diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 36957b0..c7cc410 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -16,10 +16,8 @@ class ApplicationController < ActionController::Base end def current_ability - if current_user - @current_ability ||= Ability.new(current_user) - elsif current_client - @current_ability ||= ClientAbility.new(current_client) - end + @current_ability ||= + current_client.try { |c| ClientAbility.new(c) } || + Ability.new(current_user) end end diff --git a/app/controllers/transactions_controller.rb b/app/controllers/transactions_controller.rb index 7c1152f..7b5626d 100644 --- a/app/controllers/transactions_controller.rb +++ b/app/controllers/transactions_controller.rb @@ -1,4 +1,5 @@ class TransactionsController < ApplicationController + load_and_authorize_resource skip_before_filter :verify_authenticity_token, only: :create before_action :authenticate_user!, except: :create @@ -34,12 +35,14 @@ class TransactionsController < ApplicationController def transaction_params t = params.require(:transaction) - .permit(:debtor, :creditor, :amount, :message) + .permit(:debtor, :creditor, :message, :euros, :cents) - t.update({ + { debtor: User.find_by(name: t[:debtor]) || User.zeus, creditor: User.find_by(name: t[:creditor]) || User.zeus, - issuer: current_client || current_user - }) + issuer: current_client || current_user, + amount: (t[:euros].to_f*100 + t[:cents].to_f).to_i, + message: t[:message] + } end end diff --git a/app/models/ability.rb b/app/models/ability.rb index f04be4f..c3a4c81 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -2,12 +2,10 @@ class Ability include CanCan::Ability def initialize(user) - user ||= User.new # guest user (not logged in) + return unless user - if user.penning? - can :manage, :all - else - can :read, user, id: user.id - end + can :manage, :all if user.penning? + can :read, user, id: user.id + can :create, Transaction, debtor: user end end diff --git a/app/views/transactions/new.html.haml b/app/views/transactions/new.html.haml index 742a465..91f158f 100644 --- a/app/views/transactions/new.html.haml +++ b/app/views/transactions/new.html.haml @@ -1,6 +1,9 @@ = render 'partials/form_errors', object: @transaction = simple_form_for @transaction do |f| - = f.hidden_field :debtor, value: current_user.name + - if current_user.penning + = f.collection_select :debtor, User.all, :name, :name, {}, { class: 'select2-selector' } + - else + = f.hidden_field :debtor, value: current_user.name = f.collection_select :creditor, User.all, :name, :name, {}, { class: 'select2-selector' } = f.input :amount = f.input :message, required: true diff --git a/spec/controllers/transactions_controller_spec.rb b/spec/controllers/transactions_controller_spec.rb index 7ba1232..e96cc51 100644 --- a/spec/controllers/transactions_controller_spec.rb +++ b/spec/controllers/transactions_controller_spec.rb @@ -1,4 +1,5 @@ require 'rails_helper' +require 'spec_helper' RSpec.describe TransactionsController, type: :controller do describe "creating transaction" do @@ -8,14 +9,70 @@ RSpec.describe TransactionsController, type: :controller do sign_in @debtor end - it "should create a valid transaction" do - expect do - put :create, { transaction: { + context "with valid attributes" do + before :each do + @attributes = { transaction: { + debtor: @debtor.name, creditor: @creditor.name, - amount: 20, - message: "hoi" + cents: 70, + message: 'hoi' }} - end.to change {Transaction.count}.by(1) + post :create, @attributes + @transaction = Transaction.last + end + + it "should create a new transaction" do + expect {post :create, @attributes}.to change {Transaction.count}.by(1) + end + + it "should set debtor" do + expect(@transaction.debtor).to eq(@debtor) + end + + it "should set amount" do + expect(@transaction.amount).to eq(70) + end + + it "should set creditor" do + expect(@transaction.creditor).to eq(@creditor) + end + + it "should set issuer" do + expect(@transaction.issuer).to eq(@debtor) + end + end + + context "with float euros" do + it "should set correct amount" do + post :create, transaction: { + debtor: @debtor.name, + creditor: @creditor.name, + euros: 10.5, + message: "Omdat je een leuke jongen bent!" + } + expect(Transaction.last.amount).to eq(1050) + end + end + + context "with negative amount" do + it "should be refused" do + expect do + post :create, transaction: attributes_for(:transaction, cents: -20) + end.not_to change {Transaction.count} + end + end + + context "for other user" do + it "should be refused" do + expect do + post :create, transaction: { + debtor: @creditor.name, + creditor: @debtor.name, + euros: 10000000, + message: 'DIT IS OVERVAL' + } + end.not_to change {Transaction.count} + end end end end diff --git a/spec/helpers/transactions_helper_spec.rb b/spec/helpers/transactions_helper_spec.rb index f29b78f..48c6c73 100644 --- a/spec/helpers/transactions_helper_spec.rb +++ b/spec/helpers/transactions_helper_spec.rb @@ -11,5 +11,4 @@ require 'rails_helper' # end # end RSpec.describe TransactionsHelper, type: :helper do - pending "add some examples to (or delete) #{__FILE__}" end diff --git a/spec/helpers/users_helper_spec.rb b/spec/helpers/users_helper_spec.rb index b2e3444..890768c 100644 --- a/spec/helpers/users_helper_spec.rb +++ b/spec/helpers/users_helper_spec.rb @@ -11,5 +11,4 @@ require 'rails_helper' # end # end RSpec.describe UsersHelper, type: :helper do - pending "add some examples to (or delete) #{__FILE__}" end