Avoid losing access to a Collection when updating entropy

ref: https://37s.fizzy.37signals.com/collections/2/cards/820
This commit is contained in:
Mike Dalessio
2025-06-12 13:43:13 -04:00
parent 4ecde2f2d7
commit 5430355da6
2 changed files with 21 additions and 1 deletions
+5 -1
View File
@@ -17,7 +17,7 @@ class CollectionsController < ApplicationController
def update
@collection.update! collection_params
@collection.accesses.revise granted: grantees, revoked: revokees
@collection.accesses.revise granted: grantees, revoked: revokees if grantees_changed?
redirect_to edit_collection_path(@collection), notice: "Collection updated"
end
@@ -47,4 +47,8 @@ class CollectionsController < ApplicationController
def grantee_ids
params.fetch :user_ids, []
end
def grantees_changed?
params.key?(:user_ids)
end
end
@@ -45,6 +45,22 @@ class CollectionsControllerTest < ActionDispatch::IntegrationTest
assert_not collections(:writebook).all_access?
end
test "update collection with granular permissions, submitting no user ids" do
assert_not collections(:private).all_access?
collections(:private).users = [ users(:kevin) ]
collections(:private).save!
patch collection_path(collections(:private)), params: {
collection: { name: "Renamed" }
}
assert_redirected_to edit_collection_path(collections(:private))
assert_equal "Renamed", collections(:private).reload.name
assert_equal [ users(:kevin) ], collections(:private).users
assert_not collections(:private).all_access?
end
test "update all access" do
collection = Current.set(session: sessions(:kevin)) do
Collection.create! name: "New collection", all_access: false