Removed check_owner def of activity model - a logged in user can update/destroy any activity

app/controllers/api/v1/activities_controller.rb

@@ -1,7 +1,6 @@
 class Api::V1::ActivitiesController < ApplicationController
   before_action :set_activity, only: %i[show update destroy]
   before_action :check_login
-  before_action :check_owner, only: %i[update destroy]
 
   def index
     render json: Activity.all
@@ -43,8 +42,4 @@ class Api::V1::ActivitiesController < ApplicationController
   def set_activity
     @activity = Activity.find(params[:id])
   end
-
-  def check_owner
-    head :forbidden unless @activity.author_id == current_user&.id
-  end
 end

test/controllers/api/v1/activities_controller_test.rb

@@ -69,14 +69,6 @@ class Api::V1::ActivitiesControllerTest < ActionDispatch::IntegrationTest
     assert_response :forbidden
   end
   
-  test "should forbid update activity - not owner or admin" do
-    patch api_v1_activity_url(@activity),
-    params: { activity: { name: "Updated name" } },
-    headers: { Authorization: JsonWebToken.encode(user_id: users(:two).id) },
-    as: :json
-    assert_response :forbidden
-  end
-
   #DESTROY
   test "should destroy activity" do
     assert_difference "Activity.count", -1 do
@@ -93,13 +85,4 @@ class Api::V1::ActivitiesControllerTest < ActionDispatch::IntegrationTest
     end
     assert_response :forbidden
   end
-
-  test "should forbid destroy activity - not owner or admin" do
-    assert_no_difference('Activity.count') do
-    delete api_v1_activity_url(@activity),
-    headers: { Authorization: JsonWebToken.encode(user_id: users(:two).id) },
-    as: :json
-    end
-    assert_response :forbidden
-  end
 end

test/fixtures/users.yml

@@ -4,8 +4,3 @@ one:
   email: one@one.com
   username: OneUsername
   password_digest: <%= BCrypt::Password.create('g00d_pa$$') %>
-
-two:
-  email: two@two.com
-  username: TwoUsername
-  password_digest: <%= BCrypt::Password.create('g00d_pa$$') %>