From ed6a4a1b95e212d657fbf4799e49a32678bf63e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javi=20Mart=C3=ADn?= <javim@elretirao.net>
Date: Sat, 9 Nov 2019 15:02:32 +0100
Subject: [PATCH] Don't generate stats for budget polls

The link to show stats for these polls is nowhere to be seen in the
application, and these stats are included in the budget stats, so it
makes sense to restrict access to them.
---
 app/models/abilities/everyone.rb       | 4 ++--
 spec/models/abilities/everyone_spec.rb | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/models/abilities/everyone.rb b/app/models/abilities/everyone.rb
index e2a59c140..89a29f4b9 100644
--- a/app/models/abilities/everyone.rb
+++ b/app/models/abilities/everyone.rb
@@ -7,8 +7,8 @@ module Abilities
       can [:read, :map, :summary, :share], Proposal
       can :read, Comment
       can :read, Poll
-      can :results, Poll, id: Poll.expired.results_enabled.ids
-      can :stats, Poll, id: Poll.expired.stats_enabled.ids
+      can :results, Poll, id: Poll.expired.results_enabled.not_budget.ids
+      can :stats, Poll, id: Poll.expired.stats_enabled.not_budget.ids
       can :read, Poll::Question
       can :read, User
       can [:read, :welcome], Budget
diff --git a/spec/models/abilities/everyone_spec.rb b/spec/models/abilities/everyone_spec.rb
index 899639a60..cfdbbf932 100644
--- a/spec/models/abilities/everyone_spec.rb
+++ b/spec/models/abilities/everyone_spec.rb
@@ -34,10 +34,12 @@ describe Abilities::Everyone do
   it { should be_able_to(:results, create(:poll, :expired, results_enabled: true)) }
   it { should_not be_able_to(:results, create(:poll, :expired, results_enabled: false)) }
   it { should_not be_able_to(:results, create(:poll, :current, results_enabled: true)) }
+  it { should_not be_able_to(:results, create(:poll, :for_budget, :expired, results_enabled: true)) }
 
   it { should be_able_to(:stats, create(:poll, :expired, stats_enabled: true)) }
   it { should_not be_able_to(:stats, create(:poll, :expired, stats_enabled: false)) }
   it { should_not be_able_to(:stats, create(:poll, :current, stats_enabled: true)) }
+  it { should_not be_able_to(:stats, create(:poll, :for_budget, :expired, stats_enabled: true)) }
 
   it { should be_able_to(:read_results, create(:budget, :finished, results_enabled: true)) }
   it { should_not be_able_to(:read_results, create(:budget, :finished, results_enabled: false)) }