Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve restrictions for poll stats #3839

Merged
merged 7 commits into from
Nov 9, 2019
Merged

Improve restrictions for poll stats #3839

merged 7 commits into from
Nov 9, 2019

Conversation

javierm
Copy link
Member

@javierm javierm commented Nov 9, 2019

References

Objectives

  • Refactor code related to stats and results permissions
  • Improve restrictions for accessing and generating stats and results

@javierm javierm added the Bug label Nov 9, 2019
@javierm javierm self-assigned this Nov 9, 2019
houndci-bot
houndci-bot reviewed Nov 9, 2019
View reviewed changes
spec/models/concerns/reportable.rb Outdated Show resolved Hide resolved
spec/models/concerns/reportable.rb Outdated Show resolved Hide resolved
spec/models/abilities/everyone_spec.rb Outdated Show resolved Hide resolved
spec/models/abilities/everyone_spec.rb Outdated Show resolved Hide resolved
app/models/abilities/administrator.rb Show resolved Hide resolved
@javierm
Simplify tests for stats and results permissions
8dbad5c 
Now these tests look like the other ability tests.
@javierm javierm force-pushed the generate_stats branch 2 times, most recently from 9fbffe6 to f25f888 Compare November 9, 2019 14:30
@javierm javierm changed the title Only generate stats if we can access them Improve restrictions for poll stats Nov 9, 2019
@javierm javierm force-pushed the generate_stats branch 8 times, most recently from 9b3e1e0 to 9ab8b9e Compare November 9, 2019 18:32
@javierm
Limit admin access to poll stats and results
2029d7b 
There's no reason to allow administrators to check stats and results for
a poll when it isn't finished or when results and stats are not enabled.

Now admins have the same permissions as everyone else.
@javierm
Remove duplication in poll permissions
864f750 
We were checking for `expired?` and `results_enabled?` in views and
helpers, when we've already defined a rule for accessing stats and
results for a poll.

This way we also fix a bug when stats were enabled but the poll wasn't
finished. In this scenario, the link pointed to the stats page, but when
clicking it we'd get a "you don't have permission" message.

Now the link doesn't point to the stats page anymore.
@javierm
Remove duplicate scope
9e27027 
The scopes `created_by_admin` and `public_polls` were very similar. I'm
using `created_by_admin` because `Poll.public_polls` feels redundant,
and the reason for that name is we should not name the scope `public`
because `public` is a ruby access modifier.
@javierm
Define stats and result permissions with scopes
f8e6e98 
When defining abilities, scopes cover more cases because they can be
used to check permissions for a record and to filter a collection. Ruby
blocks can only be used to check permissions for a record.

Note the `Budget::Phase.kind_or_later` name sounds funny, probably
because we use the word "phase" for both an an attribute in the budgets
table and an object associated with the budget, and so naming methods
for a budget phase is a bit tricky.
@javierm
Only generate stats if we can access them
01a01c8 
There's no point generating stats nobody can access.

Note with this change we're automatically excluding polls created in the
dashboard, since these polls don't have stats enabled.
@javierm
Don't generate stats for budget polls
ed6a4a1 
The link to show stats for these polls is nowhere to be seen in the
application, and these stats are included in the budget stats, so it
makes sense to restrict access to them.
@javierm javierm merged commit dbe67ed into master Nov 9, 2019
@javierm javierm deleted the generate_stats branch November 9, 2019 18:58
smarques pushed a commit to venetochevogliamo/consul that referenced this pull request Apr 29, 2020
@javierm
Merge pull request consuldemocracy#3839 from consul/generate_stats
e1f13fa 
Improve restrictions for poll stats
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@houndci-bot houndci-bot houndci-bot left review comments

Assignees

@javierm javierm

Labels
Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@javierm @houndci-bot