From c2b7443e41d3c398dba035709541130c9b0508ef Mon Sep 17 00:00:00 2001
From: katee <hello@kate.io>
Date: Sun, 2 Apr 2017 15:53:32 -0400
Subject: [PATCH 01/13] Remove ArtistController#delete_grant

---
 app/controllers/artists_controller.rb | 24 ------------------------
 1 file changed, 24 deletions(-)

diff --git a/app/controllers/artists_controller.rb b/app/controllers/artists_controller.rb
index b52b6cf6..c4e2dd3e 100644
--- a/app/controllers/artists_controller.rb
+++ b/app/controllers/artists_controller.rb
@@ -40,30 +40,6 @@ def create
     end
   end
 
-  def delete_grant
-    if !artist_logged_in?
-      return
-    end
-
-    begin
-      @submission = GrantSubmission.find(params[:grant_id])
-    rescue
-      redirect_to action: "index"
-      return
-    end
-
-    # TODO: is this enough "security"?
-    if @submission.artist_id != current_artist.id
-      # Log more stuff
-      logger.info "SECURITY WARNING: Attempted to delete grant while not logged in as that artist"
-      redirect_to action: "index"
-      return
-    end
-    # Also should delete pdf from filesystem
-    @submission.destroy
-    redirect_to action: "index"
-  end
-
   private
 
   def initialize_user

From 64aed9fe207605dbb63c3c555d8f48d456b677b3 Mon Sep 17 00:00:00 2001
From: katee <hello@kate.io>
Date: Sun, 2 Apr 2017 15:56:01 -0400
Subject: [PATCH 02/13] Add obvious show method to ArtistsController

---
 app/controllers/artists_controller.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/controllers/artists_controller.rb b/app/controllers/artists_controller.rb
index c4e2dd3e..683bc424 100644
--- a/app/controllers/artists_controller.rb
+++ b/app/controllers/artists_controller.rb
@@ -3,6 +3,9 @@ class ArtistsController < ApplicationController
 
   before_filter :initialize_user, except: [:show]
 
+  def show
+  end
+
   def signup
     @artist.artist_survey ||= ArtistSurvey.new
   end

From 7ee0a447c417bf68070cfcde8ba7549a74e88f48 Mon Sep 17 00:00:00 2001
From: katee <hello@kate.io>
Date: Sun, 2 Apr 2017 15:57:18 -0400
Subject: [PATCH 03/13] Use load_and_authorize_resource on all ArtistController
 endpoints

---
 app/controllers/artists_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/artists_controller.rb b/app/controllers/artists_controller.rb
index 683bc424..6931a082 100644
--- a/app/controllers/artists_controller.rb
+++ b/app/controllers/artists_controller.rb
@@ -1,5 +1,5 @@
 class ArtistsController < ApplicationController
-  load_and_authorize_resource only: [:index, :show]
+  load_and_authorize_resource
 
   before_filter :initialize_user, except: [:show]
 

From dff8c5c5d1dd587961fea2c7cee837713acd4f8b Mon Sep 17 00:00:00 2001
From: katee <hello@kate.io>
Date: Sun, 2 Apr 2017 15:58:13 -0400
Subject: [PATCH 04/13] Only initialize artist in signup

---
 app/controllers/artists_controller.rb | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/app/controllers/artists_controller.rb b/app/controllers/artists_controller.rb
index 6931a082..284e1187 100644
--- a/app/controllers/artists_controller.rb
+++ b/app/controllers/artists_controller.rb
@@ -1,12 +1,11 @@
 class ArtistsController < ApplicationController
   load_and_authorize_resource
 
-  before_filter :initialize_user, except: [:show]
-
   def show
   end
 
   def signup
+    @artist = Artist.new
     @artist.artist_survey ||= ArtistSurvey.new
   end
 
@@ -45,10 +44,6 @@ def create
 
   private
 
-  def initialize_user
-    @artist = Artist.new
-  end
-
   def artist_params
     params.require(:artist).permit(:name, :password_digest, :password,
         :password_confirmation, :email, :contact_name, :contact_phone,

From a4c3b5505d1e5a0150d54311d280e790ae3112cf Mon Sep 17 00:00:00 2001
From: katee <hello@kate.io>
Date: Sun, 2 Apr 2017 16:00:37 -0400
Subject: [PATCH 05/13] Rename signup artist endpoint to new

