Skip to content

Commit

Permalink
adds petition button on organizations/show page, plus bug fix and sec…
Browse files Browse the repository at this point in the history
…urity fix
  • Loading branch information
nflorentin committed Dec 6, 2023
1 parent 12affd6 commit eae4404
Show file tree
Hide file tree
Showing 6 changed files with 86 additions and 22 deletions.
5 changes: 3 additions & 2 deletions app/controllers/petitions_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ class PetitionsController < ApplicationController

def create
petition = Petition.new petition_params
petition.status = "pending"

if petition.save
OrganizationNotifier.new_petition(petition).deliver_now
Expand All @@ -13,7 +14,7 @@ def create
flash[:error] = t('errors.internal_server_error.description')
end

redirect_to organizations_path
redirect_back fallback_location: organization_path(petition.organization)
end

def update
Expand All @@ -38,6 +39,6 @@ def manage
private

def petition_params
params.permit(%i[organization_id user_id status])
params.permit(%i[organization_id user_id])
end
end
19 changes: 1 addition & 18 deletions app/views/organizations/_organizations_row.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -5,23 +5,6 @@
<td><%= link_to(org.web, org.web) if org.web.present? %></td>
<td><%= org.members.count %></td>
<td>
<% if current_user %>
<% petition = current_user.petitions.where(organization_id: org.id).last %>

<% if member = Member.where(user: current_user, organization: org).first %>
<%= link_to t('users.user_rows.delete_membership'),
member,
method: :delete,
data: { confirm: t('users.user_rows.sure_delete', organization_name: org.name) },
class: 'btn btn-danger' %>
<% elsif petition && !current_user.was_member?(petition) %>
<span class="badge"><%= petition.status %></span>
<% else %>
<%= link_to t('petitions.apply'),
petitions_path(user_id: current_user.id, organization_id: org.id, status: 'pending'),
method: :post,
class: 'btn btn-default' %>
<% end %>
<% end %>
<%= render "organizations/petition_button", organization: org %>
</td>
</tr>
18 changes: 18 additions & 0 deletions app/views/organizations/_petition_button.html.erb
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
<% if current_user %>
<% petition = current_user.petitions.where(organization_id: organization.id).last %>

<% if member = Member.where(user: current_user, organization: organization).first %>
<%= link_to t('users.user_rows.delete_membership'),
member,
method: :delete,
data: { confirm: t('users.user_rows.sure_delete', organization_name: organization.name) },
class: 'btn btn-danger' %>
<% elsif petition && !current_user.was_member?(petition) %>
<span class="badge"><%= petition.status %></span>
<% else %>
<%= link_to t('petitions.apply'),
petitions_path(user_id: current_user.id, organization_id: organization.id),
method: :post,
class: 'btn btn-default' %>
<% end %>
<% end %>
3 changes: 2 additions & 1 deletion app/views/organizations/show.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@
</div>
<div class="col-sm-5">
<ul class="nav nav-pills pull-right">
<% if admin? %>
<% if current_user&.manages?(@organization) %>
<li>
<%= link_to edit_organization_path(@organization) do %>
<%= glyph :pencil %>
Expand All @@ -101,6 +101,7 @@
</li>
<% end %>
</ul>
<%= render "organizations/petition_button", organization: @organization %>
</div>
</div>

Expand Down
5 changes: 4 additions & 1 deletion spec/controllers/petitions_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,12 @@
before { login(user) }

it 'creates the petition' do
request.env['HTTP_REFERER'] = organization_path(organization)

expect do
post :create, params: { user_id: user.id, organization_id: organization.id }
end.to change(Petition, :count).by(1)
expect(response).to redirect_to(organization_path(organization))
end
end

Expand All @@ -35,7 +38,7 @@

describe 'GET #manage' do
before do
allow(controller).to receive(:current_organization) { organization }
allow(controller).to receive(:current_organization) { organization }
login(admin.user)
end
let!(:petition) { Petition.create(user: user, organization: organization, status: 'pending') }
Expand Down
58 changes: 58 additions & 0 deletions spec/views/organizations/show.html.erb_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -59,5 +59,63 @@
it 'displays the organization page' do
expect(rendered).to match(organization.name)
end

it 'displays link to delete the member' do
expect(rendered).to have_link(
t('users.user_rows.delete_membership'),
href: member_path(member)
)
end
end

context 'with a logged user (but not organization member)' do
let(:user) { Fabricate(:user) }

before do
allow(view).to receive(:current_user).and_return(user)

assign :movements, Movement.page
render template: 'organizations/show'
end

it 'displays link to create petition' do
expect(rendered).to have_link(
t('petitions.apply'),
href: petitions_path(user_id: user.id, organization_id: organization.id)
)
end
end

context 'with a logged admin' do
let(:admin) { Fabricate(:member, organization: organization, manager: true) }
let(:user) { admin.user }

before do
allow(view).to receive(:current_user).and_return(user)

assign :movements, Movement.page
render template: 'organizations/show'
end

it 'has link to edit organization' do
expect(rendered).to have_link(t('global.edit'), href: edit_organization_path(organization))
end
end

context 'with a logged admin from other organization' do
let(:other_organization) { Fabricate(:organization) }
let(:admin) { Fabricate(:member, organization: other_organization, manager: true) }
let(:user) { admin.user }

before do
allow(view).to receive(:current_user).and_return(user)

assign :movements, Movement.page
render template: 'organizations/show'
end

it 'does not have link to edit organization' do
expect(rendered).to_not have_link(t('global.edit'), href: edit_organization_path(organization))
end
end
end

0 comments on commit eae4404

Please sign in to comment.