DGNum/demarches-normaliennes
13
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

refacto destroy action and add spec for unauthorized user

Browse source
This commit is contained in:
Lisa Durand 2023-03-09 11:39:45 +01:00
parent efcb783c8c
commit 6ba47b731b
4 changed files with 34 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
app/controllers/users/transfers_controller.rb
View file

@ -20,11 +20,14 @@ module Users
def destroy
transfer = DossierTransfer.find(params[:id])
authorized = (transfer.email == current_user.email || transfer.dossiers.exists?(dossiers: { user: current_user }))
authorized_email = (transfer.email == current_user.email || transfer.dossiers.where(dossiers: { user: current_user }).present?)
return if !authorized_email
transfer.destroy_and_nullify
if authorized
transfer.destroy_and_nullify
flash.notice = t("users.dossiers.transferer.destroy")
else
flash.alert = t("users.dossiers.transferer.unauthorized_destroy")
end
redirect_to dossiers_path
end