consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1111 from consul/manager-role

Browse Source 
Manager role
This commit is contained in:
Raimond Garcia
2016-05-11 11:54:38 +02:00
parent c253e159cc ef9546968b
commit e7d49f7730
27 changed files with 262 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
app/controllers/admin/managers_controller.rb Normal file
View File

@@ -0,0 +1,32 @@
class Admin::ManagersController < Admin::BaseController
load_and_authorize_resource
def index
@managers = @managers.page(params[:page])
end
def search
@user = User.find_by(email: params[:email])
respond_to do |format|
if @user
@manager = Manager.find_or_initialize_by(user: @user)
format.js
else
format.js { render "user_not_found" }
end
end
end
def create
@manager.user_id = params[:user_id]
@manager.save
redirect_to admin_managers_path
end
def destroy
@manager.destroy
redirect_to admin_managers_path
end
end

10
app/controllers/admin/moderators_controller.rb
View File

@@ -18,15 +18,15 @@ class Admin::ModeratorsController < Admin::BaseController
end
end
def destroy
@moderator.destroy
redirect_to admin_moderators_path
end
def create
@moderator.user_id = params[:user_id]
@moderator.save
redirect_to admin_moderators_path
end
def destroy
@moderator.destroy
redirect_to admin_moderators_path
end
end

8
app/controllers/management/sessions_controller.rb
View File

@@ -4,7 +4,7 @@ class Management::SessionsController < ActionController::Base
def create
destroy_session
if admin? || manager?
if admin? || manager? || authenticated_manager?
redirect_to management_root_path
else
raise CanCan::AccessDenied
@@ -31,6 +31,12 @@ class Management::SessionsController < ActionController::Base
end
def manager?
if current_user.try(:manager?)
session[:manager] = {login: "manager_user_#{current_user.id}"}
end
end
def authenticated_manager?
if manager = ManagerAuthenticator.new(params).auth
session[:manager] = manager
end

1
app/models/abilities/administrator.rb
View File

@@ -37,6 +37,7 @@ module Abilities
can [:search, :create, :index, :destroy], ::Moderator
can [:search, :create, :index, :summary], ::Valuator
can [:search, :create, :index, :destroy], ::Manager
can :manage, Annotation

6
app/models/manager.rb Normal file
View File

@@ -0,0 +1,6 @@
class Manager < ActiveRecord::Base
belongs_to :user, touch: true
delegate :name, :email, :name_and_email, to: :user
validates :user_id, presence: true, uniqueness: true
end

5
app/models/user.rb
View File

@@ -12,6 +12,7 @@ class User < ActiveRecord::Base
has_one :administrator
has_one :moderator
has_one :valuator
has_one :manager
has_one :organization
has_one :lock
has_many :flags
@@ -104,6 +105,10 @@ class User < ActiveRecord::Base
valuator.present?
end
def manager?
manager.present?
end
def organization?
organization.present?
end

7
app/views/admin/_menu.html.erb
View File

@@ -85,6 +85,13 @@
<% end %>
</li>
<li <%= 'class=active' if controller_name == 'managers' %>>
<%= link_to admin_managers_path do %>
<span class="icon-user"></span>
<%= t('admin.menu.managers') %>
<% end %>
</li>
<li <%= 'class=active' if controller_name == 'activity' %>>
<%= link_to admin_activity_path do %>
<span class="icon-eye"></span>

13
app/views/admin/managers/_manager.html.erb Normal file
View File

@@ -0,0 +1,13 @@
<span><%= manager.name %></span>
<span class="bullet">&nbsp;&bull;&nbsp;</span>
<span><%= manager.email %></span>
<% if manager.persisted? %>
<%= link_to t('admin.managers.manager.delete'),
admin_manager_path(manager),
method: :delete,
class: "button small alert float-right"
%>
<% else %>
<%= link_to t('admin.managers.manager.add'),{ controller: "admin/managers", action: :create, user_id: manager.user_id },
method: :post, class: "button small success float-right" %>
<% end %>

