Merge pull request #1912 from basecamp/refactor-reaction-permission-check

Change reaction admin permission check to be in-line with other controllers
This commit is contained in:
Stanko Krtalić
2025-12-04 11:04:12 +01:00
committed by GitHub
@@ -2,6 +2,8 @@ class Cards::Comments::ReactionsController < ApplicationController
include CardScoped
before_action :set_comment
before_action :set_reaction, only: %i[ destroy ]
before_action :ensure_permision_to_administer_reaction, only: %i[ destroy ]
def index
end
@@ -14,17 +16,19 @@ class Cards::Comments::ReactionsController < ApplicationController
end
def destroy
@reaction = @comment.reactions.find(params[:id])
if Current.user != @reaction.reacter
head :forbidden
else
@reaction.destroy
end
@reaction.destroy
end
private
def set_comment
@comment = @card.comments.find(params[:comment_id])
end
def set_reaction
@reaction = @comment.reactions.find(params[:id])
end
def ensure_permision_to_administer_reaction
head :forbidden if Current.user != @reaction.reacter
end
end