---
 app/controllers/artists_controller.rb               | 4 ++--
 app/views/artists/{signup.html.erb => new.html.erb} | 0
 app/views/sessions/artists/new.html.erb             | 2 +-
 config/routes.rb                                    | 3 ---
 4 files changed, 3 insertions(+), 6 deletions(-)
 rename app/views/artists/{signup.html.erb => new.html.erb} (100%)

diff --git a/app/controllers/artists_controller.rb b/app/controllers/artists_controller.rb
index 284e1187..1a432bdf 100644
--- a/app/controllers/artists_controller.rb
+++ b/app/controllers/artists_controller.rb
@@ -4,7 +4,7 @@ class ArtistsController < ApplicationController
   def show
   end
 
-  def signup
+  def new
     @artist = Artist.new
     @artist.artist_survey ||= ArtistSurvey.new
   end
@@ -38,7 +38,7 @@ def create
       render "signup_success"
     else
       @artist.artist_survey ||= ArtistSurvey.new(artist_survey_params)
-      render "signup"
+      render 'new'
     end
   end
 
diff --git a/app/views/artists/signup.html.erb b/app/views/artists/new.html.erb
similarity index 100%
rename from app/views/artists/signup.html.erb
rename to app/views/artists/new.html.erb
diff --git a/app/views/sessions/artists/new.html.erb b/app/views/sessions/artists/new.html.erb
index 0dfaacf3..5b4f01f4 100644
--- a/app/views/sessions/artists/new.html.erb
+++ b/app/views/sessions/artists/new.html.erb
@@ -1,4 +1,4 @@
-<%= link_to "Register as an artist", artists_signup_path %> to access submit grant applications.
+<%= link_to "Register as an artist", new_artist_path %> to access submit grant applications.
 
 <h2>Have an account?</h2>
 
diff --git a/config/routes.rb b/config/routes.rb
index c116ae12..9c51a2d2 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -7,9 +7,6 @@
   get 'password_resets/new'
   get 'password_resets/edit'
 
-  get 'artists/signup' => 'artists#signup'
-  post 'artists/signup' => 'artists#create'
-
   get 'voters/signup' => 'voters#signup'
   post 'voters/signup' => 'voters#create'
 

From acd4f10ab1e888a19ba1218d95842cd7090e628d Mon Sep 17 00:00:00 2001
From: katee <hello@kate.io>
Date: Sun, 2 Apr 2017 16:02:55 -0400
Subject: [PATCH 06/13] Remove custom @artist and @artist_survey initialization

---
 app/controllers/artists_controller.rb | 2 --
 app/views/artists/new.html.erb        | 4 ++--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/app/controllers/artists_controller.rb b/app/controllers/artists_controller.rb
index 1a432bdf..b4b4db07 100644
--- a/app/controllers/artists_controller.rb
+++ b/app/controllers/artists_controller.rb
@@ -5,8 +5,6 @@ def show
   end
 
   def new
-    @artist = Artist.new
-    @artist.artist_survey ||= ArtistSurvey.new
   end
 
   def create
diff --git a/app/views/artists/new.html.erb b/app/views/artists/new.html.erb
index d6823d3f..82fe3a1a 100644
--- a/app/views/artists/new.html.erb
+++ b/app/views/artists/new.html.erb
@@ -32,7 +32,7 @@
     </div>
   </div>
 
-  <%= f.simple_fields_for @artist.artist_survey do |f_artist_survey| %>
+  <%= f.simple_fields_for :artist_survey do |f_artist_survey| %>
   <div class="panel panel-default">
     <div class="panel-heading">
       <h3 class="panel-title">Optional Survey</h3>
@@ -49,7 +49,7 @@
       <%= f_artist_survey.input :has_attended_bm, as: :radio_buttons, label: 'I have attended Burning Man' %>
       <%= f_artist_survey.text_area :has_attended_bm_desc, placeholder: 'Please elaborate. How have you participated at Burning Man?', class: 'form-control', rows: '3'  %>
 
-      <%= f_artist_survey.input :can_use_as_example, label: 'If I am awarded a grant, Firefly has permission to use my grant application as an example of a successful application in future years' %>
+      <%= f_artist_survey.input :can_use_as_example, label: 'If I am awarded a grant, Firefly has permission to use my grant application as an example of a successful application in future years', as: :boolean %>
     </div>
   </div>
   <% end %>

