cmc333333 · July 13, 2015 20:42
diff --git a/gistfile1.diff b/gistfile1.diff
 diff --git a/spec/policies/proposal_policy_spec.rb b/spec/policies/proposal_policy_spec.rb
 index 95b31b0..219004d 100644
 --- a/spec/policies/proposal_policy_spec.rb
 +++ b/spec/policies/proposal_policy_spec.rb
 @@ -196,8 +196,7 @@ describe ProposalPolicy do

       it "allows a client admin to see unassociated requests that are inside its client scope" do
         proposal.update_attributes(client_data_type:'AbcCompany::SomethingApprovable')
 -        user = proposal.approvers.first
 -        user.client_slug = "abc_company"
 +        user = FactoryGirl.create(:user, client_slug: "abc_company")
         ENV['CLIENT_ADMIN_EMAILS'] = user.email_address

         proposals = ProposalPolicy::Scope.new(user, Proposal).resolve
 @@ -205,27 +204,21 @@ describe ProposalPolicy do
       end

       it "prevents a client admin from seeing requests outside its client scope" do
 -        proposal.update_attributes(client_data_type:'AbcCompany::SomethingApprovable')
 -        proposal1.approvals.each {|a| a.update_attributes(user_id: 556)}
 -        proposal1.update_attributes(client_data_type:'CdfCompany::SomethingApprovable')
 -
 -        user = proposal.approvers.first
 -        user.client_slug = "abc_company"
 +        proposal.update_attributes(client_data_type:'CdfCompany::SomethingApprovable')
 +        user = FactoryGirl.create(:user, client_slug: "abc_company")
         ENV['CLIENT_ADMIN_EMAILS'] = user.email_address

         proposals = ProposalPolicy::Scope.new(user, Proposal).resolve
 -        expect(proposals).to match_array([proposal])
 +        expect(proposals).to be_empty
       end

       it "prevents a non-admin from seeing unrelated requests" do
 -        proposal1.approvals.each {|a| a.update_attributes(user_id: 556)}
 -        proposal1.update_attributes(client_data_type:'CdfCompany::SomethingApprovable')
 +        proposal.update_attributes(client_data_type:'AbcCompany::SomethingApprovable')
 +        user = FactoryGirl.create(:user, client_slug: "abc_company")
 +        ENV['CLIENT_ADMIN_EMAILS'] = ''

 -        proposal.update_attributes(client_data_type:'AbcCompany::SomethingApprovable', requester_id: 9876)
 -        user = proposal.approvers.first
 -        user.client_slug = "abccompany"
         proposals = ProposalPolicy::Scope.new(user, Proposal).resolve
 -        expect(proposals).to match_array([proposal])
 +        expect(proposals).to be_empty
       end
     end

 @@ -237,12 +230,10 @@ describe ProposalPolicy do
       end

       it "allows an app admin to see requests inside and outside its client scope" do
 -        proposal1.approvals.each {|a| a.update_attributes(user_id: 556)}
         proposal1.update_attributes(client_data_type:'CdfCompany::SomethingApprovable')
         proposal.update_attributes(client_data_type:'AbcCompany::SomethingApprovable')

 -        user = proposal.approvers.first
 -        user.client_slug = "abccompany"
 +        user = FactoryGirl.create(:user, client_slug: 'abc_company')
         ENV['ADMIN_EMAILS'] = user.email_address

         proposals = ProposalPolicy::Scope.new(user, Proposal).resolve
	diff --git a/spec/policies/proposal_policy_spec.rb b/spec/policies/proposal_policy_spec.rb
	index 95b31b0..219004d 100644
	--- a/spec/policies/proposal_policy_spec.rb
	+++ b/spec/policies/proposal_policy_spec.rb
	@@ -196,8 +196,7 @@ describe ProposalPolicy do

	it "allows a client admin to see unassociated requests that are inside its client scope" do
	proposal.update_attributes(client_data_type:'AbcCompany::SomethingApprovable')
	- user = proposal.approvers.first
	- user.client_slug = "abc_company"
	+ user = FactoryGirl.create(:user, client_slug: "abc_company")
	ENV['CLIENT_ADMIN_EMAILS'] = user.email_address

	proposals = ProposalPolicy::Scope.new(user, Proposal).resolve
	@@ -205,27 +204,21 @@ describe ProposalPolicy do
	end

	it "prevents a client admin from seeing requests outside its client scope" do
	- proposal.update_attributes(client_data_type:'AbcCompany::SomethingApprovable')
	- proposal1.approvals.each {\|a\| a.update_attributes(user_id: 556)}
	- proposal1.update_attributes(client_data_type:'CdfCompany::SomethingApprovable')
	-
	- user = proposal.approvers.first
	- user.client_slug = "abc_company"
	+ proposal.update_attributes(client_data_type:'CdfCompany::SomethingApprovable')
	+ user = FactoryGirl.create(:user, client_slug: "abc_company")
	ENV['CLIENT_ADMIN_EMAILS'] = user.email_address

	proposals = ProposalPolicy::Scope.new(user, Proposal).resolve
	- expect(proposals).to match_array([proposal])
	+ expect(proposals).to be_empty
	end

	it "prevents a non-admin from seeing unrelated requests" do
	- proposal1.approvals.each {\|a\| a.update_attributes(user_id: 556)}
	- proposal1.update_attributes(client_data_type:'CdfCompany::SomethingApprovable')
	+ proposal.update_attributes(client_data_type:'AbcCompany::SomethingApprovable')
	+ user = FactoryGirl.create(:user, client_slug: "abc_company")
	+ ENV['CLIENT_ADMIN_EMAILS'] = ''

	- proposal.update_attributes(client_data_type:'AbcCompany::SomethingApprovable', requester_id: 9876)
	- user = proposal.approvers.first
	- user.client_slug = "abccompany"
	proposals = ProposalPolicy::Scope.new(user, Proposal).resolve
	- expect(proposals).to match_array([proposal])
	+ expect(proposals).to be_empty
	end
	end

	@@ -237,12 +230,10 @@ describe ProposalPolicy do
	end

	it "allows an app admin to see requests inside and outside its client scope" do
	- proposal1.approvals.each {\|a\| a.update_attributes(user_id: 556)}
	proposal1.update_attributes(client_data_type:'CdfCompany::SomethingApprovable')
	proposal.update_attributes(client_data_type:'AbcCompany::SomethingApprovable')

	- user = proposal.approvers.first
	- user.client_slug = "abccompany"
	+ user = FactoryGirl.create(:user, client_slug: 'abc_company')
	ENV['ADMIN_EMAILS'] = user.email_address

	proposals = ProposalPolicy::Scope.new(user, Proposal).resolve