diff --git a/app/controllers/decidim/action_delegator/admin/delegations_controller.rb b/app/controllers/decidim/action_delegator/admin/delegations_controller.rb index 04cd4184..e2902b83 100644 --- a/app/controllers/decidim/action_delegator/admin/delegations_controller.rb +++ b/app/controllers/decidim/action_delegator/admin/delegations_controller.rb @@ -25,7 +25,7 @@ def new def create enforce_permission_to :create, :delegation - @form = DelegationForm.from_params(params) + @form = form(DelegationForm).from_params(params) CreateDelegation.call(@form, current_user, current_setting) do on(:ok) do diff --git a/app/forms/decidim/action_delegator/admin/delegation_form.rb b/app/forms/decidim/action_delegator/admin/delegation_form.rb index 281a61bf..00488c01 100644 --- a/app/forms/decidim/action_delegator/admin/delegation_form.rb +++ b/app/forms/decidim/action_delegator/admin/delegation_form.rb @@ -18,15 +18,19 @@ class DelegationForm < Form validate :grantee_exists def granter - User.find_by(id: granter_id) || User.find_by(email: granter_email) + User.find_by(id: granter_id, organization: current_organization) || User.find_by(email: granter_email, organization: current_organization) end def grantee - User.find_by(id: grantee_id) || User.find_by(email: grantee_email) + User.find_by(id: grantee_id, organization: current_organization) || User.find_by(email: grantee_email, organization: current_organization) end private + def current_organization + context&.current_organization + end + def granter_exists return if granter.present? diff --git a/spec/commands/decidim/action_delegator/admin/create_delegation_spec.rb b/spec/commands/decidim/action_delegator/admin/create_delegation_spec.rb index fcd73554..c6f060c9 100644 --- a/spec/commands/decidim/action_delegator/admin/create_delegation_spec.rb +++ b/spec/commands/decidim/action_delegator/admin/create_delegation_spec.rb @@ -69,4 +69,12 @@ expect { subject.call }.to broadcast(:error) end end + + context "when granter is not in the same organization" do + let(:granter) { create(:user) } + + it "broadcasts :error" do + expect { subject.call }.to broadcast(:error) + end + end end diff --git a/spec/forms/decidim/action_delegator/admin/delegation_form_spec.rb b/spec/forms/decidim/action_delegator/admin/delegation_form_spec.rb index 0a18a52e..d2b92f0a 100644 --- a/spec/forms/decidim/action_delegator/admin/delegation_form_spec.rb +++ b/spec/forms/decidim/action_delegator/admin/delegation_form_spec.rb @@ -3,7 +3,7 @@ require "spec_helper" describe Decidim::ActionDelegator::Admin::DelegationForm do - subject { described_class.from_params(attributes) } + subject { described_class.from_params(attributes).with_context(current_organization: organization) } let(:organization) { create(:organization) } let(:granter) { create(:user, organization: organization) } @@ -23,6 +23,18 @@ context "when there's granter and grantee" do it { is_expected.to be_valid } + + context "when granter belongs to another organization" do + let(:granter) { create(:user) } + + it { is_expected.not_to be_valid } + end + + context "when grantee belongs to another organization" do + let(:grantee) { create(:user) } + + it { is_expected.not_to be_valid } + end end context "when granter is missing" do diff --git a/spec/models/decidim/action_delegator/delegation_spec.rb b/spec/models/decidim/action_delegator/delegation_spec.rb index 97cd6fd6..3aebb8ba 100644 --- a/spec/models/decidim/action_delegator/delegation_spec.rb +++ b/spec/models/decidim/action_delegator/delegation_spec.rb @@ -11,6 +11,15 @@ module ActionDelegator it { is_expected.to be_valid } it { is_expected.not_to be_grantee_voted } + context "when grantee is the same as the granter" do + let(:setting) { create(:setting) } + let(:grantee) { create(:user, organization: setting.organization) } + + subject { build(:delegation, setting: setting, grantee: grantee, granter: grantee) } + + it { is_expected.not_to be_valid } + end + context "when users from different organizations" do let(:grantee) { create(:user) }