coopdevs · markets · Dec 6, 2022 · Dec 6, 2022 · Dec 6, 2022 · Dec 6, 2022
diff --git a/app/assets/stylesheets/application.scss b/app/assets/stylesheets/application.scss
@@ -669,3 +669,16 @@ label[required]::after{
   display: inline;
   margin: 0 !important;
 }
+
+.input__password-eye {
+  display: flex;
+  align-items: center;
+  justify-content: right;
+
+  .show-password {
+    position: absolute;
+    display: flex;
+    margin-right: 12px;
+    cursor: pointer;
+  }
+}
diff --git a/app/controllers/petitions_controller.rb b/app/controllers/petitions_controller.rb
@@ -16,7 +16,7 @@ def update
     status = params[:status]
 
     if petition.update(status: status)
-      User.find(params[:user_id]).add_to_organization(current_organization) if status == 'accepted'
+      petition.user.add_to_organization(petition.organization) if status == 'accepted'
       flash[:notice] = "Application #{status}"
     else
       flash[:error] = 'Something went wrong'

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -33,15 +33,17 @@ def edit
   def create
     authorize User
 
+    from_signup = params[:from_signup].present?
     email = user_params[:email]
     @user = User.find_or_initialize_by(email: email) do |u|
       u.attributes = user_params
     end
     empty_email = @user.email.empty?
+    @user.from_signup = from_signup
     @user.setup_and_save_user
 
     if @user.persisted?
-      unless request.referer.include?(signup_users_path)
+      unless from_signup
         @user.tune_after_persisted(current_organization)
         @user.add_tags(current_organization, params[:tag_list] || [])
       end
@@ -50,7 +52,7 @@ def create
     else
       @user.email = "" if empty_email
 
-      render action: "new"
+      render action: from_signup ? 'signup' : 'new'
     end
   end
 
@@ -108,7 +110,7 @@ def user_params
     fields_to_permit += %w"admin registration_number
                            registration_date" if admin?
     fields_to_permit += %w"organization_id superadmin" if superadmin?
-    fields_to_permit += %w"password" if request.referer.include?(signup_users_path)
+    fields_to_permit += %w"password" if params[:from_signup].present?
 
     params.require(:user).permit *fields_to_permit
   end
@@ -122,7 +124,7 @@ def find_user
   end
 
   def redirect_to_after_create
-    if request.referer.include?(signup_users_path)
+    if params[:from_signup].present?
       sign_in(@user)
       redirect_to terms_path
     else

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -17,6 +17,7 @@ class User < ApplicationRecord
   )
 
   attr_accessor :empty_email
+  attr_accessor :from_signup
 
   has_one_attached :avatar
   has_many :members, dependent: :destroy
@@ -38,6 +39,7 @@ class User < ApplicationRecord
 
   validates :username, presence: true
   validates :email, presence: true, uniqueness: true
+  validates :password, presence: true, if: :from_signup?
   # Allows @domain.com for dummy emails but does not allow pure invalid
   # emails like 'without email'
   validates_format_of :email,
@@ -99,7 +101,7 @@ def setup_and_save_user
     # temporary valid email with current time milliseconds
     # this will be updated to user.id@example.com later on
     self.empty_email = email.strip.empty?
-    self.email = "user#{DateTime.now.strftime('%Q')}@example.com" if empty_email
+    self.email = "user#{DateTime.now.strftime('%Q')}@example.com" if empty_email && !from_signup
     skip_confirmation! # auto-confirm, not sending confirmation email
     save
   end
@@ -128,4 +130,8 @@ def email_if_real
   def was_member?(petition)
     petition.status == 'accepted' && Member.where(organization: petition.organization, user: self).none?
   end
+
+  def from_signup?
+    from_signup
+  end
 end
diff --git a/app/views/petitions/manage.html.erb b/app/views/petitions/manage.html.erb
@@ -65,8 +65,8 @@
                 <td><%= phone_to user.phone %></td>
                 <% if current_user.manages?(current_organization) && @status == 'pending'  %>
                   <td>
-                    <%= link_to 'Accept', petition_path(id: petition.id, user_id: user.id, status: 'accepted'), class: 'btn btn-primary', method: :put %>
-                    <%= link_to 'Decline', petition_path(id: petition.id, user_id: user.id, status: 'declined'), class: 'btn btn-danger', method: :put %>
+                    <%= link_to 'Accept', petition_path(id: petition.id, status: 'accepted'), class: 'btn btn-primary', method: :put %>
+                    <%= link_to 'Decline', petition_path(id: petition.id, status: 'declined'), class: 'btn btn-danger', method: :put %>
                   </td>
                 <% end %>
               <% end %>

diff --git a/app/views/users/_form.html.erb b/app/views/users/_form.html.erb
@@ -12,7 +12,18 @@
       <%= f.input :email, readonly: true %>
     <% end %>
 
