kotovalexarian/lpr-partynest
Archived
1
0
Fork 0
Code Activity

Do not allow superuser to see membership app

Browse source
This commit is contained in:
Alex Kotov 2018-12-12 07:19:51 +05:00
parent c2b759b4ec
commit b7ed7563bd
No known key found for this signature in database
GPG key ID: 4E831250F47DE154
2 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/policies/membership_app_policy.rb
View file

@ -4,7 +4,6 @@ class MembershipAppPolicy < ApplicationPolicy
def show?
return false if context.guest_account.nil?
context.guest_account.is_superuser? ||
record.account == context.guest_account
end

2
spec/requests/membership_apps/show_spec.rb
View file

@ -50,7 +50,7 @@ RSpec.describe 'GET /membership_apps/:id' do
let(:current_account) { create :superuser_account }
specify do
expect(response).to have_http_status :ok
expect(response).to have_http_status :unauthorized
end
end
end