DGNum/demarches-normaliennes
14
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

fix(exports): block exports page to super admins so they can't download exports

Browse source
This commit is contained in:
mfo 2023-09-21 11:42:28 +02:00 committed by Colin Darie
parent 2283c7eba7
commit 00a6d02d21
No known key found for this signature in database
GPG key ID: 8C76CADD40253590
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/instructeurs/procedures_controller.rb
View file

@ -1,7 +1,7 @@
module Instructeurs
class ProceduresController < InstructeurController
before_action :ensure_ownership!, except: [:index]
before_action :ensure_not_super_admin!, only: [:download_export]
before_action :ensure_not_super_admin!, only: [:download_export, :exports]
ITEMS_PER_PAGE = 25
BATCH_SELECTION_LIMIT = 500

5
spec/controllers/instructeurs/procedures_controller_spec.rb
View file

@ -723,5 +723,10 @@ describe Instructeurs::ProceduresController, type: :controller do
expect(assigns(:exports)).to eq([])
end
end
context 'when logged in through super admin' do
let(:manager) { true }
it { is_expected.to have_http_status(:forbidden) }
end
end
end