Restrict access to some pages

2019-09-02 18:37:32 +05:00 · 2019-09-02 18:37:32 +05:00 · d49f71fb4f
commit d49f71fb4f
parent 015fdf63dc
3 changed files with 3 additions and 3 deletions
--- a/app/policies/staff/person/account_connection_link_policy.rb
+++ b/app/policies/staff/person/account_connection_link_policy.rb
@ -2,7 +2,7 @@

 class Staff::Person::AccountConnectionLinkPolicy < ApplicationPolicy
  def show?
-    account&.superuser?
+    record.person.account.nil? && account&.superuser?
  end

  def create?
--- a/app/views/staffs/people/show.html.erb
+++ b/app/views/staffs/people/show.html.erb
@ -24,7 +24,7 @@

          <% if policy([:staff,
                        @person,
-                        ]).show? %>
+                        AccountConnectionLink.new(@person)]).show? %>
            <br/>

            <small>
--- a/spec/requests/staff/people/account_connection_links/show_spec.rb
+++ b/spec/requests/staff/people/account_connection_links/show_spec.rb
@ -29,7 +29,7 @@ RSpec.describe 'GET /staff/people/:person_id/account_connection_link' do
    let(:person) { create(:personal_account).person }

    specify do
-      expect(response).to have_http_status :ok
+      expect(response).to have_http_status :forbidden
    end
  end
 end