comment policy and test updates

2017-02-14 10:17:42 -06:00 · 2017-02-14 10:17:42 -06:00 · a8c42af3de
commit a8c42af3de
parent 906b62247b
5 changed files with 64 additions and 19 deletions
--- a/app/controllers/admin/comment_controller.rb
+++ b/app/controllers/admin/comment_controller.rb
@ -15,12 +15,10 @@ module Admin
    end

    def create
-      authorize QuizComment
-      comment = QuizComment.create(
-        comment_params.merge(user_id: current_user.id, test_hash: params[:test_hash])
-      )
+      comment = QuizComment.new(comment_params.merge(user_id: current_user.id, test_hash: params[:test_hash]))
+      authorize comment

-      flash_message = if comment.persisted?
+      flash_message = if comment.save
                        { success: "Sucessfully created comment" }
                      else
                        { error: "Failed to save comment" }
--- a/app/policies/quiz_comment_policy.rb
+++ b/app/policies/quiz_comment_policy.rb
@ -2,20 +2,18 @@
 class QuizCommentPolicy < ApplicationPolicy
  # Quiz Comment Policy
  #
-  # Anyone with access to the results can comment
-  # Only Comment owner can edit
+  # Anyone who can vote on results, can comment
+  # Only comment owner can edit her comment
+
+  def new?
+    user.acts_as_reviewer?
+  end

  def create?
-    user.acts_as_reviewer?
+    user.acts_as_reviewer? && record.candidate.reviewers.where(id: user.id).count.positive?
  end

  def update?
    user.acts_as_reviewer? && user.id == record.user_id
  end
-
-  class Scope < Scope
-    def resolve
-      true
-    end
-  end
 end
--- a/app/views/admin/result/view.html.erb
+++ b/app/views/admin/result/view.html.erb
@ -46,7 +46,7 @@
  <div class="review-comments">
    <h2 class="prft-heading">Comments</h2>
    <%= render partial: 'comment', collection: @comments, locals: { test_hash: @candidate.test_hash } %>
-    <% if policy(QuizComment).create? %>
+    <% if policy(QuizComment).new? %>
      <%= render partial: 'comment_form', locals: {comment: @comment, test_hash: @candidate.test_hash } %>
    <% end %>
  </div>
--- a/test/controllers/admin/comment_controller_test.rb
+++ b/test/controllers/admin/comment_controller_test.rb
@ -14,6 +14,17 @@ module Admin
      refute_equal comment.message, QuizComment.find_by(id: comment.id).message
    end

+    test "should require message to update" do
+      auth_manager
+      comment = quiz_comments(:com5)
+      post admin_update_comment_url(test_hash: comment.test_hash, id: comment.id),
+           params: { quiz_comment: { message: '' } }
+
+      assert_redirected_to admin_result_url(test_hash: comment.test_hash)
+      assert flash[:error]
+      assert_equal comment.message, QuizComment.find_by(id: comment.id).message
+    end
+
    test "should post create" do
      auth_reviewer
      candidate = candidates(:stacy)
@ -26,5 +37,40 @@ module Admin
      assert_redirected_to admin_result_url(test_hash: candidate.test_hash)
      assert flash[:success]
    end
+
+    test "should require comment to create" do
+      auth_reviewer
+      candidate = candidates(:stacy)
+
+      assert_difference("QuizComment.count", 0) do
+        post admin_create_comment_url(test_hash: candidate.test_hash),
+             params: { quiz_comment: { message: '' } }
+      end
+
+      assert_redirected_to admin_result_url(test_hash: candidate.test_hash)
+      assert flash[:error]
+    end
+
+    test "should not edit others comments" do
+      auth_reviewer
+      comment = quiz_comments(:com5)
+      post admin_update_comment_url(test_hash: comment.test_hash, id: comment.id),
+           params: { quiz_comment: { message: 'updated comment' } }
+
+      assert_redirected_to admin_login_url
+      assert_equal comment.message, QuizComment.find_by(id: comment.id).message
+    end
+
+    test "can not comment on Gustov" do
+      auth_reviewer
+      candidate = candidates(:gustov)
+
+      assert_difference("QuizComment.count", 0) do
+        post admin_create_comment_url(test_hash: candidate.test_hash),
+             params: { quiz_comment: { message: 'this is a test comment' } }
+      end
+
+      assert_redirected_to admin_login_url
+    end
  end
 end
--- a/test/policies/quiz_comment_policy_test.rb
+++ b/test/policies/quiz_comment_policy_test.rb
@ -9,11 +9,14 @@ class QuizCommentPolicyTest < PolicyAssertions::Test
  end

  def test_create
-    assert_permit users(:admin), QuizComment
-    assert_permit users(:manager), QuizComment
-    assert_permit users(:reviewer), QuizComment
+    candidate = candidates(:stacy)
+    comment = QuizComment.new(test_hash: candidate.test_hash)

-    refute_permit users(:recruiter), QuizComment
+    assert_permit users(:manager), comment
+    assert_permit users(:reviewer), comment
+
+    refute_permit users(:admin), comment
+    refute_permit users(:recruiter), comment
  end

  def test_update