Prevent maintainers (not owners) from transfering

Author: landongrindheim

app/models/rubygem_transfer.rb

@@ -45,7 +45,12 @@ def approved_invites
 
   def available_rubygems
     return Rubygem.none if created_by.blank?
-    created_by.rubygems.where(organization_id: nil).order(:name)
+    created_by.rubygems
+      .joins(:ownerships)
+      .where(ownerships: { user: created_by, role: :owner })
+      .where(organization_id: nil)
+      .distinct
+      .order(:name)
   end
 
   def selected_rubygems

test/system/rubygem_transfer_test.rb

@@ -19,15 +19,18 @@ def setup
     assert_no_link "Transfer"
   end
 
-  test "maintainers cannot transfer gems" do
+  test "maintainers see no transferable gems" do
     maintainer = create(:user)
     create(:ownership, rubygem: @rubygem, user: maintainer, role: :maintainer)
+    maintainer_org = create(:organization, owners: [maintainer])
 
     sign_in maintainer
+    visit organization_transfer_rubygems_path
 
-    visit rubygem_transfer_organization_path(@rubygem.slug)
+    select maintainer_org.name, from: "Organization"
+    click_on "Continue"
 
-    assert_text "Page not found"
+    assert_text "Gems 0" # No gems available to transfer
   end
 
   test "transfer a rubygem to an organization" do