-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve restrictions for poll stats #3839
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
houndci-bot
reviewed
Nov 9, 2019
Now these tests look like the other ability tests.
javierm
force-pushed
the
generate_stats
branch
2 times, most recently
from
November 9, 2019 14:30
9fbffe6
to
f25f888
Compare
javierm
changed the title
Only generate stats if we can access them
Improve restrictions for poll stats
Nov 9, 2019
javierm
force-pushed
the
generate_stats
branch
8 times, most recently
from
November 9, 2019 18:32
9b3e1e0
to
9ab8b9e
Compare
There's no reason to allow administrators to check stats and results for a poll when it isn't finished or when results and stats are not enabled. Now admins have the same permissions as everyone else.
We were checking for `expired?` and `results_enabled?` in views and helpers, when we've already defined a rule for accessing stats and results for a poll. This way we also fix a bug when stats were enabled but the poll wasn't finished. In this scenario, the link pointed to the stats page, but when clicking it we'd get a "you don't have permission" message. Now the link doesn't point to the stats page anymore.
The scopes `created_by_admin` and `public_polls` were very similar. I'm using `created_by_admin` because `Poll.public_polls` feels redundant, and the reason for that name is we should not name the scope `public` because `public` is a ruby access modifier.
javierm
force-pushed
the
generate_stats
branch
from
November 9, 2019 18:33
9ab8b9e
to
1786a60
Compare
When defining abilities, scopes cover more cases because they can be used to check permissions for a record and to filter a collection. Ruby blocks can only be used to check permissions for a record. Note the `Budget::Phase.kind_or_later` name sounds funny, probably because we use the word "phase" for both an an attribute in the budgets table and an object associated with the budget, and so naming methods for a budget phase is a bit tricky.
There's no point generating stats nobody can access. Note with this change we're automatically excluding polls created in the dashboard, since these polls don't have stats enabled.
The link to show stats for these polls is nowhere to be seen in the application, and these stats are included in the budget stats, so it makes sense to restrict access to them.
javierm
force-pushed
the
generate_stats
branch
from
November 9, 2019 18:34
1786a60
to
ed6a4a1
Compare
smarques
pushed a commit
to venetochevogliamo/consul
that referenced
this pull request
Apr 29, 2020
Improve restrictions for poll stats
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
References
Objectives