From a8c42af3de44a2f60446edd2200acb99410ba81a Mon Sep 17 00:00:00 2001 From: Mark Moser Date: Tue, 14 Feb 2017 10:17:42 -0600 Subject: [PATCH] comment policy and test updates --- app/controllers/admin/comment_controller.rb | 8 ++-- app/policies/quiz_comment_policy.rb | 16 +++---- app/views/admin/result/view.html.erb | 2 +- .../admin/comment_controller_test.rb | 46 +++++++++++++++++++ test/policies/quiz_comment_policy_test.rb | 11 +++-- 5 files changed, 64 insertions(+), 19 deletions(-) diff --git a/app/controllers/admin/comment_controller.rb b/app/controllers/admin/comment_controller.rb index cef5cff..9a12d50 100644 --- a/app/controllers/admin/comment_controller.rb +++ b/app/controllers/admin/comment_controller.rb @@ -15,12 +15,10 @@ module Admin end def create - authorize QuizComment - comment = QuizComment.create( - comment_params.merge(user_id: current_user.id, test_hash: params[:test_hash]) - ) + comment = QuizComment.new(comment_params.merge(user_id: current_user.id, test_hash: params[:test_hash])) + authorize comment - flash_message = if comment.persisted? + flash_message = if comment.save { success: "Sucessfully created comment" } else { error: "Failed to save comment" } diff --git a/app/policies/quiz_comment_policy.rb b/app/policies/quiz_comment_policy.rb index 49b850e..f4128f9 100644 --- a/app/policies/quiz_comment_policy.rb +++ b/app/policies/quiz_comment_policy.rb @@ -2,20 +2,18 @@ class QuizCommentPolicy < ApplicationPolicy # Quiz Comment Policy # - # Anyone with access to the results can comment - # Only Comment owner can edit + # Anyone who can vote on results, can comment + # Only comment owner can edit her comment + + def new? + user.acts_as_reviewer? + end def create? - user.acts_as_reviewer? + user.acts_as_reviewer? && record.candidate.reviewers.where(id: user.id).count.positive? end def update? user.acts_as_reviewer? && user.id == record.user_id end - - class Scope < Scope - def resolve - true - end - end end diff --git a/app/views/admin/result/view.html.erb b/app/views/admin/result/view.html.erb index bcc3a8b..0372f3d 100644 --- a/app/views/admin/result/view.html.erb +++ b/app/views/admin/result/view.html.erb @@ -46,7 +46,7 @@

Comments

<%= render partial: 'comment', collection: @comments, locals: { test_hash: @candidate.test_hash } %> - <% if policy(QuizComment).create? %> + <% if policy(QuizComment).new? %> <%= render partial: 'comment_form', locals: {comment: @comment, test_hash: @candidate.test_hash } %> <% end %>
diff --git a/test/controllers/admin/comment_controller_test.rb b/test/controllers/admin/comment_controller_test.rb index d864127..0c2bf00 100644 --- a/test/controllers/admin/comment_controller_test.rb +++ b/test/controllers/admin/comment_controller_test.rb @@ -14,6 +14,17 @@ module Admin refute_equal comment.message, QuizComment.find_by(id: comment.id).message end + test "should require message to update" do + auth_manager + comment = quiz_comments(:com5) + post admin_update_comment_url(test_hash: comment.test_hash, id: comment.id), + params: { quiz_comment: { message: '' } } + + assert_redirected_to admin_result_url(test_hash: comment.test_hash) + assert flash[:error] + assert_equal comment.message, QuizComment.find_by(id: comment.id).message + end + test "should post create" do auth_reviewer candidate = candidates(:stacy) @@ -26,5 +37,40 @@ module Admin assert_redirected_to admin_result_url(test_hash: candidate.test_hash) assert flash[:success] end + + test "should require comment to create" do + auth_reviewer + candidate = candidates(:stacy) + + assert_difference("QuizComment.count", 0) do + post admin_create_comment_url(test_hash: candidate.test_hash), + params: { quiz_comment: { message: '' } } + end + + assert_redirected_to admin_result_url(test_hash: candidate.test_hash) + assert flash[:error] + end + + test "should not edit others comments" do + auth_reviewer + comment = quiz_comments(:com5) + post admin_update_comment_url(test_hash: comment.test_hash, id: comment.id), + params: { quiz_comment: { message: 'updated comment' } } + + assert_redirected_to admin_login_url + assert_equal comment.message, QuizComment.find_by(id: comment.id).message + end + + test "can not comment on Gustov" do + auth_reviewer + candidate = candidates(:gustov) + + assert_difference("QuizComment.count", 0) do + post admin_create_comment_url(test_hash: candidate.test_hash), + params: { quiz_comment: { message: 'this is a test comment' } } + end + + assert_redirected_to admin_login_url + end end end diff --git a/test/policies/quiz_comment_policy_test.rb b/test/policies/quiz_comment_policy_test.rb index 518681f..6298093 100644 --- a/test/policies/quiz_comment_policy_test.rb +++ b/test/policies/quiz_comment_policy_test.rb @@ -9,11 +9,14 @@ class QuizCommentPolicyTest < PolicyAssertions::Test end def test_create - assert_permit users(:admin), QuizComment - assert_permit users(:manager), QuizComment - assert_permit users(:reviewer), QuizComment + candidate = candidates(:stacy) + comment = QuizComment.new(test_hash: candidate.test_hash) - refute_permit users(:recruiter), QuizComment + assert_permit users(:manager), comment + assert_permit users(:reviewer), comment + + refute_permit users(:admin), comment + refute_permit users(:recruiter), comment end def test_update