From 93aa447e40d59bd978581e11fd60ae4c668caa4c Mon Sep 17 00:00:00 2001
From: Joachim Filip Ignacy Bartosik <jbartosik@gmail.com>
Date: Wed, 29 Jun 2011 18:54:05 +0200
Subject: Allow all users to vote

---
 site/app/models/vote.rb       | 19 +++++--------------
 site/lib/permissions/set.rb   | 34 ++++++++++++++++++++++++++++++++++
 site/spec/models/vote_spec.rb | 23 +++++++++++++----------
 3 files changed, 52 insertions(+), 24 deletions(-)
 create mode 100644 site/lib/permissions/set.rb

(limited to 'site')

diff --git a/site/app/models/vote.rb b/site/app/models/vote.rb
index 00c64a7..5480f1b 100644
--- a/site/app/models/vote.rb
+++ b/site/app/models/vote.rb
@@ -1,3 +1,4 @@
+require 'permissions/set.rb'
 class Vote < ActiveRecord::Base
 
   hobo_model # Don't put anything above this
@@ -7,7 +8,7 @@ class Vote < ActiveRecord::Base
   end
 
   belongs_to :voting_option, :null => false
-  belongs_to :user, :null => false
+  belongs_to :user, :null => false, :creator => true
 
   index [:voting_option_id, :user_id], :unique => true
 
@@ -15,19 +16,14 @@ class Vote < ActiveRecord::Base
   validates_presence_of :user
   validates_uniqueness_of :voting_option_id, :scope => :user_id
   validate :user_voted_only_once
-  validate :user_is_council_member
   # --- Permissions --- #
 
   def create_permitted?
-    false
+    user_is?(acting_user)
   end
 
-  def update_permitted?
-    false
-  end
-
-  def destroy_permitted?
-    false
+  multi_permission(:update, :destroy) do
+    user_is?(acting_user) and not user_changed?
   end
 
   def view_permitted?(field)
@@ -46,9 +42,4 @@ class Vote < ActiveRecord::Base
         errors.add(:user, 'User can vote only once per agenda item.')
       end
     end
-
-    def user_is_council_member
-      return if user.nil?
-      errors.add(:user, 'Only council members can vote.') unless user.council_member?
-    end
 end
diff --git a/site/lib/permissions/set.rb b/site/lib/permissions/set.rb
new file mode 100644
index 0000000..9f78c97
--- /dev/null
+++ b/site/lib/permissions/set.rb
@@ -0,0 +1,34 @@
+#   File from Gentoo Recruiters Web App:
+#   http://git.overlays.gentoo.org/gitweb/?p=proj/recruiting-webapp.git
+#
+#   Copyright (C) 2010 Joachim Filip Bartosik
+#
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU Affero General Public License as
+#   published by the Free Software Foundation, version 3 of the License
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU Affero General Public License for more details.
+#
+#   You should have received a copy of the GNU Affero General Public License
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+AllPermissions = [:create, :update, :destroy, :view, :edit]
+
+# Block will be used to determine chosen permission
+def one_permission(permission,  &block)
+    define_method("#{permission.to_s}_permitted?", &block)
+end
+
+# Block will be used to determine chosen permissions
+def multi_permission(*permission_list,  &block)
+  permission_list.flatten.each do |target|
+    one_permission(target, &block)
+  end
+end
+
+# Block will be used to determine all permission
+def single_permission(&block)
+  multi_permission(AllPermissions, &block)
+end
diff --git a/site/spec/models/vote_spec.rb b/site/spec/models/vote_spec.rb
index 9936829..aa9f2e8 100644
--- a/site/spec/models/vote_spec.rb
+++ b/site/spec/models/vote_spec.rb
@@ -1,7 +1,16 @@
 require 'spec_helper'
 
 describe Vote do
-  it 'should not allow anyone to create update or destroy to anyone' do
+  it 'should allow anyone to create, update and destroy their own votes' do
+    for u in users_factory(AllRoles - [:guest]) do
+      vote = Factory(:vote, :user => u)
+      vote.should be_creatable_by(u)
+      vote.should be_updatable_by(u)
+      vote.should be_destroyable_by(u)
+    end
+  end
+
+  it 'should not allow anyone to create, update and destroy vote of someone else' do
     vote = Factory(:vote)
     for u in users_factory(AllRoles) do
       vote.should_not be_creatable_by(u)
@@ -10,25 +19,19 @@ describe Vote do
     end
   end
 
-  it 'should anyone to view' do
+  it 'should allow anyone to view' do
     vote = Factory(:vote)
     for u in users_factory(AllRoles) do
       vote.should be_viewable_by(u)
     end
   end
 
-  it 'should allow council members to vote' do
-    for u in users_factory(:council, :council_admin) do
+  it 'should allow all users to vote' do
+    for u in users_factory(AllRoles - [:guest]) do
       Vote.new(:user => u, :voting_option => Factory(:voting_option)).should be_valid
     end
   end
 
-  it 'should prevent non-council members from voting' do
-    for u in users_factory(:user, :admin) do
-      Vote.new(:user => u, :voting_option => Factory(:voting_option)).should_not be_valid
-    end
-  end
-
   it 'should prevent users from voting multiple times' do
     v = Factory(:vote)
     o = Factory(:voting_option, :agenda_item => v.voting_option.agenda_item, :description => 'other option')
-- 
cgit v1.2.3-65-gdbad