S#1676|Garima/Mark|Divided permission for child export in abilities

This commit contains:- * Changing of permission All Children page * Changing of permission on Single Child page * A database migration to migrate existing data to new permissions
rapidftr · May 13, 2013 · 3fbcfec · 3fbcfec
1 parent ff432a7
commit 3fbcfec
Show file tree

Hide file tree

Showing 18 changed files with 157 additions and 69 deletions.
diff --git a/app/controllers/advanced_search_controller.rb b/app/controllers/advanced_search_controller.rb
@@ -24,27 +24,22 @@ def index
   end
 
   def export_data
-    authorize! :export, Child
-    selected_records = Hash[params["selections"].to_a.sort_by { |k,v| k}].values.reverse || {} if params["all"] != "Select all records"
-    selected_records = params["full_results"].split(/,/) if params["all"] == "Select all records"
-    if selected_records.empty?
-      raise ErrorResponse.bad_request('You must select at least one record to be exported')
-    end
-
-    children = []
-    selected_records.each do |child_id| children.push(Child.get(child_id)) end
     if params[:commit] == t("child.actions.export_to_photo_wall")
-      export_photos_to_pdf(children, "#{file_basename}.pdf")
+      authorize! :export_photowall, Child
+      export_photos_to_pdf(selected_children, "#{file_basename}.pdf") and return
     elsif params[:commit] == t("child.actions.export_to_pdf")
-      pdf_data = ExportGenerator.new(children).to_full_pdf
-      send_pdf(pdf_data, "#{file_basename}.pdf")
+      authorize! :export_pdf, Child
+      pdf_data = ExportGenerator.new(selected_children).to_full_pdf
+      send_pdf(pdf_data, "#{file_basename}.pdf") and return
     elsif params[:commit] == t("child.actions.export_to_csv")
-      render_as_csv(children, "#{file_basename}.csv")
+      authorize! :export_csv, Child
+      render_as_csv(selected_children, "#{file_basename}.csv") and return
     end
+    render :file => "#{Rails.root}/public/400.html", :status => :bad_request, :layout => false
   end
 
   def export_photos_to_pdf children, filename
-    authorize! :export, Child
+    authorize! :export_photowall, Child
 
     pdf_data = ExportGenerator.new(children).to_photowall_pdf
     send_pdf(pdf_data, filename)
@@ -140,4 +135,20 @@ def prepare_params_for_limited_access_user user
     params[:disable_create] = "true"
   end
 
+  def selected_records
+    records = Hash[params["selections"].to_a.sort_by { |k,v| k}].values.reverse || {} if params["all"] != "Select all records"
+    records = params["full_results"].split(/,/) if params["all"] == "Select all records"
+    if records.empty?
+      raise ErrorResponse.bad_request('You must select at least one record to be exported')
+    end
+    records
+  end
+
+  def selected_children
+    children = []
+    selected_records.each do |child_id|
+      children.push(Child.get(child_id))
+    end
+    children
+  end
 end
diff --git a/app/controllers/children_controller.rb b/app/controllers/children_controller.rb
@@ -28,11 +28,11 @@ def index
       format.html
       format.xml { render :xml => @children }
       format.csv do
-        authorize! :export, Child
+        authorize! :export_csv, Child
         render_as_csv @children
       end
       format.pdf do
-        authorize! :export, Child
+        authorize! :export_pdf, Child
         pdf_data = ExportGenerator.new(@children).to_full_pdf
         send_pdf(pdf_data, "#{file_basename}.pdf")
       end
@@ -234,14 +234,14 @@ def search
   end
 
   def export_photos_to_pdf children, filename
-    authorize! :export, Child
+    authorize! :export_photowall, Child
 
     pdf_data = ExportGenerator.new(children).to_photowall_pdf
     send_pdf(pdf_data, filename)
   end
 
   def export_photo_to_pdf
-    authorize! :export, Child
+    authorize! :export_photowall, Child
     pdf_data = ExportGenerator.new(@child).to_photowall_pdf
     send_pdf(pdf_data, "#{file_basename(@child)}.pdf")
   end

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
@@ -39,6 +39,10 @@ def link_confirm_options(controller)
     confirm_options
   end
 
+  def can_export?
+    can?(:export_photowall, Child) or can?(:export_csv, Child) or can?(:export_pdf, Child)
+  end
+
   def translated_permissions
     permissions = Permission.hashed_values.map do |group, permissions|
       [

diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -35,8 +35,14 @@ def initialize(user)
       can [:read, :update, :destroy], Child
     end
 