24
app/views/admin/managers/index.html.erb Normal file
View File

@@ -0,0 +1,24 @@
<h2><%= t("admin.managers.index.title") %></h2>
<div class="row">
<div class="column">
<%= form_tag search_admin_managers_path, method: :get, remote: true do %>
<div class="small-12 medium-6 column">
<%= text_field_tag :email, '', placeholder: t('admin.managers.search.email_placeholder') %>
</div>
<div class="small-12 medium-6 column">
<%= submit_tag t('admin.managers.search.search'), class: 'button' %>
</div>
<% end %>
</div>
</div>
<div id="search-result" class="row small"></div>
<h3><%= page_entries_info @managers %></h3>
<ul id="managers" class="admin-list">
<% @managers.each do |manager| %>
<li>
<%= render 'manager', manager: manager %>
</li>
<% end %>
</ul>
<%= paginate @managers %>

1
app/views/admin/managers/search.js.erb Normal file
View File

@@ -0,0 +1 @@
$("#search-result").html("<div class=\"panel column\"><%= j render 'manager', manager: @manager %></div>");

1
app/views/admin/managers/user_not_found.js.erb Normal file
View File

@@ -0,0 +1 @@
$("#search-result").html("<div class=\"panel column\"><%= j t('admin.managers.search.user_not_found') %></div>");

2
app/views/shared/_admin_login_items.html.erb
View File

@@ -17,7 +17,7 @@
</li>
<% end %>
<% if current_user.administrator? %>
<% if current_user.administrator? || current_user.manager? %>
<li>
<%= link_to t("layouts.header.management"), management_sign_in_path %>
</li>

11
config/locales/admin.en.yml
View File

@@ -47,6 +47,16 @@ en:
with_confirmed_hide: Confirmed
without_confirmed_hide: Pending
title: Hidden debates
managers:
index:
title: Managers
manager:
add: Add
delete: Delete
search:
email_placeholder: Search user by email
search: Search
user_not_found: User not found
menu:
activity: Moderator activity
debate_topics: Debate topics
@@ -55,6 +65,7 @@ en:
hidden_proposals: Hidden proposals
hidden_users: Hidden users
incomplete_verifications: Incomplete verifications
managers: Managers
moderators: Moderators
valuators: Valuators
officials: Officials

13
config/locales/admin.es.yml
View File

@@ -47,6 +47,16 @@ es:
with_confirmed_hide: Confirmados
without_confirmed_hide: Pendientes
title: Debates ocultos
managers:
index:
title: Gestores
manager:
add: Añadir como Gestor
delete: Borrar
search:
email_placeholder: Buscar usuario por email
search: Buscar
user_not_found: Usuario no encontrado
menu:
activity: Actividad de moderadores
debate_topics: Temas de debate
@@ -55,6 +65,7 @@ es:
hidden_proposals: Propuestas ocultas
hidden_users: Usuarios bloqueados
incomplete_verifications: Verificaciones incompletas
managers: Gestores
moderators: Moderadores
valuators: Evaluadores
officials: Cargos públicos
@@ -66,7 +77,7 @@ es:
index:
title: Moderadores
moderator:
add: Añadir
add: Añadir como Moderador
delete: Borrar
search:
email_placeholder: Buscar usuario por email

4
config/routes.rb
View File

@@ -165,6 +165,10 @@ Rails.application.routes.draw do
get :summary, on: :collection
end
resources :managers, only: [:index, :create, :destroy] do
get :search, on: :collection
end
resources :verifications, controller: :verifications, only: :index do
get :search, on: :collection
end

7
db/migrate/20160510161858_create_manager_role.rb Normal file
View File

@@ -0,0 +1,7 @@
class CreateManagerRole < ActiveRecord::Migration
def change
create_table :managers do |t|
t.belongs_to :user, index: true, foreign_key: true
end
end
end

9
db/schema.rb
View File

@@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20160426211658) do
ActiveRecord::Schema.define(version: 20160510161858) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"
@@ -214,6 +214,12 @@ ActiveRecord::Schema.define(version: 20160426211658) do
add_index "locks", ["user_id"], name: "index_locks_on_user_id", using: :btree
create_table "managers", force: :cascade do |t|
t.integer "user_id"
end
add_index "managers", ["user_id"], name: "index_managers_on_user_id", using: :btree
create_table "moderators", force: :cascade do |t|
t.integer "user_id"
end
@@ -510,6 +516,7 @@ ActiveRecord::Schema.define(version: 20160426211658) do
add_foreign_key "flags", "users"
add_foreign_key "identities", "users"
add_foreign_key "locks", "users"
add_foreign_key "managers", "users"
add_foreign_key "moderators", "users"
add_foreign_key "notifications", "users"
add_foreign_key "organizations", "users"

