Browse Source

Removed check_owner def of activity model - a logged in user can update/destroy any activity

Lou 3 years ago
parent
commit
9a28dba9cb

+ 0
- 5
app/controllers/api/v1/activities_controller.rb View File

1
 class Api::V1::ActivitiesController < ApplicationController
1
 class Api::V1::ActivitiesController < ApplicationController
2
   before_action :set_activity, only: %i[show update destroy]
2
   before_action :set_activity, only: %i[show update destroy]
3
   before_action :check_login
3
   before_action :check_login
4
-  before_action :check_owner, only: %i[update destroy]
5
 
4
 
6
   def index
5
   def index
7
     render json: Activity.all
6
     render json: Activity.all
43
   def set_activity
42
   def set_activity
44
     @activity = Activity.find(params[:id])
43
     @activity = Activity.find(params[:id])
45
   end
44
   end
46
-
47
-  def check_owner
48
-    head :forbidden unless @activity.author_id == current_user&.id
49
-  end
50
 end
45
 end

+ 1
- 18
test/controllers/api/v1/activities_controller_test.rb View File

68
     as: :json
68
     as: :json
69
     assert_response :forbidden
69
     assert_response :forbidden
70
   end
70
   end
71
-
72
-  test "should forbid update activity - not owner or admin" do
73
-    patch api_v1_activity_url(@activity),
74
-    params: { activity: { name: "Updated name" } },
75
-    headers: { Authorization: JsonWebToken.encode(user_id: users(:two).id) },
76
-    as: :json
77
-    assert_response :forbidden
78
-  end
79
-
71
+  
80
   #DESTROY
72
   #DESTROY
81
   test "should destroy activity" do
73
   test "should destroy activity" do
82
     assert_difference "Activity.count", -1 do
74
     assert_difference "Activity.count", -1 do
93
     end
85
     end
94
     assert_response :forbidden
86
     assert_response :forbidden
95
   end
87
   end
96
-
97
-  test "should forbid destroy activity - not owner or admin" do
98
-    assert_no_difference('Activity.count') do
99
-    delete api_v1_activity_url(@activity),
100
-    headers: { Authorization: JsonWebToken.encode(user_id: users(:two).id) },
101
-    as: :json
102
-    end
103
-    assert_response :forbidden
104
-  end
105
 end
88
 end

+ 0
- 5
test/fixtures/users.yml View File

3
 one:
3
 one:
4
   email: one@one.com
4
   email: one@one.com
5
   username: OneUsername
5
   username: OneUsername
6
-  password_digest: <%= BCrypt::Password.create('g00d_pa$$') %>
7
-
8
-two:
9
-  email: two@two.com
10
-  username: TwoUsername
11
   password_digest: <%= BCrypt::Password.create('g00d_pa$$') %>
6
   password_digest: <%= BCrypt::Password.create('g00d_pa$$') %>

Loading…
Cancel
Save