diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb index 38d6c8d73e..8e87c63cfd 100644 --- a/app/controllers/invites_controller.rb +++ b/app/controllers/invites_controller.rb @@ -8,9 +8,9 @@ class InvitesController < ApplicationController before_action :authenticate_user! def index - authorize :invite, :create? + authorize :invite, :index? - @invites = Invite.where(user: current_user) + @invites = invites @invite = Invite.new(expires_in: 1.day.to_i) end @@ -23,13 +23,13 @@ class InvitesController < ApplicationController if @invite.save redirect_to invites_path else - @invites = Invite.where(user: current_user) + @invites = invites render :index end end def destroy - @invite = Invite.where(user: current_user).find(params[:id]) + @invite = invites.find(params[:id]) authorize @invite, :destroy? @invite.expire! redirect_to invites_path @@ -37,6 +37,10 @@ class InvitesController < ApplicationController private + def invites + Invite.where(user: current_user) + end + def resource_params params.require(:invite).permit(:max_uses, :expires_in) end diff --git a/spec/controllers/invites_controller_spec.rb b/spec/controllers/invites_controller_spec.rb new file mode 100644 index 0000000000..c5c6cb651a --- /dev/null +++ b/spec/controllers/invites_controller_spec.rb @@ -0,0 +1,67 @@ +require 'rails_helper' + +describe InvitesController do + render_views + + before do + sign_in user + end + + describe 'GET #index' do + subject { get :index } + + let!(:invite) { Fabricate(:invite, user: user) } + + context 'when user is a staff' do + let(:user) { Fabricate(:user, moderator: true, admin: false) } + + it 'renders index page' do + expect(subject).to render_template :index + expect(assigns(:invites)).to include invite + expect(assigns(:invites).count).to eq 1 + end + end + + context 'when user is not a staff' do + let(:user) { Fabricate(:user, moderator: false, admin: false) } + + it 'returns 403' do + expect(subject).to have_http_status 403 + end + end + end + + describe 'POST #create' do + subject { post :create, params: { invite: { max_uses: '10', expires_in: 1800 } } } + + context 'when user is an admin' do + let(:user) { Fabricate(:user, moderator: false, admin: true) } + + it 'succeeds to create a invite' do + expect{ subject }.to change { Invite.count }.by(1) + expect(subject).to redirect_to invites_path + expect(Invite.last).to have_attributes(user_id: user.id, max_uses: 10) + end + end + + context 'when user is not an admin' do + let(:user) { Fabricate(:user, moderator: true, admin: false) } + + it 'returns 403' do + expect(subject).to have_http_status 403 + end + end + end + + describe 'DELETE #create' do + subject { delete :destroy, params: { id: invite.id } } + + let!(:invite) { Fabricate(:invite, user: user, expires_at: nil) } + let(:user) { Fabricate(:user, moderator: false, admin: true) } + + it 'expires invite' do + expect(subject).to redirect_to invites_path + expect(invite.reload).to be_expired + end + end +end