-    if user.has_permission?(Permission::CHILDREN[:export])
-      can [:export], Child
+    if user.has_permission?(Permission::CHILDREN[:export_csv])
+      can [:export_csv], Child
+    end
+    if user.has_permission?(Permission::CHILDREN[:export_photowall])
+      can [:export_photowall], Child
+    end
+    if  user.has_permission?(Permission::CHILDREN[:export_pdf])
+      can [:export_pdf], Child
     end
 
     #

diff --git a/app/models/permission.rb b/app/models/permission.rb
@@ -9,11 +9,15 @@ def self.to_ordered_hash *hashes
     ordered
   end
 
-  CHILDREN = Permission.to_ordered_hash({:register => "Register Child"}, {:edit => "Edit Child"},
-                                         {:view_and_search => "View And Search Child"}, {:export => "Export to Photowall/CSV/PDF"})
+  CHILDREN = Permission.to_ordered_hash({:register => "Register Child"},
+                                        {:edit => "Edit Child"},
+                                        {:view_and_search => "View And Search Child"},
+                                        {:export_photowall => "Export to Photowall"},
+                                        {:export_csv => "Export to CSV"},
+                                        {:export_pdf => "Export to PDF"})
   FORMS    = Permission.to_ordered_hash({:manage => "Manage Forms"})
   USERS    = Permission.to_ordered_hash({:create_and_edit => "Create and Edit Users"},{:view => "View Users"},
-                                         {:destroy => "Delete Users"},{:disable => "Disable Users"})
+                                        {:destroy => "Delete Users"},{:disable => "Disable Users"})
   DEVICES  = Permission.to_ordered_hash({:black_list => "BlackList Devices", :replications => "Manage Replications"})
   REPORTS  = Permission.to_ordered_hash({:view => 'View and Download Reports'})
   ROLES    = Permission.to_ordered_hash({:create_and_edit => "Create and Edit Roles"},{:view => "View roles"})

diff --git a/app/views/children/_header.html.erb b/app/views/children/_header.html.erb
@@ -3,15 +3,15 @@
     <%= link_to content_tag(:span, t("children.register_new_child"), :class => 'create_user'), new_child_path, :class=>'btn' %>
 <% end %>
 
-<% if can?(:export, Child) %>
+<% if can_export? %>
     <div class="btn dropdown_btn">
       <span class="export"><%= t("children.export") %></span>
       <div class="dropdown hide">
-        <% if can?(:export, Child) %>
-            <%= link_to t('children.export_all_child_records_to_csv'), children_path(:format => :csv, :per_page => :all), :class => "password-prompt" %>
-            <%= link_to t('children.export_all_child_records_to_pdf'), children_path(:format => :pdf, :per_page => :all), :class => "password-prompt" %>
+        <% if can_export? %>
+            <%= link_to t('children.export_all_child_records_to_csv'), children_path(:format => :csv, :per_page => :all), :class => "password-prompt" if can?(:export_csv, Child)  %>
+            <%= link_to t('children.export_all_child_records_to_pdf'), children_path(:format => :pdf, :per_page => :all), :class => "password-prompt" if can?(:export_pdf, Child)  %>
             <%= link_to t("children.export_some_records_to_csv"), new_advanced_search_path %>
-      <%end%>
+        <% end %>
       </div>
     </div>
 
@@ -31,4 +31,4 @@
       });
     </script>
 
-<%end%>
+<%end%>
diff --git a/app/views/children/_search_results.html.erb b/app/views/children/_search_results.html.erb
@@ -47,10 +47,10 @@
     <%= check_box_tag 'allbottom', 'Select all records' %>
     <%= label_tag 'allbottom', t("select_all") %>
     <% end %>
-    <% if can? :export, Child %>
-    <%= submit_tag t("child.actions.export_to_photo_wall"), :class => "password-prompt" if has_results %>
-    <%= submit_tag t("child.actions.export_to_pdf"), :class => "password-prompt"  if has_results %>
-    <%= submit_tag t("child.actions.export_to_csv"), :class => "password-prompt"  if has_results %>
+    <% if can_export? %>
+      <%= submit_tag t("child.actions.export_to_photo_wall"), :class => "password-prompt" if has_results %>
+      <%= submit_tag t("child.actions.export_to_pdf"), :class => "password-prompt"  if has_results %>
+      <%= submit_tag t("child.actions.export_to_csv"), :class => "password-prompt"  if has_results %>
     <% end %>
   </div>
 <%end%>

