Admin should be owner of procedure to destroy it
This commit is contained in:
parent
409bed4080
commit
e468612d95
2 changed files with 12 additions and 4 deletions
|
@ -51,7 +51,7 @@ class Admin::ProceduresController < AdminController
|
|||
end
|
||||
|
||||
def destroy
|
||||
procedure = Procedure.find(params[:id])
|
||||
procedure = current_administrateur.procedures.find(params[:id])
|
||||
|
||||
return render json: {}, status: 401 if procedure.publiee_ou_archivee?
|
||||
|
||||
|
|
|
@ -54,9 +54,9 @@ describe Admin::ProceduresController, type: :controller do
|
|||
end
|
||||
|
||||
describe 'DELETE #destroy' do
|
||||
let(:procedure_draft) { create :procedure, published_at: nil, archived_at: nil }
|
||||
let(:procedure_published) { create :procedure, published_at: Time.now, archived_at: nil }
|
||||
let(:procedure_archived) { create :procedure, published_at: nil, archived_at: Time.now }
|
||||
let(:procedure_draft) { create :procedure, administrateur: admin, published_at: nil, archived_at: nil }
|
||||
let(:procedure_published) { create :procedure, administrateur: admin, published_at: Time.now, archived_at: nil }
|
||||
let(:procedure_archived) { create :procedure, administrateur: admin, published_at: nil, archived_at: Time.now }
|
||||
|
||||
subject { delete :destroy, params: {id: procedure.id} }
|
||||
|
||||
|
@ -91,6 +91,14 @@ describe Admin::ProceduresController, type: :controller do
|
|||
|
||||
it { expect(subject.status).to eq 401 }
|
||||
end
|
||||
|
||||
context "when administrateur does not own the procedure" do
|
||||
let(:procedure_not_owned) { create :procedure, administrateur: create(:administrateur), published_at: nil, archived_at: nil }
|
||||
|
||||
subject { delete :destroy, params: {id: procedure_not_owned.id} }
|
||||
|
||||
it { expect{ subject }.to raise_error(ActiveRecord::RecordNotFound) }
|
||||
end
|
||||
end
|
||||
|
||||
describe 'GET #edit' do
|
||||
|
|
Loading…
Reference in a new issue