volunteer policies

e484e754 · Chrysanthi Lagodimou · a60db43f · e484e754 · e484e754 · e484e754
Commit e484e754 authored Jan 19, 2018 by Chrysanthi Lagodimou
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -13,6 +13,7 @@ class User < ApplicationRecord

  has_many :certificates
  has_many :clients
+  has_many :volunteers, inverse_of: 'registrar', foreign_key: 'registrar_id'
  has_many :involved_authorities, class_name: 'Client'
  has_many :journals
  has_many :assignments, inverse_of: 'creator', foreign_key: 'creator_id'

--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@@ -64,6 +64,10 @@ class ApplicationPolicy
    record.class != Class && record.user_id == user.id
  end

+  def user_owns_registration?
+    record.class != Class && record.registrar_id == user.id
+  end
+
  def volunteers_entry?
    volunteer? && record.author_id == user.id
  end
@@ -84,6 +88,10 @@ class ApplicationPolicy
    superadmin? || department_manager? && user_owns_record?
  end

+  def superadmin_or_department_managers_registration?
+    superadmin? || department_manager? && user_owns_registration?
+  end
+
  def superadmin_or_user_in_records_related?
    superadmin? || record.user_ids.include?(user.id)
  end

--- a/app/policies/volunteer_policy.rb
+++ b/app/policies/volunteer_policy.rb
@@ -8,26 +8,22 @@ class VolunteerPolicy < ApplicationPolicy
    alias :seeking_clients :resolve
  end

+  def volunteer_managing_or_volunteers_profile?
+    superadmin_or_department_manager_or_social_worker? || user_owns_record?
+  end
+
  # controller action policies
  alias_method :index?,           :superadmin_or_department_manager_or_social_worker?
-  alias_method :seeking_clients?, :superadmin_or_department_manager?
-
  alias_method :search?,          :superadmin_or_department_manager_or_social_worker?
  alias_method :new?,             :superadmin_or_department_manager_or_social_worker?
  alias_method :create?,          :superadmin_or_department_manager_or_social_worker?
-
+  alias_method :seeking_clients?, :superadmin_or_department_manager?
+  alias_method :termination?,     :superadmin_or_department_managers_registration?
+  alias_method :show?,            :volunteer_managing_or_volunteers_profile?
+  alias_method :edit?,            :volunteer_managing_or_volunteers_profile?
+  alias_method :update?,          :volunteer_managing_or_volunteers_profile?
  alias_method :destroy?,         :superadmin?

-  def volunteer_managing_or_volunteers_profile?
-    superadmin_or_department_manager_or_social_worker? || user_owns_record?
-  end
-
-  alias_method :show?,   :volunteer_managing_or_volunteers_profile?
-  alias_method :edit?,   :volunteer_managing_or_volunteers_profile?
-  alias_method :update?, :volunteer_managing_or_volunteers_profile?
-
-  # suplementary policies
-  alias_method :can_manage?, :superadmin?
-  alias_method :acceptance?, :superadmin?
-  alias_method :checklist?,  :superadmin?
+  # supplementary policies
+  alias_method :superadmin_privileges?, :superadmin?
 end
--- a/app/views/volunteers/_columns.html.slim
+++ b/app/views/volunteers/_columns.html.slim
@@ -18,7 +18,7 @@
        th= sort_link @q, :working_percent
        th= sort_link @q, :expectations
        th= sort_link @q, :interests
-        - if policy(Volunteer).acceptance?
+        - if policy(Volunteer).superadmin_privileges?
          th= sort_link @q, :acceptance
        th= sort_link @q, :external
        th= t_attr(:created_by)

--- a/app/views/volunteers/_form.html.slim
+++ b/app/views/volunteers/_form.html.slim
 = simple_error_notice f

- if policy(Volunteer).can_manage?
+- if policy(Volunteer).superadmin_privileges?
  = f.input :external, input_html: { data: { state: { remove: ['contacted', 'resigned', 'inactive', 'rejected'], selected: 'accepted' }, hide: ['bank-data', 'checklist'] }, class: 'volunteer-active-checkbox-changes' }
  fieldset
    legend= t('.acceptance.management')
@@ -13,7 +13,7 @@
  = f.input :rejection_type, collection: Volunteer::REJECTIONS, as: :radio_buttons
  = f.input :rejection_text