From 896743c10349b42a600dc99dd11058372e563e65 Mon Sep 17 00:00:00 2001
From: katee <hello@kate.io>
Date: Sun, 2 Apr 2017 16:10:35 -0400
Subject: [PATCH 07/13] Save ArtistSurvey using accepts_nested_attributes_for

---
 app/controllers/artists_controller.rb | 22 +++++++++-------------
 app/models/artist.rb                  |  4 +++-
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/app/controllers/artists_controller.rb b/app/controllers/artists_controller.rb
index b4b4db07..b0183c59 100644
--- a/app/controllers/artists_controller.rb
+++ b/app/controllers/artists_controller.rb
@@ -5,6 +5,7 @@ def show
   end
 
   def new
+    @artist.artist_survey ||= @artist.build_artist_survey
   end
 
   def create
@@ -18,11 +19,6 @@ def create
     @artist.email = @artist.email.downcase
 
     if @artist.save
-      # save optional survey
-      artist_survey = ArtistSurvey.new(artist_survey_params)
-      artist_survey.artist_id = @artist.id
-      artist_survey.save
-
       # Send email!
       begin
         UserMailer.account_activation("artists", @artist).deliver_now
@@ -43,16 +39,16 @@ def create
   private
 
   def artist_params
+    artist_survey_attribute_names = [
+      :has_attended_firefly, :has_attended_firefly_desc,
+      :has_attended_regional, :has_attended_regional_desc,
+      :has_attended_bm, :has_attended_bm_desc,
+      :can_use_as_example
+    ]
+
     params.require(:artist).permit(:name, :password_digest, :password,
         :password_confirmation, :email, :contact_name, :contact_phone,
         :contact_street, :contact_city, :contact_state, :contact_zipcode,
-        :contact_country)
-  end
-
-  def artist_survey_params
-    params.require(:artist).require(:artist_survey).permit(:has_attended_firefly,
-        :has_attended_firefly_desc, :has_attended_regional,
-        :has_attended_regional_desc, :has_attended_bm, :has_attended_bm_desc,
-        :can_use_as_example)
+        :contact_country, artist_survey_attributes: [artist_survey_attribute_names])
   end
 end
diff --git a/app/models/artist.rb b/app/models/artist.rb
index a7bb7f1a..9e1d83b2 100644
--- a/app/models/artist.rb
+++ b/app/models/artist.rb
@@ -4,9 +4,11 @@ class Artist < ActiveRecord::Base
 
   has_secure_password
 
-  has_one :artist_survey
+  has_one :artist_survey, inverse_of: :artist
   has_many :grant_submissions
 
+  accepts_nested_attributes_for :artist_survey
+
   validates :name, presence: true, length: { minimum: 4 }
   validates :email, presence: true
   validates :password, length: { minimum: 4 }, on: :create

From 41b914ffdf0d748b9e146c6dc0511a3438a46e89 Mon Sep 17 00:00:00 2001
From: katee <hello@kate.io>
Date: Sun, 2 Apr 2017 16:17:09 -0400
Subject: [PATCH 08/13] Allow Artist and Voter to be created by anyone

---
 app/models/ability.rb       |  4 ++++
 spec/models/ability_spec.rb | 10 ++++++++++
 2 files changed, 14 insertions(+)

diff --git a/app/models/ability.rb b/app/models/ability.rb
index 876ccf5e..5cd3a0fb 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -14,6 +14,10 @@ def initialize(user)
 
     # Allow an initial Admin to be crated by anyone
     can :manage, Admin unless Admin.exists?
+
+    can [:new, :create], Artist
+    can [:new, :create], Voter
+
     can :read, Grant, hidden: false
 
     if user.is_a?(Admin)
diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb
index ddfc849a..7d3b5cad 100644
--- a/spec/models/ability_spec.rb
+++ b/spec/models/ability_spec.rb
@@ -16,6 +16,14 @@
     it { is_expected.not_to be_able_to(:read, FactoryGirl.build(:grant, hidden: true)) }
   end
 
+  shared_examples 'signup Voter and Artist' do
+    it { is_expected.to be_able_to(:new, Voter) }
+    it { is_expected.to be_able_to(:create, Voter) }
+
+    it { is_expected.to be_able_to(:new, Artist) }
+    it { is_expected.to be_able_to(:create, Artist) }
+  end
+
   context 'with nil' do
     let(:user) { nil }
 
