Introduce an "owner" role, and prevent it from being administered
to prevent the owner from being demoted or kicked out. ref: https://app.fizzy.do/5986089/cards/3213
This commit is contained in:
@@ -41,6 +41,20 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
|
||||
assert_nil User.active.find_by(id: users(:david).id)
|
||||
end
|
||||
|
||||
test "admin cannot deactivate the owner" do
|
||||
sign_in_as :kevin
|
||||
|
||||
assert users(:jason).owner?
|
||||
assert users(:jason).active
|
||||
|
||||
assert_no_difference -> { User.active.count } do
|
||||
delete user_path(users(:jason))
|
||||
end
|
||||
|
||||
assert_response :forbidden
|
||||
assert users(:jason).reload.active
|
||||
end
|
||||
|
||||
test "non-admins cannot perform actions" do
|
||||
sign_in_as :jz
|
||||
|
||||
|
||||
Reference in New Issue
Block a user