Merge pull request #113 from TreinaDev/autorizacao-de-rotas

Protege rotas de seleção de condomínios
TreinaDev · Jul 19, 2024 · 17d6e52 · 17d6e52
2 parents 73d8f8b + 02981c9
commit 17d6e52
Show file tree

Hide file tree

Showing 11 changed files with 350 additions and 21 deletions.
diff --git a/app/controllers/admins_controller.rb b/app/controllers/admins_controller.rb
@@ -1,5 +1,6 @@
 class AdminsController < ApplicationController
   before_action :authenticate_admin!
+  before_action :check_super_admin, only: [:condos_selection, :condos_selection_post]
 
   def index
     @admins = Admin.where.not(id: current_admin.id) if current_admin
@@ -22,4 +23,10 @@ def condos_selection_post
     end
     redirect_to root_path, notice: I18n.t('errors.messages.condo_acess_updated')
   end
+
+  private
+
+  def check_super_admin
+    redirect_to root_path, alert: I18n.t('errors.messages.must_be_super_admin') unless current_admin.super_admin
+  end
 end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -3,8 +3,8 @@ class ApplicationController < ActionController::Base
 
   def admin_authorized?
     if admin_signed_in?
-      current_admin_associated = current_admin.associated_condos.map(&:condo_id).include?(params[:id].to_i)
-      return true if current_admin.super_admin? || current_admin_associated
+      current_admin_associated = current_admin.associated_condos.map(&:condo_id).include?(params[:condo_id].to_i)
+      return true if current_admin&.super_admin? || current_admin_associated
     end
 
     redirect_to root_path, notice: I18n.t('errors.messages.must_be_super_admin')

diff --git a/app/controllers/common_area_fees_controller.rb b/app/controllers/common_area_fees_controller.rb
@@ -1,5 +1,6 @@
 class CommonAreaFeesController < ApplicationController
   before_action :authenticate_admin!
+  before_action :admin_authorized?, only: [:new, :create]
   before_action :set_common_area, only: [:new, :create]
 
   def new

diff --git a/app/controllers/common_areas_controller.rb b/app/controllers/common_areas_controller.rb
@@ -1,5 +1,6 @@
 class CommonAreasController < ApplicationController
   before_action :authenticate_admin!
+  before_action :admin_authorized?, only: [:index, :show]
   before_action :find_condo, only: [:index, :show]
   before_action :find_common_area, only: [:show]
 

diff --git a/config/routes.rb b/config/routes.rb
@@ -1,18 +1,18 @@
 Rails.application.routes.draw do
   devise_for :property_owners, controllers: { registrations: "property_owners/registrations", sessions: "property_owners/sessions" }
   devise_for :admins, controllers: { registrations: "admins/registrations", sessions: "admins/sessions" }
-  resources :admins do
-    get 'condos_selection', on: :member
-    post 'condos_selection_post', on: :member
-  end
 
   root to: "home#index"
   get 'search', to: 'home#search'
   get 'choose_profile', to: 'home#choose_profile'
-
   get 'find_tenant', to: 'home#find_tenant'
   get 'tenant_bill', to: 'home#tenant_bill'
 
+  resources :admins do
+    get 'condos_selection', on: :member
+    post 'condos_selection_post', on: :member
+  end
+
   resources :condos, only: [:index, :show] do
     resources :common_areas, only: [:index, :show] do
       resources :common_area_fees, only: [:new, :create]