@@ -47,6 +55,7 @@
 
     it_behaves_like 'can manage Admin unless Admin.exists?'
     it_behaves_like 'can read non-hidden Grants'
+    it_behaves_like 'signup Voter and Artist'
 
     it { is_expected.to be_able_to(:manage, artist_survey) }
     it { is_expected.to be_able_to(:manage, grant_submission) }
@@ -84,6 +93,7 @@
 
     it_behaves_like 'can manage Admin unless Admin.exists?'
     it_behaves_like 'can read non-hidden Grants'
+    it_behaves_like 'signup Voter and Artist'
 
     it { is_expected.to be_able_to(:vote, GrantSubmission.new) }
 

From b82f0374d502e5c6714a22d8837d6df4885c0486 Mon Sep 17 00:00:00 2001
From: katee <hello@kate.io>
Date: Sun, 2 Apr 2017 16:24:24 -0400
Subject: [PATCH 09/13] Add specs for ArtistSurveyController

---
 spec/controllers/artists_controller_spec.rb | 67 +++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 spec/controllers/artists_controller_spec.rb

diff --git a/spec/controllers/artists_controller_spec.rb b/spec/controllers/artists_controller_spec.rb
new file mode 100644
index 00000000..9c8adc26
--- /dev/null
+++ b/spec/controllers/artists_controller_spec.rb
@@ -0,0 +1,67 @@
+describe ArtistsController do
+  subject { response }
+
+  describe '#index' do
+    def go!
+      get :index
+    end
+
+    it { go!; is_expected.to be_forbidden }
+
+    context 'when admin signed in' do
+      let!(:admin) { FactoryGirl.create(:admin) }
+
+      before do
+        sign_in admin
+      end
+
+      it 'is ok' do
+        go!
+        expect(response).to render_template('index')
+        expect(response).to be_ok
+      end
+    end
+  end
+
+  describe '#new' do
+    def go!
+      get :new
+    end
+
+    before { go! }
+
+    it { is_expected.to render_template('new') }
+    it { is_expected.to be_ok }
+  end
+
+  describe '#create' do
+    def go!
+      post :create, artist_params
+    end
+
+    let(:artist_attributes) { FactoryGirl.attributes_for(:artist) }
+    let(:artist_survey_attributes) { FactoryGirl.attributes_for(:artist_survey) }
+    let(:artist_params) do
+      {
+        artist: artist_attributes.merge(artist_survey_attributes: artist_survey_attributes)
+      }
+    end
+
+    it 'creates Artist' do
+      expect { go! }.to change { Artist.count }.by(1)
+    end
+
+    it 'creates ArtistSurvey' do
+      expect { go! }.to change { ArtistSurvey.count }.by(1)
+    end
+
+    context 'with invalid params' do
+      let(:artist_attributes) { FactoryGirl.attributes_for(:artist, email: '') }
+
+      it 'displays form' do
+        expect { go! }.not_to change { Admin.count }
+        expect(response).to render_template('new')
+      end
+    end
+  end
+end

From ac99a018f757442fd158bfc944111d7e89ca713b Mon Sep 17 00:00:00 2001
From: katee <hello@kate.io>
Date: Sun, 2 Apr 2017 16:25:12 -0400
Subject: [PATCH 10/13] Fixup, remove line handled by nested_attributes_for

---
 app/controllers/artists_controller.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/controllers/artists_controller.rb b/app/controllers/artists_controller.rb
index b0183c59..ce01216e 100644
--- a/app/controllers/artists_controller.rb
+++ b/app/controllers/artists_controller.rb
@@ -31,7 +31,6 @@ def create
 
       render "signup_success"
     else
-      @artist.artist_survey ||= ArtistSurvey.new(artist_survey_params)
       render 'new'
     end
   end

From d4338400a3283d4184b5e44aa6f6a301ca5686fc Mon Sep 17 00:00:00 2001
From: katee <hello@kate.io>
Date: Sun, 2 Apr 2017 16:28:37 -0400
Subject: [PATCH 11/13] Remove specific signup success and signup failure
 templates