diff --git a/app/views/children/_show_child_toolbar.erb b/app/views/children/_show_child_toolbar.erb
@@ -1,12 +1,12 @@
-<% if can? :export, Child %>
+<% if can_export? %>
     <div class="btn dropdown_btn btn_export">
       <span class="export">
         <a href="#"> <%= t("children.export") %> </a>
       </span>
       <div class="dropdown hide">
-        <%= link_to t("child.actions.export_to_photo_wall"), export_photo_to_pdf_child_path(@child, :format => 'pdf'), :class => "password-prompt" %>
-        <%= link_to t("child.actions.export_to_pdf"), child_path(@child, :format => 'pdf'), :class => "password-prompt" %>
-        <%= link_to t("child.actions.export_to_csv"), child_path(@child, :format => 'csv'), :class => "password-prompt" %>
+        <%= link_to t("child.actions.export_to_photo_wall"), export_photo_to_pdf_child_path(@child, :format => 'pdf'), :class => "password-prompt" if can?(:export_photowall, Child) -%>
+        <%= link_to t("child.actions.export_to_pdf"), child_path(@child, :format => 'pdf'), :class => "password-prompt" if can?(:export_pdf, Child) %>
+        <%= link_to t("child.actions.export_to_csv"), child_path(@child, :format => 'csv'), :class => "password-prompt" if can?(:export_csv, Child) %>
       </div>
     </div>
 <% end %>
@@ -76,4 +76,4 @@
     </div>
   <% end %>
 
-<%= link_to content_tag(:span, t("child.change_log") , :class => 'log'), child_history_path(@child), :class=>'btn' %>
+<%= link_to content_tag(:span, t("child.change_log") , :class => 'log'), child_history_path(@child), :class=>'btn' %>
diff --git a/capybara_features/csv_export.feature b/capybara_features/csv_export.feature
@@ -1,7 +1,7 @@
-Feature: 
+Feature:
 
   As a user
-  I want to be able to export data as CSV 
+  I want to be able to export data as CSV
   So that an user has flexibility in how the use the data in the system
 
   Background:
@@ -13,16 +13,16 @@ Feature:
 
   @javascript
   Scenario: Users can export to CSV as the result of a search
-    Given I am logged in as a user with "View And Search Child,Export to Photowall/CSV/PDF" permissions
+    Given I am logged in as a user with "View And Search Child,Export to CSV" permissions
     When I search using a name of "D"
     And I wait until "full_results" is visible
     And I select search result #1
     And I press "Export to CSV"
     Then password prompt should be enabled
 
   Scenario: When there are no search results, there is no csv export link
-    Given I am logged in as a user with "View And Search Child,Export to Photowall/CSV/PDF" permissions
-    When I search using a name of "Z" 
+    Given I am logged in as a user with "View And Search Child,Export to CSV" permissions
+    When I search using a name of "Z"
     Then I should not see "Export to CSV"
 
   @javascript
@@ -51,4 +51,4 @@ Feature:
     And  I am on the children listing page
     When I follow "Export" for child records
     And I follow "Export Some Records to CSV" for child records
-    Then I should be redirected to "Advanced Search" Page
+    Then I should be redirected to "Advanced Search" Page
diff --git a/capybara_features/export_child_photo_wall.feature b/capybara_features/export_child_photo_wall.feature
@@ -4,7 +4,7 @@ Feature:
   I want to see the child record
 
   Background:
-    Given I am logged in as a user with "Edit Child,View And Search Child,Export to Photowall/CSV/PDF" permission
+    Given I am logged in as a user with "Edit Child,View And Search Child,Export to Photowall" permission
     And the following children exist in the system:
       | name | gender |
       | John | Male   |

diff --git a/capybara_features/pdf_export.feature b/capybara_features/pdf_export.feature
@@ -3,7 +3,7 @@ Feature: So that hard copy printout of missing child photos are available
   I want to be able to export selected children to a PDF file
 
   Background:
-    Given I am logged in as a user with "View And Search Child,Export to Photowall/CSV/PDF,Edit Child" permissions
+    Given I am logged in as a user with "View And Search Child,Export to PDF,Export to Photowall,Edit Child" permissions
     And the following children exist in the system:
       | name      | unique_id  | created_by |
       | Will      | will_uid   | user1      |