diff --git a/spec/requests/admins/user_manages_associated_condos_spec.rb b/spec/requests/admins/user_manages_associated_condos_spec.rb
@@ -0,0 +1,55 @@
+require 'rails_helper'
+
+describe 'Admin gerencia associações de condomínios' do
+  context 'GET admins/:id/condos_selection' do
+    it 'sucesso' do
+      admin = create(:admin, email: 'admin@email.com', password: '123456', super_admin: true)
+      condo = Condo.new(id: 1, name: 'Condo Test', city: 'City Test')
+      allow(Condo).to receive(:all).and_return([condo])
+
+      login_as admin, scope: :admin
+      get condos_selection_admin_path(admin)
+
+      expect(response.body).to include('Condo Test')
+    end
+
+    it 'e falha por nao ter autorizacao' do
+      admin = create(:admin, email: 'admin@email.com', password: '123456', super_admin: false)
+      condo = Condo.new(id: 1, name: 'Condo Test', city: 'City Test')
+      allow(Condo).to receive(:all).and_return([condo])
+
+      login_as admin, scope: :admin
+      get condos_selection_admin_path(admin)
+
+      expect(response).to redirect_to root_path
+      expect(flash[:alert]).to eq I18n.t('errors.messages.must_be_super_admin')
+    end
+  end
+
+  context 'POST admins/:id/condos_selection_post' do
+    it 'sucesso' do
+      admin1 = create(:admin, email: 'admin@email.com', password: '123456', super_admin: true)
+      admin2 = create(:admin, email: 'bcdef@email.com', password: '654321', super_admin: false)
+
+      login_as admin1, scope: :admin
+      post condos_selection_post_admin_path(admin2), params: { condo_ids: [1, 2, 3] }
+
+      expect(response).to redirect_to root_path
+      expect(flash[:notice]).to eq I18n.t('errors.messages.condo_acess_updated')
+      expect(admin2.associated_condos.first.condo_id).to eq 1
+      expect(admin2.associated_condos.second.condo_id).to eq 2
+      expect(admin2.associated_condos.last.condo_id).to eq 3
+    end
+
+    it 'e falha por nao ter autorizacao' do
+      admin2 = create(:admin, email: 'bcdef@email.com', password: '654321', super_admin: false)
+
+      login_as admin2, scope: :admin
+      post condos_selection_post_admin_path(admin2), params: { condo_ids: [1, 2, 3] }
+
+      expect(response).to redirect_to root_path
+      expect(flash[:alert]).to eq I18n.t('errors.messages.must_be_super_admin')
+      expect(admin2.associated_condos.count).to eq 0
+    end
+  end
+end
diff --git a/spec/requests/common_area/admin_access_common_area_details_spec.rb b/spec/requests/common_area/admin_access_common_area_details_spec.rb
@@ -0,0 +1,56 @@
+require 'rails_helper'
+
+describe 'Admin acessa detalhes de uma area comum' do
+  it 'sucesso - pois esta associado ao condo' do
+    admin = create(:admin, super_admin: false)
+    condo = Condo.new(id: 1, name: 'Condo Test', city: 'City Test')
+    common_area = CommonArea.new(id: 1, name: 'Academia',
+                                 description: 'Uma academia raíz com ventilador apenas para os marombas',
+                                 max_occupancy: 20, rules: 'Não pode ser frango')
+    allow(Condo).to receive(:find).and_return(condo)
+    allow(CommonArea).to receive(:find).and_return(common_area)
+    AssociatedCondo.create!(admin:, condo_id: 1)
+
+    login_as admin, scope: :admin
+    get condo_common_area_path(condo.id, common_area.id)
+
+    expect(response).to have_http_status :ok
+    expect(response.body).to include 'Academia'
+    expect(response.body).to include 'Uma academia raíz com ventilador apenas para os marombas'
+  end
+
+  it 'sucesso - super admin' do
+    admin = create(:admin, super_admin: true)
+    condo = Condo.new(id: 1, name: 'Condo Test', city: 'City Test')
+    common_area = CommonArea.new(id: 1, name: 'Academia',
+                                 description: 'Uma academia raíz com ventilador apenas para os marombas',
+                                 max_occupancy: 20, rules: 'Não pode ser frango')
+    allow(Condo).to receive(:find).and_return(condo)
+    allow(CommonArea).to receive(:find).and_return(common_area)
+
+    login_as admin, scope: :admin
+    get condo_common_area_path(condo.id, common_area.id)
+
+    expect(response).to have_http_status :ok
+    expect(response.body).to include 'Academia'
+    expect(response.body).to include 'Uma academia raíz com ventilador apenas para os marombas'
+  end
+
