Do not allow superuser to see membership app

2018-12-12 07:19:51 +05:00 · 2018-12-12 07:19:51 +05:00 · b7ed7563bd
parent c2b759b4ec
commit b7ed7563bd
2 changed files with 2 additions and 3 deletions
--- a/app/policies/membership_app_policy.rb
+++ b/app/policies/membership_app_policy.rb
@ -4,8 +4,7 @@ class MembershipAppPolicy < ApplicationPolicy
  def show?
    return false if context.guest_account.nil?

-    context.guest_account.is_superuser? ||
-      record.account == context.guest_account
+    record.account == context.guest_account
  end

  def create?
--- a/spec/requests/membership_apps/show_spec.rb
+++ b/spec/requests/membership_apps/show_spec.rb
@ -50,7 +50,7 @@ RSpec.describe 'GET /membership_apps/:id' do
    let(:current_account) { create :superuser_account }

    specify do
-      expect(response).to have_http_status :ok
+      expect(response).to have_http_status :unauthorized
    end
  end
 end