瀏覽代碼

Removed check_owner def of activity model - a logged in user can update/destroy any activity

Lou 3 年之前
父節點
當前提交
9a28dba9cb

+ 0
- 5
app/controllers/api/v1/activities_controller.rb 查看文件

@@ -1,7 +1,6 @@
1 1
 class Api::V1::ActivitiesController < ApplicationController
2 2
   before_action :set_activity, only: %i[show update destroy]
3 3
   before_action :check_login
4
-  before_action :check_owner, only: %i[update destroy]
5 4
 
6 5
   def index
7 6
     render json: Activity.all
@@ -43,8 +42,4 @@ class Api::V1::ActivitiesController < ApplicationController
43 42
   def set_activity
44 43
     @activity = Activity.find(params[:id])
45 44
   end
46
-
47
-  def check_owner
48
-    head :forbidden unless @activity.author_id == current_user&.id
49
-  end
50 45
 end

+ 1
- 18
test/controllers/api/v1/activities_controller_test.rb 查看文件

@@ -68,15 +68,7 @@ class Api::V1::ActivitiesControllerTest < ActionDispatch::IntegrationTest
68 68
     as: :json
69 69
     assert_response :forbidden
70 70
   end
71
-
72
-  test "should forbid update activity - not owner or admin" do
73
-    patch api_v1_activity_url(@activity),
74
-    params: { activity: { name: "Updated name" } },
75
-    headers: { Authorization: JsonWebToken.encode(user_id: users(:two).id) },
76
-    as: :json
77
-    assert_response :forbidden
78
-  end
79
-
71
+  
80 72
   #DESTROY
81 73
   test "should destroy activity" do
82 74
     assert_difference "Activity.count", -1 do
@@ -93,13 +85,4 @@ class Api::V1::ActivitiesControllerTest < ActionDispatch::IntegrationTest
93 85
     end
94 86
     assert_response :forbidden
95 87
   end
96
-
97
-  test "should forbid destroy activity - not owner or admin" do
98
-    assert_no_difference('Activity.count') do
99
-    delete api_v1_activity_url(@activity),
100
-    headers: { Authorization: JsonWebToken.encode(user_id: users(:two).id) },
101
-    as: :json
102
-    end
103
-    assert_response :forbidden
104
-  end
105 88
 end

+ 0
- 5
test/fixtures/users.yml 查看文件

@@ -3,9 +3,4 @@
3 3
 one:
4 4
   email: one@one.com
5 5
   username: OneUsername
6
-  password_digest: <%= BCrypt::Password.create('g00d_pa$$') %>
7
-
8
-two:
9
-  email: two@two.com
10
-  username: TwoUsername
11 6
   password_digest: <%= BCrypt::Password.create('g00d_pa$$') %>

Loading…
取消
儲存