Restriction note deletion to moderators
This commit is contained in:
Tom Hughes
parent
97e0d5ad1f
commit
f4b599e8fd
2 changed files with 11 additions and 0 deletions
|
|
@ -6,6 +6,7 @@ class NotesController < ApplicationController
|
||||||
before_filter :authorize_web, :only => [:mine]
|
before_filter :authorize_web, :only => [:mine]
|
||||||
before_filter :setup_user_auth, :only => [:create, :comment]
|
before_filter :setup_user_auth, :only => [:create, :comment]
|
||||||
before_filter :authorize, :only => [:close, :destroy]
|
before_filter :authorize, :only => [:close, :destroy]
|
||||||
|
before_filter :require_moderator, :only => [:destroy]
|
||||||
before_filter :check_api_writable, :only => [:create, :comment, :close, :destroy]
|
before_filter :check_api_writable, :only => [:create, :comment, :close, :destroy]
|
||||||
before_filter :require_allow_write_notes, :only => [:create, :comment, :close, :destroy]
|
before_filter :require_allow_write_notes, :only => [:create, :comment, :close, :destroy]
|
||||||
before_filter :set_locale, :only => [:mine]
|
before_filter :set_locale, :only => [:mine]
|
||||||
|
|
|
||||||
|
|
@ -348,6 +348,11 @@ class NotesControllerTest < ActionController::TestCase
|
||||||
|
|
||||||
basic_authorization(users(:public_user).email, "test")
|
basic_authorization(users(:public_user).email, "test")
|
||||||
|
|
||||||
|
delete :destroy, {:id => notes(:open_note_with_comment).id}
|
||||||
|
assert_response :forbidden
|
||||||
|
|
||||||
|
basic_authorization(users(:moderator_user).email, "test")
|
||||||
|
|
||||||
delete :destroy, {:id => notes(:open_note_with_comment).id}
|
delete :destroy, {:id => notes(:open_note_with_comment).id}
|
||||||
assert_response :success
|
assert_response :success
|
||||||
|
|
||||||
|
|
@ -361,6 +366,11 @@ class NotesControllerTest < ActionController::TestCase
|
||||||
|
|
||||||
basic_authorization(users(:public_user).email, "test")
|
basic_authorization(users(:public_user).email, "test")
|
||||||
|
|
||||||
|
delete :destroy, {:id => 12345}
|
||||||
|
assert_response :forbidden
|
||||||
|
|
||||||
|
basic_authorization(users(:moderator_user).email, "test")
|
||||||
|
|
||||||
delete :destroy, {:id => 12345}
|
delete :destroy, {:id => 12345}
|
||||||
assert_response :not_found
|
assert_response :not_found
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue