Event leaders have same permissions as course managers

Fixes #82
hitobito · Feb 8, 2023 · dfa3930 · dfa3930
1 parent 4631cbe
commit dfa3930
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 2 deletions.
diff --git a/app/abilities/cevi/event_ability.rb b/app/abilities/cevi/event_ability.rb
@@ -14,12 +14,22 @@ module Cevi::EventAbility
         may(:index_participations).
         in_same_layer_or_below_if_ausbildungsmitglied
     end
+
+    on(Event) do
+      permission(:any).may(:application_market).if_manage_attendances_in_event
+      permission(:any).may(:index_invitations).if_manage_attendances_in_event
+      permission(:any).may(:list_tentatives).if_manage_attendances_in_event
+    end
   end
 
   def in_same_layer_or_below_if_ausbildungsmitglied
     contains_any?(ausbildungs_layer_ids, event_hierarchy_ids)
   end
 
+  def if_manage_attendances_in_event
+    permission_in_event?(:manage_attendances)
+  end
+
   private
 
   def ausbildungs_layer_ids

diff --git a/lib/hitobito_cevi/wagon.rb b/lib/hitobito_cevi/wagon.rb
@@ -30,6 +30,7 @@ class Wagon < Rails::Engine
       Event::Kind.include Cevi::Event::Kind
       Event::Course.include Cevi::Event::Course
       Event::Role::AssistantLeader.permissions = [:participations_read]
+      Event::Role::Leader.permissions << :manage_attendances
 
       # :financials may edit all people in a Group::Spender group.
       # :unconfined_below may edit below people even when they have visible_from_above = false.

diff --git a/spec/abilities/event_ability_spec.rb b/spec/abilities/event_ability_spec.rb
@@ -37,10 +37,81 @@
 
   context 'AktiverKursleiter' do
     let(:role) { Fabricate(Group::MitgliederorganisationGremium::AktiverKursleiter.name.to_sym, group: groups(:zhshgl_beirat)) }
+    let(:person) { role.person }
+    let(:event) { events(:top_course) }
 
-    it 'may not index participants in same layer course' do
-      expect(ability).not_to be_able_to(:index_participations, events(:top_course))
+    context 'index participants' do
+      it 'is not allowed in same layer course' do
+        expect(ability).not_to be_able_to(:index_participations, event)
+      end
+
+      it 'is allowed in led course' do
+        participation = Event::Participation.create(event: event, active: true, person: person)
+        Event::Role::Leader.create(participation: participation)
+        expect(ability).to be_able_to(:index_participations, event)
+      end
+
+      it 'is allowed in assisted course' do
+        participation = Event::Participation.create(event: event, active: true, person: person)
+        Event::Role::AssistantLeader.create(participation: participation)
+        expect(ability).to be_able_to(:index_participations, event)
+      end
+    end
+
+    context 'application_market' do
+      it 'is not allowed in same layer course' do
+        expect(ability).not_to be_able_to(:application_market, event)
+      end
+
+      it 'is allowed in led course' do
+        participation = Event::Participation.create(event: event, active: true, person: person)
+        Event::Role::Leader.create(participation: participation)
+        expect(ability).to be_able_to(:application_market, event)
+      end
+
+      it 'is not allowed in assisted course' do
+        participation = Event::Participation.create(event: event, active: true, person: person)
+        Event::Role::AssistantLeader.create(participation: participation)
+        expect(ability).not_to be_able_to(:application_market, event)
+      end
     end
+
+    context 'index_invitations' do
+      it 'is not allowed in same layer course' do
+        expect(ability).not_to be_able_to(:index_invitations, event)
+      end
+
+      it 'is allowed in led course' do
+        participation = Event::Participation.create(event: event, active: true, person: person)
+        Event::Role::Leader.create(participation: participation)
+        expect(ability).to be_able_to(:index_invitations, event)
+      end
+
+      it 'is not allowed in assisted course' do
+        participation = Event::Participation.create(event: event, active: true, person: person)
+        Event::Role::AssistantLeader.create(participation: participation)
+        expect(ability).not_to be_able_to(:index_invitations, event)
+      end
+    end
+
+    context 'list_tentatives' do
+      it 'is not allowed in same layer course' do
+        expect(ability).not_to be_able_to(:list_tentatives, event)
+      end
+
+      it 'is allowed in led course' do
+        participation = Event::Participation.create(event: event, active: true, person: person)
+        Event::Role::Leader.create(participation: participation)
+        expect(ability).to be_able_to(:list_tentatives, event)
+      end
+
+      it 'is not allowed in assisted course' do
+        participation = Event::Participation.create(event: event, active: true, person: person)
+        Event::Role::AssistantLeader.create(participation: participation)
+        expect(ability).not_to be_able_to(:list_tentatives, event)
+      end
+    end
+
   end
 
 end