fix(exports): block exports page to super admins so they can't download exports

This commit is contained in:
mfo 2023-09-21 11:42:28 +02:00 committed by Colin Darie
parent 2283c7eba7
commit 00a6d02d21
No known key found for this signature in database
GPG key ID: 8C76CADD40253590
2 changed files with 6 additions and 1 deletions

View file

@ -1,7 +1,7 @@
module Instructeurs module Instructeurs
class ProceduresController < InstructeurController class ProceduresController < InstructeurController
before_action :ensure_ownership!, except: [:index] before_action :ensure_ownership!, except: [:index]
before_action :ensure_not_super_admin!, only: [:download_export] before_action :ensure_not_super_admin!, only: [:download_export, :exports]
ITEMS_PER_PAGE = 25 ITEMS_PER_PAGE = 25
BATCH_SELECTION_LIMIT = 500 BATCH_SELECTION_LIMIT = 500

View file

@ -723,5 +723,10 @@ describe Instructeurs::ProceduresController, type: :controller do
expect(assigns(:exports)).to eq([]) expect(assigns(:exports)).to eq([])
end end
end end
context 'when logged in through super admin' do
let(:manager) { true }
it { is_expected.to have_http_status(:forbidden) }
end
end end
end end