Adapts AccountController to new permissions system

2015-08-10 15:10:47 +02:00
parent c1c1362780
commit ce27a6f2ea
4 changed files with 18 additions and 6 deletions
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -1,7 +1,7 @@
 class AccountController < ApplicationController

-  before_action :authenticate_user!
  before_action :set_account
+  load_and_authorize_resource class: "User"

  def show
  end
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -6,6 +6,8 @@ class Ability
    can :read, Debate

    if user # logged-in users
+      can [:read, :update], User, id: user.id
+
      can [:read, :create, :vote], Debate
      can :update, Debate do |debate|
        debate.editable_by?(user)
--- a/spec/features/account_spec.rb
+++ b/spec/features/account_spec.rb
@@ -10,6 +10,7 @@ feature 'Account' do
    login_as(@user)
    visit root_path
    click_link "My account"
+    expect(current_path).to eq(account_path)

    expect(page).to have_selector("input[value='Manuela']")
    expect(page).to have_selector("input[value='Colau']")
--- a/spec/models/ability_spec.rb
+++ b/spec/models/ability_spec.rb
@@ -5,7 +5,7 @@ describe Ability do
  subject(:ability) { Ability.new(user) }
  let(:debate) { Debate.new }

-  describe "Non-logged in users" do
+  describe "Non-logged in user" do
    let(:user) { nil }

    it { should be_able_to(:index, Debate) }
@@ -14,13 +14,22 @@ describe Ability do
    it { should_not be_able_to(:vote, Debate) }
  end

-  describe "Citizens" do
+  describe "Citizen" do
    let(:user) { create(:user) }

    it { should be_able_to(:index, Debate) }
    it { should be_able_to(:show, debate) }
    it { should be_able_to(:vote, debate) }

+    it { should be_able_to(:show, user) }
+    it { should be_able_to(:edit, user) }
+
+    describe "other users" do
+      let(:other_user) { create(:user) }
+      it { should_not be_able_to(:show, other_user) }
+      it { should_not be_able_to(:edit, other_user) }
+    end
+
    describe "editing debates" do
      let(:own_debate) { create(:debate, author: user) }
      let(:own_debate_non_editable) { create(:debate, author: user) }
@@ -33,7 +42,7 @@ describe Ability do
    end
  end

-  describe "Moderators" do
+  describe "Moderator" do
    let(:user) { create(:user) }
    before { create(:moderator, user: user) }

@@ -43,7 +52,7 @@ describe Ability do

  end

-  describe "Administrators" do
+  describe "Administrator" do
    let(:user) { create(:user) }
    before { create(:administrator, user: user) }