Organisation management

2015-05-25 11:42:53 +02:00 · 2015-05-25 11:42:53 +02:00 · 6aed6ffc8e
commit 6aed6ffc8e
parent eacff6bedb
7 changed files with 51 additions and 15 deletions
--- a/app/controllers/orgas_controller.rb
+++ b/app/controllers/orgas_controller.rb
@ -1,7 +1,8 @@
 # Groups life cycle
 class OrgasController < ApplicationController
-  before_action :authenticate_user!, only: [:new, :edit, :update, :destroy]
  before_action :set_orga, except: [:index, :new, :create]
+  before_action :authenticate_user!, only: [:edit, :update, :destroy],
+                                     unless: :check_secret

  def index
    @search = Orga.search params[:q]
@ -19,7 +20,7 @@ class OrgasController < ApplicationController
  def create
    @orga = Orga.new orga_params
    respond_to do |format|
-      if @orga.save # && send_creation_mails
+      if @orga.save
        format.html { redirect_to :root, notice: t('.ok') }
        # 201 means :created
        format.json { render action: 'show', status: 201, location: @orga }
@ -42,7 +43,7 @@ class OrgasController < ApplicationController
  # PATCH/PUT /orgas/1.json
  def update
    respond_to do |format|
-      if @orga.update(orga_params) # && send_update_mails
+      if @orga.update orga_params
        format.html { redirect_to @orga, notice: t('.ok') }
        format.json { head :no_content }
      else
@ -67,4 +68,9 @@ class OrgasController < ApplicationController
      .permit :lock_version, :kind_id, :name, :city, :department, :region_id,
              :url, :feed, :contact, :submitter
  end
+
+  # Check that you can only edit an existing event if you know its secret
+  def check_secret
+    !@orga.secret || @orga.secret == params[:secret]
+  end
 end
--- a/app/models/orga.rb
+++ b/app/models/orga.rb
@ -8,12 +8,12 @@ class Orga < ActiveRecord::Base
  validates :region, presence: true
  validates :url, format: %r{\Ahttps?:\/\/.*\..*\z}
  validates :feed, allow_blank: true, format: %r{\Ahttps?:\/\/.*\..*\z}
-  validates :contact, allow_blank: true, email: true
+  validates :contact, presence: true, email: true
  validates :submitter, allow_blank: true, email: true

-  before_validation on: :create do
-    self.submission_time = Time.zone.now
-    self.decision_time = Time.zone.now
+  before_validation do
+    self.secret ||= SecureRandom.urlsafe_base64(32)[0...32]
+    self.submission_time ||= Time.zone.now

    # Populate submitter using contact info if absent
    self.submitter ||= contact
--- a/app/views/orgas/index.html.haml
+++ b/app/views/orgas/index.html.haml
@ -25,17 +25,17 @@
          = orga.name
          - if orga.url =~ /^http/
            = image_tag orga.url + '/favicon.ico', alt: '', class: :favicon
-        %td
-          = orga.city
-        %td
-          = orga.department
-        %td
-          = orga.region
-        %td
-          = link_to orga.url, orga.url
+        %td= orga.city
+        %td= orga.department
+        %td= orga.region
+        %td= link_to orga.url, orga.url
        %td
          = link_to t('show'),
            orga_path(orga, q: params[:q], page: params[:page]),
            class: :view_link

 = paginate @orgas
+
+= link_to new_orga_path do
+  %em.fa.fa-plus
+  = t '.new'
--- a/config/locales/views/en.yml
+++ b/config/locales/views/en.yml
@ -233,6 +233,8 @@ description."
    search:
      title: Find your %{entity}!
      label: Search
+    index:
+      new: Add an organisation
    show:
      links: Links
      actions: Actions
@ -251,6 +253,7 @@ description."
    edit:
      title: Organisation
      edit: Edition
+      forbidden: You are not authorised to modify this organisation
    update:
      ok: Organisation has been updated
    form:
--- a/config/locales/views/fr.yml
+++ b/config/locales/views/fr.yml
@ -235,6 +235,8 @@ description plus complète."
    search:
      title: Trouve ton %{entity}!
      label: Recherche
+    index:
+      new: Ajouter une organisation
    show:
      links: Liens
      actions: Actions
@ -253,6 +255,7 @@ description plus complète."
    edit:
      title: Organisation
      edit: Édition
+      forbidden: Vous n'êtes pas authorisé à modifier cette organisation
    update:
      ok: L'organisation a été mise à jour
    form:
--- a/test/controllers/orgas_controller_test.rb
+++ b/test/controllers/orgas_controller_test.rb
@ -50,4 +50,27 @@ class OrgasControllerTest < ActionController::TestCase
    get :show, id: @orga
    assert_response :success
  end
+
+  test 'should update orga' do
+    sign_in users(:one)
+    patch :update, id: @orga, orga: { name: @orga.name }
+
+    assert_empty assigns(:orga).errors.messages
+    assert_redirected_to assigns(:orga)
+  end
+
+  test 'should not update orga' do
+    sign_in users(:one)
+    patch :update, id: @orga, orga: { name: nil }
+
+    assert_not_empty assigns(:orga).errors.messages
+  end
+
+  test 'should not update orga without proper secret' do
+    patch :update, id: @orga, secret: @orga.secret, orga: {
+      name: 'hello world'
+    }
+
+    assert_redirected_to assigns(:orga)
+  end
 end
--- a/test/fixtures/orgas.yml
+++ b/test/fixtures/orgas.yml
@ -10,6 +10,7 @@ one:
  feed: http://april.org/index.rss
  contact: test@exemple.com
  submitter: test@exemple.com
+  secret: my_secret

 two:
  kind: provider