Revision 752d9eae
Added by Ohad Levy over 10 years ago
app/models/concerns/authorization.rb | ||
---|---|---|
# editing own user is a special case
|
||
if User.current
|
||
action = if klass == 'user'
|
||
{ :controller => 'users', :action => operation }
|
||
{ :controller => 'users', :action => operation, :id => self.id }
|
||
else
|
||
"#{operation}_#{klasses}".to_sym
|
||
end
|
test/functional/users_controller_test.rb | ||
---|---|---|
test 'non admin user should be able to update itself' do
|
||
User.current = users(:one)
|
||
put :update, { :id => users(:one).id, :user => { :firstname => 'test' } }
|
||
assert_response :success
|
||
assert_response :redirect
|
||
end
|
||
|
||
test 'non admin user should not be able to edit another user' do
|
Also available in: Unified diff
refs #3930 - ensure a user can actually update itself.