21
spec/controllers/management/sessions_controller_spec.rb
View File

@@ -6,31 +6,44 @@ describe Management::SessionsController do
it "should deny access if wrong manager credentials" do
allow_any_instance_of(ManagerAuthenticator).to receive(:auth).and_return(false)
expect { get :create, login: "nonexistent" , clave_usuario: "wrong"}.to raise_error CanCan::AccessDenied
expect(session[:manager]).to be_nil
end
it "should redirect to management root path if right credentials" do
it "should redirect to management root path if authorized manager with right credentials" do
manager = {login: "JJB033", user_key: "31415926" , date: "20151031135905"}
allow_any_instance_of(ManagerAuthenticator).to receive(:auth).and_return(manager)
get :create, login: "JJB033" , clave_usuario: "31415926", fecha_conexion: "20151031135905"
expect(response).to be_redirect
expect(session[:manager][:login]).to eq "JJB033"
end
it "should redirect to management root path if user is admin" do
sign_in create(:administrator).user
user = create(:administrator).user
sign_in user
get :create
expect(response).to be_redirect
expect(session[:manager][:login]).to eq "admin_user_#{user.id}"
end
it "should deny access if user is not admin" do
it "should redirect to management root path if user is manager" do
user = create(:manager).user
sign_in user
get :create
expect(response).to be_redirect
expect(session[:manager][:login]).to eq "manager_user_#{user.id}"
end
it "should deny access if user is not admin or manager" do
sign_in create(:user)
expect { get :create}.to raise_error CanCan::AccessDenied
expect(session[:manager]).to be_nil
end
end
describe 'Sign out' do
it "should destroy the session data and redirect" do
session[:manager] = {user_key: "31415926" , date: "20151031135905", login: "JJB033"}
session[:manager] = {user_key: "31415926", date: "20151031135905", login: "JJB033"}
session[:document_type] = "1"
session[:document_number] = "12345678Z"

4
spec/factories.rb
View File

@@ -256,6 +256,10 @@ FactoryGirl.define do
user
end
factory :manager do
user
end
factory :organization do
user
responsible_name "Johnny Utah"

37
spec/features/admin/managers_spec.rb Normal file
View File

@@ -0,0 +1,37 @@
require 'rails_helper'
feature 'Admin managers' do
background do
@admin = create(:administrator)
@user = create(:user)
@manager = create(:manager)
login_as(@admin.user)
visit admin_managers_path
end
scenario 'Index' do
expect(page).to have_content @manager.name
expect(page).to have_content @manager.email
expect(page).to_not have_content @user.name
end
scenario 'Create Manager', :js do
fill_in 'email', with: @user.email
click_button 'Search'
expect(page).to have_content @user.name
click_link 'Add'
within("#managers") do
expect(page).to have_content @user.name
end
end
scenario 'Delete Manager' do
click_link 'Delete'
within("#managers") do
expect(page).to_not have_content @manager.name
end
end
end

