diff options
author | Joachim Filip Ignacy Bartosik <jbartosik@gmail.com> | 2010-08-14 15:32:52 +0200 |
---|---|---|
committer | Joachim Filip Ignacy Bartosik <jbartosik@gmail.com> | 2010-08-16 13:34:07 +0200 |
commit | 359c016cf1e7bf5787f3d4abfdcbdd89891b9e5a (patch) | |
tree | 1a368a1bbc8904840d29092702d0a2c064b3327d | |
parent | Make answer relation of Comment readonly (diff) | |
download | recruiting-webapp-359c016cf1e7bf5787f3d4abfdcbdd89891b9e5a.tar.gz recruiting-webapp-359c016cf1e7bf5787f3d4abfdcbdd89891b9e5a.tar.bz2 recruiting-webapp-359c016cf1e7bf5787f3d4abfdcbdd89891b9e5a.zip |
Changed ProjectAcceptance permissions
* Don't allow mentor of owner of answer to destroy it
* Add test to make sure project lead can create acceptance only if accepting
nick is nick of the lead
-rw-r--r-- | app/models/project_acceptance.rb | 8 | ||||
-rw-r--r-- | spec/models/project_acceptance_spec.rb | 9 |
2 files changed, 9 insertions, 8 deletions
diff --git a/app/models/project_acceptance.rb b/app/models/project_acceptance.rb index c1b0b9e..bf170f3 100644 --- a/app/models/project_acceptance.rb +++ b/app/models/project_acceptance.rb @@ -30,12 +30,8 @@ class ProjectAcceptance < ActiveRecord::Base # Allow admins everything return true if acting_user.administrator? - # Allow users mentor and recruiters if not accepted and - # accepted was not changed - recruiter_user_or_mentor = acting_user.role.is_recruiter? || - user._?.mentor_is?(acting_user) - - return true if recruiter_user_or_mentor && !accepted && !accepted_changed? + # Allow recruiters changing pending acceptances + return true if acting_user.role.is_recruiter? && !accepted && !accepted_changed? # Allow user with nick accepting_nick to change :accepted return true if (acting_user.nick == accepting_nick) && only_changed?(:accepted) diff --git a/spec/models/project_acceptance_spec.rb b/spec/models/project_acceptance_spec.rb index 992aad1..32862f8 100644 --- a/spec/models/project_acceptance_spec.rb +++ b/spec/models/project_acceptance_spec.rb @@ -4,11 +4,10 @@ describe ProjectAcceptance do include Permissions::TestPermissions - it 'should allow any mentor of user and recruiters to edit and RUD (if not accepted)' do + it 'should allow recruiters to edit and RUD (if not accepted)' do for user in fabricate_all_roles acceptance = Factory(:project_acceptance, :user => user) users = [Factory(:recruiter)] - users += [user.mentor] if user.mentor ud_allowed(users, acceptance) view_allowed(users, acceptance) @@ -101,4 +100,10 @@ describe ProjectAcceptance do acceptance.user_is?(recruit).should be_true acceptance.accepting_nick.should == lead.nick end + + it "should make sure leads create project acceptances only for themselves" do + user = Factory(:mentor, :project_lead => true) + acceptance = ProjectAcceptance.new(:accepting_nick => "other nick", :user => Factory(:recruit)) + acceptance.should_not be_creatable_by(user) + end end |