diff --git a/db/migration/0009_migrate_export_permissions.rb b/db/migration/0009_migrate_export_permissions.rb
@@ -0,0 +1,8 @@
+Role.all.each do |role|
+  if role.has_permission("Export to Photowall/CSV/PDF")
+    role.permissions += [Permission::CHILDREN[:export_photowall], Permission::CHILDREN[:export_csv],
+                         Permission::CHILDREN[:export_pdf]]
+    role.permissions -= ["Export to Photowall/CSV/PDF"]
+    role.save
+  end
+end
diff --git a/public/400.html b/public/400.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+
+<head>
+  <meta http-equiv="content-type" content="text/html; charset=UTF-8" />
+  <title>The page you were looking for doesn't exist (404)</title>
+	<style type="text/css">
+		body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+		div.dialog {
+			width: 25em;
+			padding: 0 4em;
+			margin: 4em auto 0 auto;
+			border: 1px solid #ccc;
+			border-right-color: #999;
+			border-bottom-color: #999;
+		}
+		h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+	</style>
+</head>
+
+<body>
+  <div class="dialog">
+    <h1>Bad Request</h1>
+    <p>The request to this resource was malformed.</p>
+  </div>
+</body>
+</html>
diff --git a/spec/controllers/advanced_search_controller_spec.rb b/spec/controllers/advanced_search_controller_spec.rb
@@ -24,9 +24,8 @@ def stub_out_export_generator child_data = []
 
   describe 'collection' do
     it "GET export_data" do
-      controller.current_ability.should_receive(:can?).with(:export, Child).and_return(false);
       get :export_data
-      response.should render_template("#{Rails.root}/public/403.html")
+      response.should render_template("#{Rails.root}/public/400.html")
     end
   end
 
@@ -61,9 +60,9 @@ def stub_out_export_generator child_data = []
       fake_results = [:fake_child, :fake_child]
       fake_full_results = [:fake_child, :fake_child, :fake_child, :fake_child]
       SearchService.should_receive(:search).with(2, [search]).and_return([fake_results, fake_full_results])
-      
+
       get :index, :page => 2, :criteria_list => {"0" => {"field" => "name_of_child", "value" => "joe joe", "index" => "0"}}, :created_by_value => nil
-      
+
       assigns[:results].should == fake_results
     end
 
@@ -77,7 +76,7 @@ def stub_out_export_generator child_data = []
       SearchService.should_receive(:search).with(1, [search,created_by]).and_return([stub_results, fake_full_results])
 
       get :index, :criteria_list => {"0" => {"field" => "name_of_child", "value" => "joe joe", "index" => "0"}}, :created_by_value => nil
-      
+
       assigns[:results].should == stub_results
     end
 
@@ -214,4 +213,4 @@ def stub_out_export_generator child_data = []
 
 
 
-end
+end
diff --git a/spec/controllers/children_controller_spec.rb b/spec/controllers/children_controller_spec.rb
@@ -566,7 +566,8 @@ def mock_child(stubs={})
     before do
       user = User.new(:user_name => "some-name")
       user.stub!(:time_zone).and_return TZInfo::Timezone.get("US/Samoa")
-      user.stub!(:roles).and_return([Role.new(:permissions => [Permission::CHILDREN[:view_and_search], Permission::CHILDREN[:export]])])
+      user.stub!(:roles).and_return([Role.new(:permissions => [Permission::CHILDREN[:view_and_search],
+                                                               Permission::CHILDREN[:export_photowall]])])
       fake_login user
       Clock.stub!(:now).and_return(Time.utc(2000, 1, 1, 20, 15))
     end

diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb
@@ -91,11 +91,33 @@
     end
 
     describe "export children to photowall" do
-      let(:permissions) { [Permission::CHILDREN[:export]] }
+      let(:permissions) { [Permission::CHILDREN[:export_photowall]] }
 
       it { should_not authorize_any CRUD, ContactInformation, Device, FormSection, Field, Session, SuggestedField, User, Role, SystemUsers, Report }
 
-      it { should authorize :export, Child }
+      it { should authorize :export_photowall, Child }
+      it { should_not authorize :index, Child }
+      it { should_not authorize :read, Child.new }
+      it { should_not authorize :update, Child.new }
+    end
+
+    describe "export children to csv" do
+      let(:permissions) { [Permission::CHILDREN[:export_csv]] }
+
+      it { should_not authorize_any CRUD, ContactInformation, Device, FormSection, Field, Session, SuggestedField, User, Role, SystemUsers, Report }
+
+      it { should authorize :export_csv, Child }
+      it { should_not authorize :index, Child }
+      it { should_not authorize :read, Child.new }
+      it { should_not authorize :update, Child.new }
+    end
+
+    describe "export children to pdf" do
+      let(:permissions) { [Permission::CHILDREN[:export_pdf]] }
+
+      it { should_not authorize_any CRUD, ContactInformation, Device, FormSection, Field, Session, SuggestedField, User, Role, SystemUsers, Report }
+
+      it { should authorize :export_pdf, Child }
       it { should_not authorize :index, Child }
       it { should_not authorize :read, Child.new }
       it { should_not authorize :update, Child.new }