54
spec/features/admin_spec.rb
View File

@@ -36,6 +36,16 @@ feature 'Admin' do
expect(page).to have_content "You do not have permission to access this page"
end
scenario 'Access as a manager is not authorized' do
create(:manager, user: user)
login_as(user)
visit admin_root_path
expect(current_path).not_to eq(admin_root_path)
expect(current_path).to eq(proposals_path)
expect(page).to have_content "You do not have permission to access this page"
end
scenario 'Access as an administrator is authorized' do
login_as(administrator)
visit admin_root_path
@@ -51,6 +61,7 @@ feature 'Admin' do
expect(page).to have_link('Administration')
expect(page).to have_link('Moderation')
expect(page).to have_link('Valuation')
expect(page).to have_link('Management')
end
scenario 'Admin dashboard' do
@@ -65,47 +76,4 @@ feature 'Admin' do
expect(page).to_not have_css('#valuation_menu')
end
context 'Tags' do
let(:unfeatured_tag) { create :tag, :unfeatured, name: 'Mi barrio' }
background do
login_as(administrator)
end
scenario 'adding a new tag' do
visit admin_tags_path
fill_in 'tag_name', with: 'Papeleras'
click_on 'Create Topic'
expect(page).to have_content 'Papeleras'
end
scenario 'deleting tag' do
unfeatured_tag
visit admin_tags_path
expect(page).to have_content 'Mi barrio'
click_link 'Destroy Topic'
expect(page).not_to have_content 'Mi barrio'
end
scenario 'marking tags as featured / unfeatured' do
expect(unfeatured_tag).not_to be_featured
visit admin_tags_path
expect(page).to have_content 'Mi barrio'
check "tag_featured_#{unfeatured_tag.id}"
click_button 'Update Topic'
expect(page).to have_checked_field("tag_featured_#{unfeatured_tag.id}")
end
end
end

2
spec/features/management/account_spec.rb
View File

@@ -26,7 +26,7 @@ feature 'Account' do
expect(page).to have_content "User account deleted."
expect(user.reload.erase_reason).to eq "Deleted by manager: JJB042"
expect(user.reload.erase_reason).to eq "Deleted by manager: manager_user_#{Manager.last.user_id}"
end
end

2
spec/features/management/users_spec.rb
View File

@@ -59,7 +59,7 @@ feature 'Users' do
expect(page).to have_content "User account deleted."
expect(level_2_user.reload.erase_reason).to eq "Deleted by manager: JJB042"
expect(level_2_user.reload.erase_reason).to eq "Deleted by manager: manager_user_#{Manager.last.user_id}"
visit management_document_verifications_path
fill_in 'document_verification_document_number', with: '13579'

14
spec/features/moderation_spec.rb
View File

@@ -29,6 +29,20 @@ feature 'Moderation' do
expect(page).to have_content "You do not have permission to access this page"
end
scenario 'Access as manager is not authorized' do
create(:manager, user: user)
login_as(user)
visit root_path
expect(page).to_not have_link("Moderation")
visit moderation_root_path
expect(current_path).not_to eq(moderation_root_path)
expect(current_path).to eq(proposals_path)
expect(page).to have_content "You do not have permission to access this page"
end
scenario 'Access as a moderator is authorized' do
create(:moderator, user: user)

13
spec/features/valuation_spec.rb
View File

@@ -28,6 +28,19 @@ feature 'Valuation' do
expect(page).to have_content "You do not have permission to access this page"
end
scenario 'Access as manager is not authorized' do
create(:manager, user: user)
login_as(user)
visit root_path
expect(page).to_not have_link("Valuation")
visit valuation_root_path
expect(current_path).not_to eq(valuation_root_path)
expect(current_path).to eq(proposals_path)
expect(page).to have_content "You do not have permission to access this page"
end
scenario 'Access as a valuator is authorized' do
create(:valuator, user: user)
login_as(user)

12
spec/models/user_spec.rb
View File

@@ -121,6 +121,18 @@ describe User do
end
end
describe "manager?" do
it "is false when the user is not a manager" do
expect(subject.manager?).to be false
end
it "is true when the user is a manager" do
subject.save
create(:manager, user: subject)
expect(subject.manager?).to be true
end
end
describe "organization?" do
it "is false when the user is not an organization" do
expect(subject.organization?).to be false

8
spec/support/common_actions.rb
View File

@@ -24,12 +24,18 @@ module CommonActions
click_button 'Enter'
end
def login_as_manager
def login_as_authenticated_manager
login, user_key, date = "JJB042", "31415926", Time.now.strftime("%Y%m%d%H%M%S")
allow_any_instance_of(ManagerAuthenticator).to receive(:auth).and_return({login: login, user_key: user_key, date: date}.with_indifferent_access)
visit management_sign_in_path(login: login, clave_usuario: user_key, fecha_conexion: date)
end
def login_as_manager
manager = create(:manager)
login_as(manager.user)
visit management_sign_in_path
end
def login_managed_user(user)
allow_any_instance_of(Management::BaseController).to receive(:managed_user).and_return(user)
end