replaced user.can_manage_comment? with cancan ability

daqing · Jun 4, 2011 · a71fdde · a71fdde
1 parent 4e4029b
commit a71fdde
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 8 deletions.
diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
@@ -2,7 +2,7 @@ class CommentsController < ApplicationController
   before_filter :must_login_first
   before_filter :find_comment, :except => :create
   before_filter :only => [:edit, :update, :destroy] do |c|
-    redirect_to_root_when_no_permission unless current_user.can_manage_comment? @comment
+    authorize! :manage, @comment
   end
 
   def create

diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -22,6 +22,10 @@ def initialize(user)
       can :manage, Issue do |issue|
         (not issue.closed?) and issue.user == user
       end
+
+      can :manage, Comment do |comment|
+        (not comment.issue.closed?) and comment.user == user
+      end
     end
 
     # Define abilities for the passed in user here. For example:

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -80,7 +80,7 @@ def root?
   #   (not issue.closed?) and issue.user == self
   # end
 
-  def can_manage_comment?(comment)
-    (not comment.issue.closed?) and comment.user == self
-  end
+  # def can_manage_comment?(comment)
+  #   (not comment.issue.closed?) and comment.user == self
+  # end
 end
diff --git a/app/views/comments/_comment.html.erb b/app/views/comments/_comment.html.erb
@@ -4,7 +4,7 @@
 
 	<span class="author"><%= link_to comment.user.name, comment.user %></span>
 	<span class="date"><%= time_ago_in_words(comment.created_at) + t(:ago) %></span>
-    <% if current_user.can_manage_comment? comment %>
+    <% if can? :manage, comment %>
       <%= link_to t(:edit), edit_comment_path(comment), :class => 'action facebox' %>
       &nbsp;&middot;&nbsp;
       <%= link_to t(:delete), comment, :method => :delete, :remote => true, :confirm => t(:delete_confirm), :class => :action %>

diff --git a/test/functional/comments_controller_test.rb b/test/functional/comments_controller_test.rb
@@ -55,6 +55,7 @@ class CommentsControllerTest < ActionController::TestCase
   end
 
   test "only user who creates it can edit or destroy comment" do
+    relog_in(:nana)
     get :edit, :id => comments(:two).id
     assert_no_permission
 

diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
@@ -112,13 +112,17 @@ def setup
   end
 
   test "only creator can manage comments when the related issue is not closed" do
-    comment = comments(:need_fix)
+    comment = comments(:two)
+    ability = Ability.new(users(:two))
     issue = comment.issue
     issue.work_on!
-    assert @user.can_manage_comment?(comment)
+    assert ability.can? :manage, comment
+
+    a2 = Ability.new(users(:nana))
+    assert a2.cannot? :manage, comment
 
     issue.mark_finished!
     issue.close!
-    assert ! @user.can_manage_comment?(comment)
+    assert ability.cannot? :manage, comment
   end
 end