- if policy(Volunteer).can_manage?
+- if policy(Volunteer).superadmin_privileges?
  fieldset.checklist
    legend= t('checklist')
    ul.list-inline
@@ -105,5 +105,5 @@ fieldset
 = single_field_fieldset(f, :strengths)
 = single_field_fieldset(f, :interests)

-h3= policy(@volunteer).can_manage? ? t('.availability') : t('.availability_question')
+h3= policy(@volunteer).superadmin_privileges? ? t('.availability') : t('.availability_question')
 = render 'availability/form', f: f
--- a/app/views/volunteers/_volunteer.html.slim
+++ b/app/views/volunteers/_volunteer.html.slim
@@ -13,7 +13,7 @@ tr
  td = "#{volunteer.working_percent}%" if volunteer.working_percent.present?
  td = volunteer.expectations
  td = volunteer.interests
-  - if policy(Volunteer).acceptance?
+  - if policy(Volunteer).superadmin_privileges?
    td.button-acceptance = link_to t(".acceptance.#{volunteer.acceptance}"), '#',
      class: "btn btn-xs btn-acceptance-#{volunteer.acceptance}"
  td = volunteer.external? ? t_attr(:external) : t_attr(:internal)

--- a/app/views/volunteers/index.html.slim
+++ b/app/views/volunteers/index.html.slim
@@ -9,7 +9,7 @@ nav.navbar.section-navigation
        = f.submit 'Suchen', class: 'search-submit'
  ul.list-inline
    li= button_link t_title(:new), new_volunteer_path, dimension: 'sm'
-    - if policy(Volunteer).can_manage?
+    - if policy(Volunteer).superadmin_privileges?
      li= button_link t('seeking_clients'), seeking_clients_volunteers_url, dimension: 'sm'
    li |
    li= button_link 'E-Mailvorlagen', email_templates_path, dimension: 'sm'
@@ -19,7 +19,7 @@ nav.navbar.section-navigation
  ul.list-inline
    li= button_link t('clear_filters'), volunteers_path, dimension: 'sm'
    li= button_link navigation_fa_icon('xlsx'), url_for(format: :xlsx, q: search_parameters), dimension: 'sm'
-    - if policy(Volunteer).acceptance?
+    - if policy(Volunteer).superadmin_privileges?
      = enum_filter_dropdown(:acceptance, Volunteer.acceptances)
      = boolean_toggler_filter_dropdown(:active, 'Einsatz', 'Aktiv', 'Inaktiv')
    = boolean_toggler_filter_dropdown(:external, 'Intern/Extern', 'Extern', 'Intern')

--- a/app/views/volunteers/show.html.slim
+++ b/app/views/volunteers/show.html.slim
@@ -7,10 +7,10 @@ h1= @volunteer.contact.full_name

 nav.navbar.section-navigation
  ul.list-inline.pull-right
-    - if policy(Volunteer).can_manage?
+    - if policy(Volunteer).superadmin_privileges?
        li= button_link 'Journal', polymorphic_path([@volunteer, Journal]), 'primary'
  ul.list-inline
-    - if policy(Volunteer).acceptance?
+    - if policy(Volunteer).superadmin_privileges?
      li.button-acceptance = link_to t(".acceptance.#{@volunteer.acceptance}"), '#',
        class: "btn btn-acceptance-#{@volunteer.acceptance}"
      ul.list-inline
@@ -36,7 +36,7 @@ nav.navbar.section-navigation
    li= button_link current_user.volunteer? ? t('edit_profile') : t_title(:edit), edit_volunteer_path(@volunteer)
    li= form_navigation_btn :back, with_row: false unless current_user.volunteer?