+  it 'falha por nao estar associado' do
+    admin = create(:admin, super_admin: false)
+    condo = Condo.new(id: 1, name: 'Condo Test', city: 'City Test')
+    common_area = CommonArea.new(id: 1, name: 'Academia',
+                                 description: 'Uma academia raíz com ventilador apenas para os marombas',
+                                 max_occupancy: 20, rules: 'Não pode ser frango')
+    allow(Condo).to receive(:find).and_return(condo)
+    allow(CommonArea).to receive(:find).and_return(common_area)
+    AssociatedCondo.create!(admin:, condo_id: 2)
+
+    login_as admin, scope: :admin
+    get condo_common_areas_path(condo.id, common_area.id)
+
+    expect(response).to have_http_status :found
+    expect(response).to redirect_to root_path
+    expect(flash[:notice]).to eq I18n.t('errors.messages.must_be_super_admin')
+  end
+end
diff --git a/spec/requests/common_area/admin_access_common_area_list_spec.rb b/spec/requests/common_area/admin_access_common_area_list_spec.rb
@@ -0,0 +1,80 @@
+require 'rails_helper'
+
+describe 'Admin acessa a listagem de areas comuns' do
+  it 'sucesso - pois esta associado ao condo' do
+    admin = create(:admin, super_admin: false)
+    condo = Condo.new(id: 1, name: 'Condo Test', city: 'City Test')
+    common_areas = []
+    common_areas << CommonArea.new(id: 1, name: 'Academia',
+                                   description: 'Uma academia raíz com ventilador apenas para os marombas',
+                                   max_occupancy: 20, rules: 'Não pode ser frango')
+    common_areas << CommonArea.new(id: 2, name: 'Churrasqueira',
+                                   description: 'Churrasqueira para os churrasqueiros de plantão',
+                                   max_occupancy: 20, rules: 'Não pode comer frango')
+    common_areas << CommonArea.new(id: 3, name: 'Sala de cinema',
+                                   description: 'Cinema para os cinéfilos de plantão',
+                                   max_occupancy: 20, rules: 'Não pode ver filme de frango')
+    common_areas << CommonArea.new(id: 4, name: 'Cozinha compartilhada',
+                                   description: 'Cozinha para os chefs de plantão',
+                                   max_occupancy: 20, rules: 'Não pode cozinhar frango')
+    common_areas << CommonArea.new(id: 5, name: 'Ping Pong',
+                                   description: 'Mesa de ping pong para os ping pongueiros de plantão',
+                                   max_occupancy: 20, rules: 'Não pode jogar ping pong de frango')
+    allow(Condo).to receive(:find).and_return(condo)
+    allow(CommonArea).to receive(:all).and_return(common_areas)
+    AssociatedCondo.create!(admin:, condo_id: 1)
+
+    login_as admin, scope: :admin
+    get condo_common_areas_path(condo.id)
+
+    expect(response).to have_http_status :ok
+    expect(response.body).to include 'Ping Pong'
+    expect(response.body).to include 'Mesa de ping pong para os ping pongueiros de plantão'
+  end
+
+  it 'sucesso - super admin' do
+    admin = create(:admin, super_admin: true)
+    condo = Condo.new(id: 1, name: 'Condo Test', city: 'City Test')
+    common_areas = []
+    common_areas << CommonArea.new(id: 1, name: 'Academia',
+                                   description: 'Uma academia raíz com ventilador apenas para os marombas',
+                                   max_occupancy: 20, rules: 'Não pode ser frango')
+    common_areas << CommonArea.new(id: 2, name: 'Churrasqueira',
+                                   description: 'Churrasqueira para os churrasqueiros de plantão',
+                                   max_occupancy: 20, rules: 'Não pode comer frango')
+    common_areas << CommonArea.new(id: 3, name: 'Sala de cinema',
+                                   description: 'Cinema para os cinéfilos de plantão',
+                                   max_occupancy: 20, rules: 'Não pode ver filme de frango')
+    common_areas << CommonArea.new(id: 4, name: 'Cozinha compartilhada',
+                                   description: 'Cozinha para os chefs de plantão',
+                                   max_occupancy: 20, rules: 'Não pode cozinhar frango')
+    common_areas << CommonArea.new(id: 5, name: 'Ping Pong',
+                                   description: 'Mesa de ping pong para os ping pongueiros de plantão',
