Introduce an "owner" role, and prevent it from being administered
to prevent the owner from being demoted or kicked out. ref: https://app.fizzy.do/5986089/cards/3213
This commit is contained in:
@@ -18,5 +18,29 @@ class Users::RolesControllerTest < ActionDispatch::IntegrationTest
|
||||
assert_no_changes -> { users(:david).reload.role } do
|
||||
put user_role_path(users(:david)), params: { user: { role: "system" } }
|
||||
end
|
||||
|
||||
assert_no_changes -> { users(:david).reload.role } do
|
||||
put user_role_path(users(:david)), params: { user: { role: "owner" } }
|
||||
end
|
||||
end
|
||||
|
||||
test "admin cannot demote the owner" do
|
||||
assert users(:jason).owner?
|
||||
|
||||
assert_no_changes -> { users(:jason).reload.role } do
|
||||
put user_role_path(users(:jason)), params: { user: { role: "admin" } }
|
||||
end
|
||||
|
||||
assert_response :forbidden
|
||||
end
|
||||
|
||||
test "admin cannot change owner role to member" do
|
||||
assert users(:jason).owner?
|
||||
|
||||
assert_no_changes -> { users(:jason).reload.role } do
|
||||
put user_role_path(users(:jason)), params: { user: { role: "member" } }
|
||||
end
|
||||
|
||||
assert_response :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user