Change reaction admin permission check to be in-line with other controllers
This commit is contained in:
@@ -2,6 +2,8 @@ class Cards::Comments::ReactionsController < ApplicationController
|
||||
include CardScoped
|
||||
|
||||
before_action :set_comment
|
||||
before_action :set_reaction, only: %i[ destroy ]
|
||||
before_action :ensure_permision_to_administer_reaction, only: %i[ destroy ]
|
||||
|
||||
def index
|
||||
end
|
||||
@@ -14,17 +16,19 @@ class Cards::Comments::ReactionsController < ApplicationController
|
||||
end
|
||||
|
||||
def destroy
|
||||
@reaction = @comment.reactions.find(params[:id])
|
||||
|
||||
if Current.user != @reaction.reacter
|
||||
head :forbidden
|
||||
else
|
||||
@reaction.destroy
|
||||
end
|
||||
@reaction.destroy
|
||||
end
|
||||
|
||||
private
|
||||
def set_comment
|
||||
@comment = @card.comments.find(params[:comment_id])
|
||||
end
|
||||
|
||||
def set_reaction
|
||||
@reaction = @comment.reactions.find(params[:id])
|
||||
end
|
||||
|
||||
def ensure_permision_to_administer_reaction
|
||||
head :forbidden if Current.user != @reaction.reacter
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user