File tree Expand file tree Collapse file tree 3 files changed +13
-2
lines changed
Expand file tree Collapse file tree 3 files changed +13
-2
lines changed Original file line number Diff line number Diff line change @@ -32,6 +32,8 @@ def update
3232 end
3333
3434 def destroy
35+ authorize! :update , :public_project
36+
3537 if @project . destroy
3638 head :ok
3739 else
Original file line number Diff line number Diff line change 33require 'rails_helper'
44
55RSpec . describe 'Destroying a public project' , type : :request do
6- let ( :destroyer ) { build ( :user ) }
6+ let ( :destroyer ) { build ( :experience_cs_admin_user ) }
77 let ( :project ) { create ( :project , locale : 'en' ) }
88 let ( :headers ) { { Authorization : UserProfileMock ::TOKEN } }
99
2626 expect ( response ) . to have_http_status ( :unauthorized )
2727 end
2828
29+ context 'when destroyer is not an experience-cs admin' do
30+ let ( :destroyer ) { build ( :user ) }
31+
32+ it 'responds 403 Forbidden' do
33+ delete ( "/api/public_projects/#{ project . identifier } , headers :)
34+ expect ( response ) . to have_http_status ( :forbidden )
35+ end
36+ end
37+
2938 it 'responds 404 Not Found when project is not found' do
3039 delete ( '/api/public_projects/another-identifier' , headers :)
3140 expect ( response ) . to have_http_status ( :not_found )
Original file line number Diff line number Diff line change 66 let ( :locale ) { 'fr' }
77 let ( :project_loader ) { instance_double ( ProjectLoader ) }
88 let ( :project ) { create ( :project , locale : 'en' ) }
9- let ( :destroyer ) { build ( :user ) }
9+ let ( :destroyer ) { build ( :experience_cs_admin_user ) }
1010
1111 context 'when auth is correct' do
1212 let ( :headers ) { { Authorization : UserProfileMock ::TOKEN } }
You can’t perform that action at this time.
0 commit comments