Fix valuator's permissions

[antopalidi]

No description provided.

[codecov]

Codecov Report

Attention: 3 lines in your changes are missing coverage. Please review.

Comparison is base (b61f9b2) 91.54% compared to head (f63c906) 91.59%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #80      +/-   ##
==========================================
+ Coverage   91.54%   91.59%   +0.04%     
==========================================
  Files          78       78              
  Lines        1632     1677      +45     
==========================================
+ Hits         1494     1536      +42     
- Misses        138      141       +3     

Files	Coverage Δ
...g_proposals/admin/proposals_controller_override.rb	87.50% <100.00%> (+0.83%)	⬆️
.../reporting_proposals/admin/permissions_override.rb	97.77% <96.87%> (-2.23%)	⬇️
...admin/valuation_assignments_controller_override.rb	87.09% <83.33%> (-2.38%)	⬇️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[microstudi]

Thanks for this.
I think we can simplify a bit the overrides,
Also, we need to ensure we have all the spec covering the cases for the security improvement that this PR does. We can also add cases to the permissions_spec.rb if needed.

[microstudi]

I understand this override is just to redirect the user to different places depending on if it is a valuator or not.

Can you explain why we need that, also we should add a test case for both cases if it is really needed

[microstudi]

I think we shouldn't override the whole permissions method, is too cumbersome.
I we can just work on the override of valuator_can_unassign_valuator_from_proposals? and put all the cases there it would be much cleaner.