-    <%= f.input :password, label: t("application.login_form.password"), required: true if short %>
+    <% if short %>
+      <div class="form-group password required user_password">
+        <label class="password required control-label" for="user_password"><abbr title="required">*</abbr> Password</label>
+        <div class="input__password-eye">
+          <input class="form-control password required form-control" required="required" aria-required="true" type="password" name="user[password]" id="user_password">
+          <span class="show-password">
+            <i class="material-icons">visibility</i>
+          </span>
+        </div>
+      </div>
+      <%= hidden_field_tag 'from_signup', 'true' %>
+    <% end %>
 
     <%= f.input :phone %>
     <%= f.input :alt_phone %>

diff --git a/spec/controllers/organizations_controller_spec.rb b/spec/controllers/organizations_controller_spec.rb
@@ -61,6 +61,17 @@
         expect(assigns(:organizations)).to eq([second_organization])
       end
     end
+
+    context 'a user is logged' do
+      before { login(member.user) }
+
+      it 'populates an array of user organizations' do
+        get :index
+
+        expect(assigns(:user_organizations)).to include(member.organization)
+        expect(assigns(:organizations)).to eq([second_organization])
+      end
+    end
   end
 
   describe 'GET #show' do

diff --git a/spec/controllers/petitions_controller_spec.rb b/spec/controllers/petitions_controller_spec.rb
@@ -0,0 +1,49 @@
+RSpec.describe PetitionsController do
+  let!(:organization) { Fabricate(:organization) }
+  let(:user) { Fabricate(:user) }
+  let(:admin) { Fabricate(:member, organization: organization, manager: true) }
+
+  describe 'POST #create' do
+    before { login(user) }
+
+    it 'creates the petition' do
+      expect do
+        post :create, params: { user_id: user.id, organization_id: organization.id }
+      end.to change(Petition, :count).by(1)
+    end
+  end
+
+  describe 'PUT #update' do
+    before { login(admin.user) }
+    let(:petition) { Petition.create(user: user, organization: organization, status: 'pending') }
+
+    it 'decline the petition' do
+      put :update, params: { status: 'declined', id: petition.id }
+
+      petition.reload
+      expect(petition.status).to eq('declined')
+    end
+
+    it 'accept the petition and add the user to the org' do
+      put :update, params: { status: 'accepted', id: petition.id }
+
+      petition.reload
+      expect(user.members.last.organization.id).to eq(organization.id)
+      expect(petition.status).to eq('accepted')
+    end
+  end
+
+  describe 'GET #manage' do
+    before do
+      allow(controller).to receive(:current_organization) { organization } 
+      login(admin.user)
+    end
+    let!(:petition) { Petition.create(user: user, organization: organization, status: 'pending') }
+
+    it 'populates a list of users with pending petitions' do
+      get :manage
+
+      expect(assigns(:users)).to include(user)
+    end
+  end
+end
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
@@ -320,10 +320,23 @@
         end
 
       end
+
+      context 'with no logged user' do
+        before { allow_any_instance_of(ActionController::TestRequest).to receive(:referer).and_return(signup_users_path) }
+
+        it 'creates the user' do
+          expect do
+            post :create, params: { user: Fabricate.to_params(:user, password: '1234test'), from_signup: 'true' } 
+          end.to change(User, :count).by(1)
+          expect(subject).to redirect_to(terms_path)
+        end
+      end
     end
   end
 
   describe "PUT #update" do
+    before { allow_any_instance_of(ActionController::TestRequest).to receive(:referer).and_return('/edit') }
+
     context "with valid params" do
       context "with a logged" do
         context "normal user" do