Merge pull request #4762 from consul/fix_edit_investment_permission

Remove redundant permissions to edit/create records
2021-12-30 18:48:08 +01:00
parent 336c055484 c34fc7f0b8
commit fecfbfdf88
3 changed files with 9 additions and 9 deletions
--- a/app/models/abilities/administrator.rb
+++ b/app/models/abilities/administrator.rb
@@ -52,16 +52,16 @@ module Abilities
      can :comment_as_administrator, [Debate, Comment, Proposal, Poll::Question, Budget::Investment,
                                      Legislation::Question, Legislation::Proposal, Legislation::Annotation, Topic]

-      can [:search, :create, :index, :destroy, :edit, :update], ::Administrator
+      can [:search, :create, :index, :destroy, :update], ::Administrator
      can [:search, :create, :index, :destroy], ::Moderator
-      can [:search, :show, :edit, :update, :create, :index, :destroy, :summary], ::Valuator
+      can [:search, :show, :update, :create, :index, :destroy, :summary], ::Valuator
      can [:search, :create, :index, :destroy], ::Manager
      can [:create, :read, :destroy], ::SDG::Manager
      can [:search, :index], ::User

      can :manage, Dashboard::Action

-      can [:index, :read, :new, :create, :update, :destroy], Budget
+      can [:index, :read, :create, :update, :destroy], Budget
      can :publish, Budget, id: Budget.drafting.ids
      can :calculate_winners, Budget, &:reviewing_ballots?
      can :read_results, Budget do |budget|
@@ -79,9 +79,9 @@ module Abilities

      can :read_admin_stats, Budget, &:balloting_or_later?

-      can [:search, :edit, :update, :create, :index, :destroy], Banner
+      can [:search, :update, :create, :index, :destroy], Banner

-      can [:index, :create, :edit, :update, :destroy], Geozone
+      can [:index, :create, :update, :destroy], Geozone

      can [:read, :create, :update, :destroy, :add_question, :search_booths, :search_officers, :booth_assignments], Poll
      can [:read, :create, :update, :destroy, :available], Poll::Booth
--- a/app/models/abilities/common.rb
+++ b/app/models/abilities/common.rb
@@ -39,9 +39,6 @@ module Abilities
      can [:retire_form, :retire], Proposal, author_id: user.id

      can :read, Legislation::Proposal
-      cannot [:edit, :update], Legislation::Proposal do |proposal|
-        proposal.editable_by?(user)
-      end
      can [:retire_form, :retire], Legislation::Proposal, author_id: user.id

      can :create, Comment
@@ -95,7 +92,6 @@ module Abilities
        can :create, Legislation::Answer

        can :create, Budget::Investment,               budget: { phase: "accepting" }
-        can :edit, Budget::Investment,                 budget: { phase: "accepting" }, author_id: user.id
        can :update, Budget::Investment,               budget: { phase: "accepting" }, author_id: user.id
        can :suggest, Budget::Investment,              budget: { phase: "accepting" }
        can :destroy, Budget::Investment,              budget: { phase: ["accepting", "reviewing"] }, author_id: user.id
--- a/spec/models/abilities/common_spec.rb
+++ b/spec/models/abilities/common_spec.rb
@@ -14,6 +14,7 @@ describe Abilities::Common do
  let(:own_debate)   { create(:debate,   author: user) }
  let(:own_comment)  { create(:comment,  author: user) }
  let(:own_proposal) { create(:proposal, author: user) }
+  let(:own_legislation_proposal) { create(:legislation_proposal, author: user) }

  let(:accepting_budget) { create(:budget, :accepting) }
  let(:reviewing_budget) { create(:budget, :reviewing) }
@@ -167,6 +168,9 @@ describe Abilities::Common do
    it { should_not be_able_to(:destroy, proposal_document)      }
  end

+  it { should_not be_able_to(:edit, own_legislation_proposal) }
+  it { should_not be_able_to(:update, own_legislation_proposal) }
+
  describe "proposals dashboard" do
    it { should be_able_to(:dashboard, own_proposal) }
    it { should_not be_able_to(:dashboard, proposal) }