adds permissions for everyone to see investment projects
This commit is contained in:
rgarcia
@@ -5,7 +5,6 @@ class SpendingProposalsController < ApplicationController
|
||||
|
||||
load_and_authorize_resource
|
||||
|
||||
before_action :verify_access, only: [:show]
|
||||
before_filter -> { flash.now[:notice] = flash[:notice].html_safe if flash[:html_safe] && flash[:notice] }
|
||||
|
||||
feature_flag :spending_proposals
|
||||
@@ -41,8 +40,4 @@ class SpendingProposalsController < ApplicationController
|
||||
params.require(:spending_proposal).permit(:title, :description, :external_url, :geozone_id, :association_name, :terms_of_service, :captcha, :captcha_key)
|
||||
end
|
||||
|
||||
def verify_access
|
||||
raise CanCan::AccessDenied unless current_user.try(:valuator?) || current_user.try(:administrator?) || @spending_proposal.author == current_user
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
@@ -113,42 +113,6 @@ feature 'Spending proposals' do
|
||||
expect(page).to have_content(spending_proposal.geozone.name)
|
||||
end
|
||||
|
||||
scenario "Show (as valuator)" do
|
||||
user = create(:user)
|
||||
admin = create(:valuator, user: user)
|
||||
login_as(admin.user)
|
||||
|
||||
spending_proposal = create(:spending_proposal,
|
||||
geozone: create(:geozone),
|
||||
association_name: 'People of the neighbourhood')
|
||||
|
||||
visit spending_proposal_path(spending_proposal)
|
||||
|
||||
expect(page).to have_content(spending_proposal.title)
|
||||
expect(page).to have_content(spending_proposal.description)
|
||||
expect(page).to have_content(spending_proposal.author.name)
|
||||
expect(page).to have_content(spending_proposal.association_name)
|
||||
expect(page).to have_content(spending_proposal.geozone.name)
|
||||
end
|
||||
|
||||
scenario "Show (as author)" do
|
||||
author = create(:user)
|
||||
login_as(author)
|
||||
|
||||
spending_proposal = create(:spending_proposal,
|
||||
geozone: create(:geozone),
|
||||
association_name: 'People of the neighbourhood',
|
||||
author: author)
|
||||
|
||||
visit spending_proposal_path(spending_proposal)
|
||||
|
||||
expect(page).to have_content(spending_proposal.title)
|
||||
expect(page).to have_content(spending_proposal.description)
|
||||
expect(page).to have_content(spending_proposal.author.name)
|
||||
expect(page).to have_content(spending_proposal.association_name)
|
||||
expect(page).to have_content(spending_proposal.geozone.name)
|
||||
end
|
||||
|
||||
scenario "Show (as user)" do
|
||||
user = create(:user)
|
||||
login_as(user)
|
||||
@@ -159,8 +123,11 @@ feature 'Spending proposals' do
|
||||
|
||||
visit spending_proposal_path(spending_proposal)
|
||||
|
||||
expect(page).to_not have_content(spending_proposal.title)
|
||||
expect(page).to have_content("You do not have permission to access this page")
|
||||
expect(page).to have_content(spending_proposal.title)
|
||||
expect(page).to have_content(spending_proposal.description)
|
||||
expect(page).to have_content(spending_proposal.author.name)
|
||||
expect(page).to have_content(spending_proposal.association_name)
|
||||
expect(page).to have_content(spending_proposal.geozone.name)
|
||||
end
|
||||
|
||||
context "Destroy" do
|
||||
|
||||
Reference in New Issue
Block a user