Only admins can manage join codes
This commit is contained in:
@@ -1,5 +1,6 @@
|
||||
class Account::JoinCodesController < ApplicationController
|
||||
before_action :set_join_code
|
||||
before_action :ensure_admin, only: %i[ update destroy ]
|
||||
|
||||
def show
|
||||
end
|
||||
|
||||
@@ -23,4 +23,18 @@ class Account::JoinCodesControllerTest < ActionDispatch::IntegrationTest
|
||||
assert_equal 5, Account::JoinCode.sole.usage_limit
|
||||
assert_redirected_to account_join_code_path
|
||||
end
|
||||
|
||||
test "update requires admin" do
|
||||
logout_and_sign_in_as :david
|
||||
|
||||
put account_join_code_path, params: { account_join_code: { usage_limit: 5 } }
|
||||
assert_response :forbidden
|
||||
end
|
||||
|
||||
test "destroy requires admin" do
|
||||
logout_and_sign_in_as :david
|
||||
|
||||
delete account_join_code_path
|
||||
assert_response :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user