Revision 752d9eae
Added by Ohad Levy over 10 years ago
| app/models/concerns/authorization.rb | ||
|---|---|---|
|
# editing own user is a special case
|
||
|
if User.current
|
||
|
action = if klass == 'user'
|
||
|
{ :controller => 'users', :action => operation }
|
||
|
{ :controller => 'users', :action => operation, :id => self.id }
|
||
|
else
|
||
|
"#{operation}_#{klasses}".to_sym
|
||
|
end
|
||
| test/functional/users_controller_test.rb | ||
|---|---|---|
|
test 'non admin user should be able to update itself' do
|
||
|
User.current = users(:one)
|
||
|
put :update, { :id => users(:one).id, :user => { :firstname => 'test' } }
|
||
|
assert_response :success
|
||
|
assert_response :redirect
|
||
|
end
|
||
|
|
||
|
test 'non admin user should not be able to edit another user' do
|
||
Also available in: Unified diff
refs #3930 - ensure a user can actually update itself.