controller.rb
View File

@@ -1,18 +1,12 @@
class Officing::BaseController < ActionController::Base
class Officing::BaseController < ApplicationController
layout 'admin'
#before_action :verify_officer
before_action :set_locale
before_action :authenticate_user!
before_action :verify_officer
private
skip_authorization_check
def set_locale
if params[:locale] && I18n.available_locales.include?(params[:locale].to_sym)
session[:locale] = params[:locale]
end
session[:locale] ||= I18n.default_locale
I18n.locale = session[:locale]
def verify_officer
raise CanCan::AccessDenied unless current_user.try(:poll_officer?) || current_user.try(:administrator?)
end
end

109
spec/features/officing_spec.rb Normal file
View File

@@ -0,0 +1,109 @@
require 'rails_helper'
feature 'Poll Officing' do
let(:user) { create(:user) }
scenario 'Access as regular user is not authorized' do
login_as(user)
visit root_path
expect(page).to_not have_link("Polling officers")
visit officing_root_path
expect(current_path).not_to eq(officing_root_path)
expect(current_path).to eq(proposals_path)
expect(page).to have_content "You do not have permission to access this page"
end
scenario 'Access as moderator is not authorized' do
create(:moderator, user: user)
login_as(user)
visit root_path
expect(page).to_not have_link("Polling officers")
visit officing_root_path
expect(current_path).not_to eq(officing_root_path)
expect(current_path).to eq(proposals_path)
expect(page).to have_content "You do not have permission to access this page"
end
scenario 'Access as manager is not authorized' do
create(:manager, user: user)
login_as(user)
visit root_path
expect(page).to_not have_link("Polling officers")
visit officing_root_path
expect(current_path).not_to eq(officing_root_path)
expect(current_path).to eq(proposals_path)
expect(page).to have_content "You do not have permission to access this page"
end
scenario 'Access as a valuator is not authorized' do
create(:valuator, user: user)
login_as(user)
visit root_path
expect(page).to_not have_link("Polling officers")
visit officing_root_path
expect(current_path).not_to eq(officing_root_path)
expect(current_path).to eq(proposals_path)
expect(page).to have_content "You do not have permission to access this page"
end
scenario 'Access as an poll officer is authorized' do
create(:poll_officer, user: user)
create(:poll)
login_as(user)
visit root_path
expect(page).to have_link("Polling officers")
click_on "Polling officers"
expect(current_path).to eq(officing_root_path)
expect(page).to_not have_content "You do not have permission to access this page"
end
scenario 'Access as an administrator is authorized' do
create(:administrator, user: user)
create(:poll)
login_as(user)
visit root_path
expect(page).to have_link("Polling officers")
click_on "Polling officers"
expect(current_path).to eq(officing_root_path)
expect(page).to_not have_content "You do not have permission to access this page"
end
scenario "Poll officer access links" do
create(:poll_officer, user: user)
login_as(user)
visit root_path
expect(page).to have_link("Polling officers")
expect(page).to_not have_link('Valuation')
expect(page).to_not have_link('Administration')
expect(page).to_not have_link('Moderation')
end
scenario 'Officing dashboard' do
create(:poll_officer, user: user)
create(:poll)
login_as(user)
visit root_path
click_link 'Polling officers'
expect(current_path).to eq(officing_root_path)
expect(page).to have_css('#officing_menu')
expect(page).to_not have_css('#valuation_menu')
expect(page).to_not have_css('#admin_menu')
expect(page).to_not have_css('#moderation_menu')
end
end