---
 app/controllers/artists_controller.rb     |  9 ++-------
 app/views/artists/signup_failure.html.erb | 10 ----------
 app/views/artists/signup_success.html.erb |  6 ------
 3 files changed, 2 insertions(+), 23 deletions(-)
 delete mode 100644 app/views/artists/signup_failure.html.erb
 delete mode 100644 app/views/artists/signup_success.html.erb

diff --git a/app/controllers/artists_controller.rb b/app/controllers/artists_controller.rb
index ce01216e..f3e00bb6 100644
--- a/app/controllers/artists_controller.rb
+++ b/app/controllers/artists_controller.rb
@@ -11,7 +11,6 @@ def new
   def create
     if Artist.exists?(email: artist_params[:email].downcase)
       flash[:warning] = "The email address #{artist_params[:email.downcase]} already exists in our system"
-      render "signup_failure"
       return
     end
 
@@ -21,15 +20,11 @@ def create
     if @artist.save
       # Send email!
       begin
-        UserMailer.account_activation("artists", @artist).deliver_now
+        UserMailer.account_activation('artists', @artist).deliver_now
         logger.info "email: artist account activation sent to #{@artist.email}"
       rescue
-        flash[:warning] = "Error sending email confirmation"
-        render "signup_failure"
-        return
+        flash[:warning] = 'Error sending email confirmation'
       end
-
-      render "signup_success"
     else
       render 'new'
     end
diff --git a/app/views/artists/signup_failure.html.erb b/app/views/artists/signup_failure.html.erb
deleted file mode 100644
index b1733d65..00000000
--- a/app/views/artists/signup_failure.html.erb
+++ /dev/null
@@ -1,10 +0,0 @@
-<h1><%= link_to "Firefly Art Grants", :controller => "home", :action => "index" %>: Failure</h1>
-<h1>Signup failed!</h1>
-<% if flash.any? %>
-  <% flash.each do |name, msg| -%>
-    <%= content_tag :div, msg, class: name %>
-  <% end -%>
-  For help please contact us at: <a href="mailto:grants@fireflyartscollective.org">grants@fireflyartscollective.org</a>
-<% else %>
-  We're not sure why this happened. Please try again or contact us at: <a href="mailto:grants@fireflyartscollective.org">grants@fireflyartscollective.org</a>
-<% end %>
diff --git a/app/views/artists/signup_success.html.erb b/app/views/artists/signup_success.html.erb
deleted file mode 100644
index ea24ce9f..00000000
--- a/app/views/artists/signup_success.html.erb
+++ /dev/null
@@ -1,6 +0,0 @@
-<h1><%= link_to "Firefly Art Grants", :controller => "home", :action => "index" %>: Almost there...</h1>
-
-<p>Please check your email (<%= @artist.email %>) for your account activation link.</p>
-<p>If you don't see one soon, check your spam folder or contact
-  <a href="mailto:grants@fireflyartscollective.org">grants@fireflyartscollective.org</a>
-</p>

From 3c0f6295117abee2b461a944948ace4f123b7337 Mon Sep 17 00:00:00 2001
From: katee <hello@kate.io>
Date: Sun, 2 Apr 2017 16:35:58 -0400
Subject: [PATCH 12/13] Always render 'new' template

---
 app/controllers/artists_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/artists_controller.rb b/app/controllers/artists_controller.rb
index f3e00bb6..eb282262 100644
--- a/app/controllers/artists_controller.rb
+++ b/app/controllers/artists_controller.rb
@@ -25,9 +25,9 @@ def create
       rescue
         flash[:warning] = 'Error sending email confirmation'
       end
-    else
-      render 'new'
     end
+
+    render 'new'
   end
 
   private

From e985c2f8c9db1837203c3711986355aa40a3718f Mon Sep 17 00:00:00 2001
From: katee <hello@kate.io>
Date: Sun, 2 Apr 2017 16:36:11 -0400
Subject: [PATCH 13/13] Add test that email is sent

---
 spec/controllers/artists_controller_spec.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/spec/controllers/artists_controller_spec.rb b/spec/controllers/artists_controller_spec.rb
index 9c8adc26..2834a788 100644
--- a/spec/controllers/artists_controller_spec.rb
+++ b/spec/controllers/artists_controller_spec.rb
@@ -55,6 +55,11 @@ def go!
       expect { go! }.to change { ArtistSurvey.count }.by(1)
     end
 
+    it 'sends email' do
+      expect(UserMailer).to receive(:account_activation)
+      go!
+    end
+
     context 'with invalid params' do
       let(:artist_attributes) { FactoryGirl.attributes_for(:artist, email: '') }