Merge pull request #140 from TreinaDev/autoriza-morador-comprovante

Autoriza morador comprovante
TreinaDev · Jul 22, 2024 · 505bf6e · 505bf6e
2 parents 37711bd + 13e0d24
commit 505bf6e
Show file tree

Hide file tree

Showing 6 changed files with 66 additions and 7 deletions.
diff --git a/app/controllers/bills_controller.rb b/app/controllers/bills_controller.rb
@@ -1,9 +1,10 @@
 class BillsController < ApplicationController
   rescue_from Faraday::ConnectionFailed, with: :connection_refused
   before_action :authenticate_resident!, only: %i[index show]
-  before_action :unit_for_current_resident
+  before_action :unit_for_current_resident, only: %i[index show]
   before_action :request_open_bills_list, only: :index
   before_action :request_bill_details, only: :show
+  before_action :autorize_resident, only: :show
   before_action :set_breadcrumbs_for_action, only: %i[index show]
 
   def index; end
@@ -34,4 +35,8 @@ def connection_refused
   def set_breadcrumbs_for_action
     add_breadcrumb I18n.t("breadcrumb.bill.#{action_name}")
   end
+
+  def autorize_resident
+    redirect_to root_path, alert: t('alerts.receipt.not_autorized') unless @bill.unit_id == @unit.id
+  end
 end
diff --git a/app/controllers/receipts_controller.rb b/app/controllers/receipts_controller.rb
@@ -2,6 +2,8 @@ class ReceiptsController < ApplicationController
   before_action :authenticate_resident!, only: %i[create new]
   before_action :define_resident, only: %i[create new]
   before_action :set_bill_id, only: %i[create new]
+  before_action :set_unit_id, only: %i[new create]
+  before_action :autorize_resident, only: %i[new create]
   before_action :check_image_presence, only: :create
   before_action :set_breadcrumbs_for_action, only: :new
 
@@ -34,4 +36,12 @@ def check_image_presence
     @resident.add_error
     render 'new', status: :unprocessable_entity
   end
+
+  def set_unit_id
+    @unit_id = params[:unit_id]
+  end
+
+  def autorize_resident
+    redirect_to root_path, alert: t('alerts.receipt.not_autorized') unless @unit_id.to_i == @resident.residence.id
+  end
 end
diff --git a/app/views/bills/show.html.erb b/app/views/bills/show.html.erb
@@ -31,7 +31,7 @@
   </div>
   <div class="d-flex justify-content-center mt-4">
     <% if @bill.status == 'pending' %>
-      <%= link_to new_bill_receipt_path(@bill_id), class:"btn btn-dark rounded-pill d-flex align-items-baseline pb-2 mb-2 shadow-sm" do %>
+      <%= link_to new_bill_receipt_path(@bill_id, unit_id: @bill.unit_id), class:"btn btn-dark rounded-pill d-flex align-items-baseline pb-2 mb-2 shadow-sm" do %>
         <i class="bi bi-card-text me-1 fs-6"></i> <p class="m-0 fs-sm">Enviar Comprovante</p> 
       <% end %>
     <% end %>

diff --git a/app/views/receipts/new.html.erb b/app/views/receipts/new.html.erb
@@ -9,6 +9,8 @@
       <%= render("shared/errors", model: @resident, attribute: :receipt) if @resident.errors[:receipt].any? %>
     </div>
 
+    <%= f.hidden_field :unit_id, value: @unit_id %>
+
     <%= f.submit 'Enviar', class: 'btn btn-dark rounded-pill px-4 mt-1' %>
   <% end %>
 </div>
diff --git a/config/locales/models/receipt.pt-BR.yml b/config/locales/models/receipt.pt-BR.yml
@@ -5,4 +5,5 @@ pt-BR:
   alerts:    
     receipt:
       not_sended: 'Impossível enviar o comprovante ao servidor do PagueAluguel'
-      inexistent_image: 'Comprovante não pode ficar em branco'
+      inexistent_image: 'Comprovante não pode ficar em branco'
+      not_autorized: Você não tem permissão para acessar essa página
diff --git a/spec/requests/bills_spec.rb b/spec/requests/bills_spec.rb
@@ -16,6 +16,21 @@
 
       expect(response).to redirect_to new_resident_session_path
     end
+
+    it 'must be authenticated as Resident for that bill to see (other resident)' do
+      create :resident, :with_residence
+      resident = create :resident, :with_residence
+      json_data_details = Rails.root.join('spec/support/json/bill_1_details.json').read
+      response_for_unit_one = double('faraday_response', body: json_data_details, success?: true)
+
+      allow(Faraday).to receive(:get).and_return(response_for_unit_one)
+
+      login_as resident, scope: :resident
+      get bill_path 1, params: { unit_id: 1 }
+
+      expect(response).to redirect_to root_path
+      expect(flash[:alert]).to eq 'Você não tem permissão para acessar essa página'
+    end
   end
 
   context 'GET /bills/bill_id/receipts/new' do
@@ -33,6 +48,21 @@
 
       expect(response).to redirect_to new_resident_session_path
     end
+
+    it 'must be authenticated as Resident for that bill to see (other resident)' do
+      create :resident, :with_residence
+      resident = create :resident, :with_residence
+      json_data_details = Rails.root.join('spec/support/json/bill_1_details.json').read
+      response_for_unit_one = double('faraday_response', body: json_data_details, success?: true)
+
+      allow(Faraday).to receive(:get).and_return(response_for_unit_one)
+
+      login_as resident, scope: :resident
+      get new_bill_receipt_path 1, params: { unit_id: 1 }
+
+      expect(response).to redirect_to root_path
+      expect(flash[:alert]).to eq 'Você não tem permissão para acessar essa página'
+    end
   end
 
   context 'GET /bills' do
@@ -53,19 +83,30 @@
   end
 
   context 'POST /bills/{bill_id}/receipts' do
-    it 'must be authenticated as Resident to see (not authenticated)' do
-      post bill_receipts_path 1, params: { image: 'receipt.jpg', unid_id: 1 }
+    it 'must be authenticated as Resident to post (not authenticated)' do
+      post bill_receipts_path 1, params: { image: 'receipt.jpg', bill_id: 1 }
 
       expect(response).to redirect_to new_resident_session_path
     end
 
-    it 'must be authenticated as Resident to see (authenticated as super manager)' do
+    it 'must be authenticated as Resident to post (authenticated as super manager)' do
       manager = create :manager, is_super: true
 
       login_as manager, scope: :manager
-      post bill_receipts_path 1, params: { image: 'receipt.jpg', unid_id: 1 }
+      post bill_receipts_path 1, params: { image: 'receipt.jpg', bill_id: 1 }
 
       expect(response).to redirect_to new_resident_session_path
     end
+
+    it 'must be authenticated as Resident for that bill to post (other resident)' do
+      create :resident, :with_residence
+      resident = create :resident, :with_residence
+
+      login_as resident, scope: :resident
+      post bill_receipts_path 1, params: { unit_id: 1, image: 'receipt.jpg', bill_id: 1 }
+
+      expect(response).to redirect_to root_path
+      expect(flash[:alert]).to eq 'Você não tem permissão para acessar essa página'
+    end
   end
 end