Admin should be owner of procedure to destroy it

This commit is contained in:
Mathieu Magnin 2017-07-20 14:30:36 +02:00
parent 409bed4080
commit e468612d95
2 changed files with 12 additions and 4 deletions

View file

@ -51,7 +51,7 @@ class Admin::ProceduresController < AdminController
end
def destroy
procedure = Procedure.find(params[:id])
procedure = current_administrateur.procedures.find(params[:id])
return render json: {}, status: 401 if procedure.publiee_ou_archivee?

View file

@ -54,9 +54,9 @@ describe Admin::ProceduresController, type: :controller do
end
describe 'DELETE #destroy' do
let(:procedure_draft) { create :procedure, published_at: nil, archived_at: nil }
let(:procedure_published) { create :procedure, published_at: Time.now, archived_at: nil }
let(:procedure_archived) { create :procedure, published_at: nil, archived_at: Time.now }
let(:procedure_draft) { create :procedure, administrateur: admin, published_at: nil, archived_at: nil }
let(:procedure_published) { create :procedure, administrateur: admin, published_at: Time.now, archived_at: nil }
let(:procedure_archived) { create :procedure, administrateur: admin, published_at: nil, archived_at: Time.now }
subject { delete :destroy, params: {id: procedure.id} }
@ -91,6 +91,14 @@ describe Admin::ProceduresController, type: :controller do
it { expect(subject.status).to eq 401 }
end
context "when administrateur does not own the procedure" do
let(:procedure_not_owned) { create :procedure, administrateur: create(:administrateur), published_at: nil, archived_at: nil }
subject { delete :destroy, params: {id: procedure_not_owned.id} }
it { expect{ subject }.to raise_error(ActiveRecord::RecordNotFound) }
end
end
describe 'GET #edit' do