aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--site/app/models/vote.rb19
-rw-r--r--site/lib/permissions/set.rb34
-rw-r--r--site/spec/models/vote_spec.rb23
3 files changed, 52 insertions, 24 deletions
diff --git a/site/app/models/vote.rb b/site/app/models/vote.rb
index 00c64a7..5480f1b 100644
--- a/site/app/models/vote.rb
+++ b/site/app/models/vote.rb
@@ -1,3 +1,4 @@
+require 'permissions/set.rb'
class Vote < ActiveRecord::Base
hobo_model # Don't put anything above this
@@ -7,7 +8,7 @@ class Vote < ActiveRecord::Base
end
belongs_to :voting_option, :null => false
- belongs_to :user, :null => false
+ belongs_to :user, :null => false, :creator => true
index [:voting_option_id, :user_id], :unique => true
@@ -15,19 +16,14 @@ class Vote < ActiveRecord::Base
validates_presence_of :user
validates_uniqueness_of :voting_option_id, :scope => :user_id
validate :user_voted_only_once
- validate :user_is_council_member
# --- Permissions --- #
def create_permitted?
- false
+ user_is?(acting_user)
end
- def update_permitted?
- false
- end
-
- def destroy_permitted?
- false
+ multi_permission(:update, :destroy) do
+ user_is?(acting_user) and not user_changed?
end
def view_permitted?(field)
@@ -46,9 +42,4 @@ class Vote < ActiveRecord::Base
errors.add(:user, 'User can vote only once per agenda item.')
end
end
-
- def user_is_council_member
- return if user.nil?
- errors.add(:user, 'Only council members can vote.') unless user.council_member?
- end
end
diff --git a/site/lib/permissions/set.rb b/site/lib/permissions/set.rb
new file mode 100644
index 0000000..9f78c97
--- /dev/null
+++ b/site/lib/permissions/set.rb
@@ -0,0 +1,34 @@
+# File from Gentoo Recruiters Web App:
+# http://git.overlays.gentoo.org/gitweb/?p=proj/recruiting-webapp.git
+#
+# Copyright (C) 2010 Joachim Filip Bartosik
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, version 3 of the License
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+AllPermissions = [:create, :update, :destroy, :view, :edit]
+
+# Block will be used to determine chosen permission
+def one_permission(permission, &block)
+ define_method("#{permission.to_s}_permitted?", &block)
+end
+
+# Block will be used to determine chosen permissions
+def multi_permission(*permission_list, &block)
+ permission_list.flatten.each do |target|
+ one_permission(target, &block)
+ end
+end
+
+# Block will be used to determine all permission
+def single_permission(&block)
+ multi_permission(AllPermissions, &block)
+end
diff --git a/site/spec/models/vote_spec.rb b/site/spec/models/vote_spec.rb
index 9936829..aa9f2e8 100644
--- a/site/spec/models/vote_spec.rb
+++ b/site/spec/models/vote_spec.rb
@@ -1,7 +1,16 @@
require 'spec_helper'
describe Vote do
- it 'should not allow anyone to create update or destroy to anyone' do
+ it 'should allow anyone to create, update and destroy their own votes' do
+ for u in users_factory(AllRoles - [:guest]) do
+ vote = Factory(:vote, :user => u)
+ vote.should be_creatable_by(u)
+ vote.should be_updatable_by(u)
+ vote.should be_destroyable_by(u)
+ end
+ end
+
+ it 'should not allow anyone to create, update and destroy vote of someone else' do
vote = Factory(:vote)
for u in users_factory(AllRoles) do
vote.should_not be_creatable_by(u)
@@ -10,25 +19,19 @@ describe Vote do
end
end
- it 'should anyone to view' do
+ it 'should allow anyone to view' do
vote = Factory(:vote)
for u in users_factory(AllRoles) do
vote.should be_viewable_by(u)
end
end
- it 'should allow council members to vote' do
- for u in users_factory(:council, :council_admin) do
+ it 'should allow all users to vote' do
+ for u in users_factory(AllRoles - [:guest]) do
Vote.new(:user => u, :voting_option => Factory(:voting_option)).should be_valid
end
end
- it 'should prevent non-council members from voting' do
- for u in users_factory(:user, :admin) do
- Vote.new(:user => u, :voting_option => Factory(:voting_option)).should_not be_valid
- end
- end
-
it 'should prevent users from voting multiple times' do
v = Factory(:vote)
o = Factory(:voting_option, :agenda_item => v.voting_option.agenda_item, :description => 'other option')