consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adds permissions for everyone to see investment projects

Browse Source
This commit is contained in:
rgarcia
2016-03-29 13:26:08 +02:00
parent a14cc1a575
commit e52004edc3
2 changed files with 5 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/spending_proposals_controller.rb
View File

@@ -5,7 +5,6 @@ class SpendingProposalsController < ApplicationController
load_and_authorize_resource load_and_authorize_resource
before_action :verify_access, only: [:show]
before_filter -> { flash.now[:notice] = flash[:notice].html_safe if flash[:html_safe] && flash[:notice] } before_filter -> { flash.now[:notice] = flash[:notice].html_safe if flash[:html_safe] && flash[:notice] }
feature_flag :spending_proposals feature_flag :spending_proposals
@@ -41,8 +40,4 @@ class SpendingProposalsController < ApplicationController
params.require(:spending_proposal).permit(:title, :description, :external_url, :geozone_id, :association_name, :terms_of_service, :captcha, :captcha_key) params.require(:spending_proposal).permit(:title, :description, :external_url, :geozone_id, :association_name, :terms_of_service, :captcha, :captcha_key)
end end
def verify_access
raise CanCan::AccessDenied unless current_user.try(:valuator?) || current_user.try(:administrator?) || @spending_proposal.author == current_user
end
end end

43
spec/features/spending_proposals_spec.rb
View File

@@ -113,42 +113,6 @@ feature 'Spending proposals' do
expect(page).to have_content(spending_proposal.geozone.name) expect(page).to have_content(spending_proposal.geozone.name)
end end
scenario "Show (as valuator)" do
user = create(:user)
admin = create(:valuator, user: user)
login_as(admin.user)
spending_proposal = create(:spending_proposal,
geozone: create(:geozone),
association_name: 'People of the neighbourhood')
visit spending_proposal_path(spending_proposal)
expect(page).to have_content(spending_proposal.title)
expect(page).to have_content(spending_proposal.description)
expect(page).to have_content(spending_proposal.author.name)
expect(page).to have_content(spending_proposal.association_name)
expect(page).to have_content(spending_proposal.geozone.name)
end
scenario "Show (as author)" do
author = create(:user)
login_as(author)
spending_proposal = create(:spending_proposal,
geozone: create(:geozone),
association_name: 'People of the neighbourhood',
author: author)
visit spending_proposal_path(spending_proposal)
expect(page).to have_content(spending_proposal.title)
expect(page).to have_content(spending_proposal.description)
expect(page).to have_content(spending_proposal.author.name)
expect(page).to have_content(spending_proposal.association_name)
expect(page).to have_content(spending_proposal.geozone.name)
end
scenario "Show (as user)" do scenario "Show (as user)" do
user = create(:user) user = create(:user)
login_as(user) login_as(user)
@@ -159,8 +123,11 @@ feature 'Spending proposals' do
visit spending_proposal_path(spending_proposal) visit spending_proposal_path(spending_proposal)
expect(page).to_not have_content(spending_proposal.title) expect(page).to have_content(spending_proposal.title)
expect(page).to have_content("You do not have permission to access this page") expect(page).to have_content(spending_proposal.description)
expect(page).to have_content(spending_proposal.author.name)
expect(page).to have_content(spending_proposal.association_name)
expect(page).to have_content(spending_proposal.geozone.name)
end end
context "Destroy" do context "Destroy" do