1
0
Fork 0

Do not allow superuser to see membership app

This commit is contained in:
Alex Kotov 2018-12-12 07:19:51 +05:00
parent c2b759b4ec
commit b7ed7563bd
No known key found for this signature in database
GPG key ID: 4E831250F47DE154
2 changed files with 2 additions and 3 deletions

View file

@ -4,7 +4,6 @@ class MembershipAppPolicy < ApplicationPolicy
def show? def show?
return false if context.guest_account.nil? return false if context.guest_account.nil?
context.guest_account.is_superuser? ||
record.account == context.guest_account record.account == context.guest_account
end end

View file

@ -50,7 +50,7 @@ RSpec.describe 'GET /membership_apps/:id' do
let(:current_account) { create :superuser_account } let(:current_account) { create :superuser_account }
specify do specify do
expect(response).to have_http_status :ok expect(response).to have_http_status :unauthorized
end end
end end
end end