Allow project originators to delete comments on their projects

Author: GSveinsson

app/controllers/comments_controller.rb

@@ -38,7 +38,7 @@ def destroy
     @comment.destroy
 
     respond_to do |format|
-      format.html { redirect_to comments_path, notice: 'Comment was successfully deleted.' }
+      format.html { redirect_back fallback_location: root_path, notice: 'Comment was successfully deleted.' }
     end
   end
 

app/models/ability.rb

@@ -35,6 +35,9 @@ def initialize(user)
       can :read, Update, author_id: user.id
       can :manage, Project, originator_id: user.id
       can %i[create update], Comment, commenter_id: user.id
+      can :destroy, Comment do |comment|
+        comment.project.originator_id == user.id
+      end
       can %i[update add_keyword delete_keyword advance recess add_episode delete_episode],
           Project do |project|
         project.users.include? user

app/views/comments/_comment.html.haml

@@ -14,6 +14,9 @@
         |
         %a{ 'href' => 'javascript:void(0)', 'data-target' => "#editComment#{dom_id(comment)}", 'data-toggle' => 'modal', type: 'button' }
           Edit
+      - if can? :destroy, comment
+        |
+        = link_to 'Delete', comment_path(comment), method: :delete, data: { confirm: 'Are you sure you want to delete this comment?' }
     %p
       :markdown
         #{ enrich_markdown(markdown: comment.text) }

spec/features/comment_spec.rb

@@ -75,4 +75,34 @@
       expect(page).to have_text comment_text
     end
   end
+
+  scenario 'project originator can delete comments on their project', :js do
+    other_user = create(:user)
+    comment = create(:comment, commenter: other_user, commentable: project)
+
+    visit project_path(nil, project)
+
+    within("li#comment_#{comment.id}") do
+      click_on 'Delete'
+    end
+
+    page.driver.browser.switch_to.alert.accept
+
+    expect(current_path).to eq(project_path(nil, project))
+    expect(page).to have_text 'Comment was successfully deleted'
+    expect(page).not_to have_css("li#comment_#{comment.id}")
+    expect(Comment.exists?(comment.id)).to be false
+  end
+
+  scenario 'non-originator cannot delete comments on others projects', :js do
+    other_user = create(:user)
+    other_project = create(:idea, originator: other_user)
+    comment = create(:comment, commenter: other_user, commentable: other_project)
+
+    visit project_path(nil, other_project)
+
+    within("li#comment_#{comment.id}") do
+      expect(page).not_to have_link 'Delete'
+    end
+  end
 end

spec/models/ability_spec.rb

@@ -39,6 +39,19 @@
     it { is_expected.not_to be_able_to(:update, foreign_comment) }
     it { is_expected.not_to be_able_to(:destroy, foreign_comment) }
 
+    context 'comment deletion by project originator' do
+      let(:comment_on_own_project) { create(:comment, commenter: other_user, commentable: own_project) }
+      let(:comment_on_foreign_project) { create(:comment, commenter: other_user, commentable: foreign_project) }
+
+      it 'can delete comments on their own project' do
+        expect(ability).to be_able_to(:destroy, comment_on_own_project)
+      end
+
+      it 'cannot delete comments on others projects' do
+        expect(ability).not_to be_able_to(:destroy, comment_on_foreign_project)
+      end
+    end
+
     %i[edit update add_keyword delete_keyword advance recess add_episode delete_episode].each do |action|
       it { is_expected.to be_able_to(action, collaborated_project) }
     end