Do not allow superuser to see membership app

app/policies/membership_app_policy.rb

@@ -4,8 +4,7 @@ class MembershipAppPolicy < ApplicationPolicy
   def show?
     return false if context.guest_account.nil?
 
-    context.guest_account.is_superuser? ||
+    record.account == context.guest_account
-      record.account == context.guest_account
   end
 
   def create?

spec/requests/membership_apps/show_spec.rb

@@ -50,7 +50,7 @@ RSpec.describe 'GET /membership_apps/:id' do
     let(:current_account) { create :superuser_account }
 
     specify do
-      expect(response).to have_http_status :ok
+      expect(response).to have_http_status :unauthorized
     end
   end
 end