Avoid losing access to a Collection when updating entropy
ref: https://37s.fizzy.37signals.com/collections/2/cards/820
This commit is contained in:
@@ -17,7 +17,7 @@ class CollectionsController < ApplicationController
|
||||
|
||||
def update
|
||||
@collection.update! collection_params
|
||||
@collection.accesses.revise granted: grantees, revoked: revokees
|
||||
@collection.accesses.revise granted: grantees, revoked: revokees if grantees_changed?
|
||||
|
||||
redirect_to edit_collection_path(@collection), notice: "Collection updated"
|
||||
end
|
||||
@@ -47,4 +47,8 @@ class CollectionsController < ApplicationController
|
||||
def grantee_ids
|
||||
params.fetch :user_ids, []
|
||||
end
|
||||
|
||||
def grantees_changed?
|
||||
params.key?(:user_ids)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -45,6 +45,22 @@ class CollectionsControllerTest < ActionDispatch::IntegrationTest
|
||||
assert_not collections(:writebook).all_access?
|
||||
end
|
||||
|
||||
test "update collection with granular permissions, submitting no user ids" do
|
||||
assert_not collections(:private).all_access?
|
||||
|
||||
collections(:private).users = [ users(:kevin) ]
|
||||
collections(:private).save!
|
||||
|
||||
patch collection_path(collections(:private)), params: {
|
||||
collection: { name: "Renamed" }
|
||||
}
|
||||
|
||||
assert_redirected_to edit_collection_path(collections(:private))
|
||||
assert_equal "Renamed", collections(:private).reload.name
|
||||
assert_equal [ users(:kevin) ], collections(:private).users
|
||||
assert_not collections(:private).all_access?
|
||||
end
|
||||
|
||||
test "update all access" do
|
||||
collection = Current.set(session: sessions(:kevin)) do
|
||||
Collection.create! name: "New collection", all_access: false
|
||||
|
||||
Reference in New Issue
Block a user