From 5b40696f4f71f3fdebde55fc6be36ea249cf1628 Mon Sep 17 00:00:00 2001
From: decabeza <alberto@decabeza.es>
Date: Sat, 21 Oct 2017 17:34:45 +0200
Subject: [PATCH 1/4] shows admin shortcuts menu only to admin users

---
 .../admin/shared/_admin_shortcuts.html.erb    | 22 ++++++++++---------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/app/views/admin/shared/_admin_shortcuts.html.erb b/app/views/admin/shared/_admin_shortcuts.html.erb
index 7ead6d419..8a292d6bb 100644
--- a/app/views/admin/shared/_admin_shortcuts.html.erb
+++ b/app/views/admin/shared/_admin_shortcuts.html.erb
@@ -1,10 +1,12 @@
-<li>
-  <%= link_to admin_stats_path, title: t("admin.menu.stats") do %>
-    <span class="icon-stats"></span>
-  <% end %>
-</li>
-<li>
-  <%= link_to admin_settings_path, title: t("admin.menu.settings") do %>
-    <span class="icon-settings"></span>
-  <% end %>
-</li>
+<% if current_user.administrator? %>
+  <li>
+    <%= link_to admin_stats_path, title: t("admin.menu.stats") do %>
+      <span class="icon-stats"></span>
+    <% end %>
+  </li>
+  <li>
+    <%= link_to admin_settings_path, title: t("admin.menu.settings") do %>
+      <span class="icon-settings"></span>
+    <% end %>
+  </li>
+<% end %>
\ No newline at end of file

From 668745f3e1d56559152abd264affe9fde0ba2e87 Mon Sep 17 00:00:00 2001
From: decabeza <alberto@decabeza.es>
Date: Sat, 21 Oct 2017 17:36:44 +0200
Subject: [PATCH 2/4] moves officing menu outside of admin dropdown

---
 app/helpers/users_helper.rb                  |  6 +-----
 app/views/shared/_admin_login_items.html.erb | 11 +++++------
 2 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
index 111a80267..da340bb46 100644
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -52,12 +52,8 @@ module UsersHelper
     current_user && current_user.manager?
   end
 
-  def current_poll_officer?
-    current_user && current_user.poll_officer?
-  end
-
   def show_admin_menu?
-    current_administrator? || current_moderator? || current_valuator? || current_manager? || current_poll_officer?
+    current_administrator? || current_moderator? || current_valuator? || current_manager?
   end
 
   def interests_title_text(user)
diff --git a/app/views/shared/_admin_login_items.html.erb b/app/views/shared/_admin_login_items.html.erb
index 9634874f9..a9e6fa4b9 100644
--- a/app/views/shared/_admin_login_items.html.erb
+++ b/app/views/shared/_admin_login_items.html.erb
@@ -26,12 +26,11 @@
           <%= link_to t("layouts.header.management"), management_sign_in_path %>
         </li>
       <% end %>
-
-      <% if current_user.administrator? || current_user.poll_officer? %>
-        <li>
-          <%= link_to t("layouts.header.officing"), officing_root_path %>
-        </li>
-      <% end %>
     </ul>
   </li>
 <% end %>
+<% if current_user && current_user.poll_officer? %>
+  <li>
+    <%= link_to t("layouts.header.officing"), officing_root_path %>
+  </li>
+<% end %>

From 573961a3218a6c81c78b7f4370af9213f7b69bf0 Mon Sep 17 00:00:00 2001
From: decabeza <alberto@decabeza.es>
Date: Sat, 21 Oct 2017 17:37:14 +0200
Subject: [PATCH 3/4] avoids admin access to officing panel

---
 app/controllers/officing/base_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/officing/base_controller.rb b/app/controllers/officing/base_controller.rb
index 97ef23d30..07cf4cfa5 100644
--- a/app/controllers/officing/base_controller.rb
+++ b/app/controllers/officing/base_controller.rb
@@ -7,6 +7,6 @@ class Officing::BaseController < ApplicationController
   skip_authorization_check
 
   def verify_officer
-    raise CanCan::AccessDenied unless current_user.try(:poll_officer?) || current_user.try(:administrator?)
+    raise CanCan::AccessDenied unless current_user.try(:poll_officer?)
   end
 end
\ No newline at end of file

From 47d626619fcab1a6372b1ac516bbf39962364dd6 Mon Sep 17 00:00:00 2001
From: decabeza <alberto@decabeza.es>
Date: Sat, 21 Oct 2017 17:37:37 +0200
Subject: [PATCH 4/4] adds specs for admin access to officing

---
 spec/features/officing_spec.rb | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/spec/features/officing_spec.rb b/spec/features/officing_spec.rb
index 338b416ea..b208b735c 100644
--- a/spec/features/officing_spec.rb
+++ b/spec/features/officing_spec.rb
@@ -55,7 +55,22 @@ feature 'Poll Officing' do
     expect(page).to have_content "You do not have permission to access this page"
   end
 
-  scenario 'Access as an poll officer is authorized' do
+  scenario 'Access as an administrator is not authorized' do
+    create(:administrator, user: user)
+    create(:poll)
+    login_as(user)
+    visit root_path
+
+    expect(page).to_not have_link("Polling officers")
+    visit officing_root_path
+
+    expect(current_path).not_to eq(officing_root_path)
+    expect(current_path).to eq(root_path)
+    expect(page).to have_content "You do not have permission to access this page"
+  end
+
+  scenario 'Access as an administrator with poll officer role is authorized' do
+    create(:administrator, user: user)
     create(:poll_officer, user: user)
     create(:poll)
     login_as(user)
@@ -68,8 +83,8 @@ feature 'Poll Officing' do
     expect(page).to_not have_content "You do not have permission to access this page"
   end
 
-  scenario 'Access as an administrator is authorized' do
-    create(:administrator, user: user)
+  scenario 'Access as an poll officer is authorized' do
+    create(:poll_officer, user: user)
     create(:poll)
     login_as(user)
     visit root_path