- if policy(Volunteer).checklist?
+- if policy(Volunteer).superadmin_privileges?
  h3= t('checklist')
  .table-responsive
    table.table.table-no-border-top

--- a/test/policies/volunteer_policy_test.rb
+++ b/test/policies/volunteer_policy_test.rb
@@ -2,48 +2,38 @@ require 'test_helper'

 class VolunteerPolicyTest < PolicyAssertions::Test
  def setup
-    @superadmin = create :user
-    @social_worker = create :social_worker
-    @department_manager = create :department_manager
-    @volunteer_seeks = create :volunteer_with_user,
-      assignments: [create(:assignment, period_start: 500.days.ago, period_end: 200.days.ago)]
-    @volunteer_not_seeking = create :volunteer_with_user,
-      assignments: [create(:assignment, period_start: 10.days.ago, period_end: nil)]
+    @actions = ['index?', 'search?', 'new?', 'create?', 'seeking_clients?', 'termination?', 'show?',
+                'edit?', 'update?', 'destroy?', 'superadmin_privileges?']
  end

-  test 'Create: only superadmin can create volunteer' do
-    assert_permit @superadmin, Volunteer, 'new?', 'create?'
-    assert_permit @social_worker, Volunteer, 'new?', 'create?'
-    assert_permit @department_manager, Volunteer, 'new?', 'create?'
-    refute_permit @volunteer_seeks.user, Volunteer, 'new?', 'create?'
+  test 'superadmin_can_use_all_actions' do
+    assert_permit(create(:user), Volunteer, *@actions)
  end

-  test 'Destroy: only superadmin can destroy' do
-    assert_permit @superadmin, Volunteer, 'destroy?'
-    refute_permit @social_worker, Volunteer, 'destroy?'
-    refute_permit @department_manager, Volunteer, 'destroy?'
-    refute_permit @volunteer_seeks.user, Volunteer, 'destroy?'
+  test 'department_manager_has_limited_access' do
+    department_manager = create :department_manager
+    department_manager_volunteer = create :volunteer_with_user
+    department_manager_volunteer.registrar = department_manager
+    assert_permit(department_manager, Volunteer, *@actions[0..4], *@actions[6..8])
+    assert_permit(department_manager, department_manager_volunteer, *@actions[5])
+    refute_permit(department_manager, create(:volunteer), *@actions[5])
+    refute_permit(department_manager, Volunteer, *@actions[-2..-1])
  end

-  test 'Update: only superadmin can update and show all volunteers' do
-    assert_permit @superadmin, Volunteer, 'update?', 'edit?', 'show?'
-    assert_permit @social_worker, Volunteer, 'update?', 'edit?', 'show?'
-    assert_permit @department_manager, Volunteer, 'update?', 'edit?', 'show?'
-    assert_permit @volunteer_seeks.user, @volunteer_seeks, 'update?', 'edit?', 'show?'
-    refute_permit @volunteer_not_seeking.user, @volunteer_seeks, 'update?', 'edit?', 'show?'
+  test 'social_worker_has_limited_access' do
+    social_worker = create :social_worker
+    social_worker_volunteer = create :volunteer, registrar: social_worker
+    assert_permit(social_worker, Volunteer, *@actions[0..3], *@actions[6..8])
+    refute_permit(social_worker, social_worker_volunteer, *@actions[4..5])
+    refute_permit(social_worker, create(:volunteer), *@actions[4..5])
+    refute_permit(social_worker, Volunteer, *@actions[-2..-1])
  end

-  test 'Index: only Superadmins, Department managers and Social workers can index Volunteers' do
-    assert_permit @superadmin, Volunteer, 'index?'
-    assert_permit @department_manager, Volunteer, 'index?'
-    assert_permit @social_worker, Volunteer, 'index?'
-    refute_permit @volunteer_seeks.user, Volunteer, 'index?'
-  end
-
-  test 'Index: only Superadmins and  Department managers can seeking_clients Volunteers' do
-    assert_permit @superadmin, Volunteer, 'seeking_clients?'
-    assert_permit @department_manager, Volunteer, 'seeking_clients?'
-    refute_permit @social_worker, Volunteer, 'seeking_clients?'
-    refute_permit @volunteer_seeks.user, Volunteer, 'seeking_clients?'
+  test 'volunteer_has_limited_access' do
+    volunteer_one = create :volunteer_with_user
+    volunteer_two = create :volunteer_with_user
+    assert_permit(volunteer_one.user, volunteer_one, *@actions[6..8])
+    refute_permit(volunteer_one.user, volunteer_two, *@actions[6..8])
+    refute_permit(volunteer_one.user, Volunteer, *@actions[0..5], *@actions[-2..-1])
  end
 end