+                                   max_occupancy: 20, rules: 'Não pode jogar ping pong de frango')
+    allow(Condo).to receive(:find).and_return(condo)
+    allow(CommonArea).to receive(:all).and_return(common_areas)
+
+    login_as admin, scope: :admin
+    get condo_common_areas_path(condo.id)
+
+    expect(response).to have_http_status :ok
+    expect(response.body).to include 'Ping Pong'
+    expect(response.body).to include 'Mesa de ping pong para os ping pongueiros de plantão'
+  end
+
+  it 'falha por nao estar associado' do
+    admin = create(:admin, super_admin: false)
+    condo = Condo.new(id: 1, name: 'Condo Test', city: 'City Test')
+    common_areas = []
+    allow(Condo).to receive(:find).and_return(condo)
+    allow(CommonArea).to receive(:all).and_return(common_areas)
+    AssociatedCondo.create!(admin:, condo_id: 2)
+
+    login_as admin, scope: :admin
+    get condo_common_areas_path(condo.id)
+
+    expect(response).to have_http_status :found
+    expect(response).to redirect_to root_path
+    expect(flash[:notice]).to eq I18n.t('errors.messages.must_be_super_admin')
+  end
+end
diff --git a/spec/requests/common_area_fee/admin_access_new_common_area_fee_spec.rb b/spec/requests/common_area_fee/admin_access_new_common_area_fee_spec.rb
@@ -0,0 +1,63 @@
+require 'rails_helper'
+
+describe 'Administrador acessa formulário de Taxa de área comum' do
+  it 'sucesso - super admin' do
+    admin = create(:admin, email: 'admin@email.com', password: '123456', super_admin: true)
+    condo = Condo.new(id: 1, name: 'Condomínio Vila das Flores', city: 'São Paulo')
+    allow(Condo).to receive(:find).and_return(condo)
+
+    common_area = CommonArea.new(id: 1, name: 'Academia',
+                                 description: 'Uma academia raíz com ventilador apenas para os marombas',
+                                 max_occupancy: 20, rules: 'Não pode ser frango')
+    allow(CommonArea).to receive(:find).and_return(common_area)
+
+    login_as admin, scope: :admin
+    get new_condo_common_area_common_area_fee_path(condo.id, common_area.id)
+
+    expect(response).to have_http_status :ok
+    expect(response.body).to include 'Áreas Comuns'
+    expect(response.body).to include 'Academia'
+    expect(response.body).to include 'Taxa'
+  end
+
+  it 'sucesso - admin coom acesso' do
+    admin = create(:admin, email: 'admin@email.com', password: '123456', super_admin: false)
+    condo = Condo.new(id: 1, name: 'Condomínio Vila das Flores', city: 'São Paulo')
+    allow(Condo).to receive(:find).and_return(condo)
+
+    common_area = CommonArea.new(id: 1, name: 'Academia',
+                                 description: 'Uma academia raíz com ventilador apenas para os marombas',
+                                 max_occupancy: 20, rules: 'Não pode ser frango')
+    allow(CommonArea).to receive(:find).and_return(common_area)
+    AssociatedCondo.create(admin:, condo_id: condo.id)
+
+    login_as admin, scope: :admin
+    get new_condo_common_area_common_area_fee_path(condo.id, common_area.id)
+
+    expect(response).to have_http_status :ok
+    expect(response.body).to include 'Áreas Comuns'
+    expect(response.body).to include 'Academia'
+    expect(response.body).to include 'Taxa'
+  end
+
+  it 'falha pois nao esta associad' do
+    admin = create(:admin, email: 'admin@email.com', password: '123456', super_admin: false)
+    condo = Condo.new(id: 1, name: 'Condomínio Vila das Flores', city: 'São Paulo')
+    allow(Condo).to receive(:find).and_return(condo)
+
+    common_area = CommonArea.new(id: 1, name: 'Academia',
+                                 description: 'Uma academia raíz com ventilador apenas para os marombas',
+                                 max_occupancy: 20, rules: 'Não pode ser frango')
+    allow(CommonArea).to receive(:find).and_return(common_area)
+
+    login_as admin, scope: :admin
+    get new_condo_common_area_common_area_fee_path(condo.id, common_area.id)
+
+    expect(response).to have_http_status :found
+    expect(response).to redirect_to root_path
+    expect(flash[:notice]).to eq I18n.t('errors.messages.must_be_super_admin')
+    expect(response.body).not_to include 'Áreas Comuns'
+    expect(response.body).not_to include 'Academia'
+    expect(response.body).not_to include 'Taxa'
+  end
+end