From f879f9e6264b0ee3aaf150500a4ba37bedbfd332 Mon Sep 17 00:00:00 2001 From: Joachim Filip Ignacy Bartosik Date: Fri, 13 Aug 2010 18:35:31 +0200 Subject: Document modules Permissions and RichTypes --- app/models/answer.rb | 40 +++++++++++++++++++++++++++------------- spec/models/answer_spec.rb | 16 +++++++++++++++- 2 files changed, 42 insertions(+), 14 deletions(-) diff --git a/app/models/answer.rb b/app/models/answer.rb index c086bf4..6e31c4d 100644 --- a/app/models/answer.rb +++ b/app/models/answer.rb @@ -45,29 +45,42 @@ class Answer < ActiveRecord::Base after_create :notify_new_answer after_update :notify_changed_answer - multi_permission :update, :destroy do + def update_permitted? # It's fine to change correct, because it's ignored in non-email answers # and email answers have separate permissions - (owned? && !reference && !approved) || - (reference && acting_user.role.is_recruiter?) || - (only_changed?(:approved, :correct) && owner.mentor_is?(acting_user)) + return true if owned? && !reference && !approved + return true if reference && acting_user.role.is_recruiter? + return true if only_changed?(:approved, :correct) && owner.mentor_is?(acting_user) + + false + end + + def destroy_permitted? + return true if owned? && !reference + return true if reference && acting_user.role.is_recruiter? + + false end def create_permitted? - (owned_soft? && !reference)||(reference && acting_user.role.is_recruiter?) + return true if owned_soft? && !reference && !approved + return true if reference && acting_user.role.is_recruiter? + false end # Proper edit permissions can't be deduced, because we need to access value # of some fields to set them def edit_permitted?(field) - owned_soft? || - owner.mentor_is?(acting_user) || - (reference && acting_user.signed_up? && acting_user.role.is_recruiter?) + return true if owned_soft? + return true if owner.mentor_is?(acting_user) + return true if reference && acting_user.signed_up? && acting_user.role.is_recruiter? + false end def content_edit_permitted? - owned_soft? || - (reference && acting_user.signed_up? && acting_user.role.is_recruiter?) + return true if owned_soft? + return true if reference && acting_user.signed_up? && acting_user.role.is_recruiter? + false end def feedback_edit_permitted? @@ -83,9 +96,10 @@ class Answer < ActiveRecord::Base end def view_permitted?(field) - owned_soft? || - acting_user.role.is_recruiter? || - owner._?.mentor_is?(acting_user) + return true if owned_soft? + return true if acting_user.role.is_recruiter? + return true if owner.mentor_is?(acting_user) + false end # Returns hash containing updated answer attributes. diff --git a/spec/models/answer_spec.rb b/spec/models/answer_spec.rb index e5e127e..9a60bb8 100644 --- a/spec/models/answer_spec.rb +++ b/spec/models/answer_spec.rb @@ -217,7 +217,7 @@ describe Answer do end it "should allow editing of reference only to recruiters on new answers" do - answer = Answer.new(:reference => true) + answer = Answer.new(:reference => true, :owner => Factory(:recruiter)) answer.should be_editable_by(Factory(:recruiter), :reference) answer.should_not be_editable_by(Factory(:recruit), :reference) answer.should_not be_editable_by(Factory(:mentor), :reference) @@ -316,6 +316,20 @@ describe Answer do end Answer.wrong_answers_of(recruit).count.should == Answer.wrong_answers_of(recruit).uniq.count + end + + it "should prohibit mentor of owner to destroy" do + a = Factory(:answer) + a.should_not be_destroyable_by(a.owner.mentor) + end + it "should allow editing of reference only to recruiters" do + for user in fabricate_users(:recruit, :mentor) + Answer.new(:owner => user).should_not be_editable_by(user, :reference) + end + + for user in fabricate_users(:recruiter, :administrator) + Answer.new(:owner => user).should be_editable_by(user, :reference) + end end end -- cgit v1.2.3-65-gdbad