Skip to content

Commit

Permalink
Fix entrant service detail policy and add spec for manage service page
Browse files Browse the repository at this point in the history
  • Loading branch information
moveson committed Dec 18, 2024
1 parent 73496b7 commit 58aa64f
Show file tree
Hide file tree
Showing 19 changed files with 68 additions and 1 deletion.
4 changes: 4 additions & 0 deletions app/models/user.rb
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,10 @@ def should_generate_new_friendly_id?
slug.blank? || first_name_changed? || last_name_changed?
end

def associated_with_entrant?(lottery_entrant)
::LotteryEntrant.belonging_to_user(self).include?(lottery_entrant)
end

def authorized_for_lotteries?(resource)
admin? || owner_of?(resource) || lottery_steward_of?(resource)
end
Expand Down
2 changes: 1 addition & 1 deletion app/policies/lotteries/entrant_service_detail_policy.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ def post_initialize(service_detail)
end

def show?
user.email == lottery_entrant.email || user.steward_of?(organization)
user.admin? || user.associated_with_entrant?(lottery_entrant) || user.steward_of?(organization)
end

def attach_completed_form?
Expand Down
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
63 changes: 63 additions & 0 deletions spec/system/lotteries/manage_service_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# frozen_string_literal: true

require "rails_helper"

RSpec.describe "manage lottery service", js: true do
let(:admin) { users(:admin_user) }
let(:steward) { users(:fifth_user) }
let(:user) { users(:fourth_user) }

before do
organization.stewards << steward
end

let(:lottery) { lotteries(:lottery_with_tickets_and_draws) }
let(:organization) { lottery.organization }
let(:entrant) { lottery_entrants(:lottery_entrant_0004) }
let(:person) { people(:bruno_fadel) }

before { lottery.update(status: :finished) }

scenario "user who is an admin" do
login_as admin, scope: :user
visit_page

expect(page).to have_current_path(organization_lottery_entrant_service_detail_path(organization, lottery, entrant))
end

scenario "user who is a steward" do
login_as steward, scope: :user
visit_page

expect(page).to have_current_path(organization_lottery_entrant_service_detail_path(organization, lottery, entrant))
end

scenario "user who has the same email as the entrant" do
entrant.update!(email: user.email)
login_as user, scope: :user
visit_page

expect(page).to have_current_path(organization_lottery_entrant_service_detail_path(organization, lottery, entrant))
end

scenario "user who has the same person" do
entrant.update!(person: person)
person.update!(claimant: user)
login_as user, scope: :user
visit_page

expect(page).to have_current_path(organization_lottery_entrant_service_detail_path(organization, lottery, entrant))
end

scenario "user who is not associated" do
login_as user, scope: :user
visit_page

expect(page).to have_current_path(root_path)
expect(page).to have_text("Access denied")
end

def visit_page
visit organization_lottery_entrant_service_detail_path(organization, lottery, entrant)
end
end
File renamed without changes.

0 comments on commit 58aa64f

Please sign in to comment.