Do not allow superuser to see membership app
This commit is contained in:
parent
c2b759b4ec
commit
b7ed7563bd
2 changed files with 2 additions and 3 deletions
|
@ -4,7 +4,6 @@ class MembershipAppPolicy < ApplicationPolicy
|
||||||
def show?
|
def show?
|
||||||
return false if context.guest_account.nil?
|
return false if context.guest_account.nil?
|
||||||
|
|
||||||
context.guest_account.is_superuser? ||
|
|
||||||
record.account == context.guest_account
|
record.account == context.guest_account
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -50,7 +50,7 @@ RSpec.describe 'GET /membership_apps/:id' do
|
||||||
let(:current_account) { create :superuser_account }
|
let(:current_account) { create :superuser_account }
|
||||||
|
|
||||||
specify do
|
specify do
|
||||||
expect(response).to have_http_status :ok
|
expect(response).to have_http_status :unauthorized
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Reference in a new issue