[openstreetmap/openstreetmap-website] Revoking administrator role on current user should fail (#1701)

Tom Hughes notifications at github.com
Mon Dec 18 21:06:34 UTC 2017


tomhughes requested changes on this pull request.



> @@ -8,6 +8,7 @@ class UserRolesController < ApplicationController
   before_action :require_valid_role
   before_action :not_in_role, :only => [:grant]
   before_action :in_role, :only => [:revoke]
+  before_action :not_revoke_admin_current_user

This should only be applied to the `revoke` method but in fact this is so specific that I don't think there's any point making it a filter - the point of filters is that they can be shared across multiple methods but these even has the method name in it's name so clearly it only ever makes sense to apply it to revoke.

As such I would just put the logic in the `revoke` method and get rid of the filter.

> @@ -134,5 +134,9 @@ def test_revoke
     end
     assert_redirected_to user_path(target_user.display_name)
     assert_equal "The string `no_such_role' is not a valid role.", flash[:error]
+
+    # Revoking administrator role from current user should fail
+    post :revoke, :params => { :display_name => administrator_user.display_name, :role => "administrator" }
+    assert_redirected_to user_path(administrator_user.display_name)

Can we assert that the flash message is shown here... I think there some examples of doing it in other tests.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/1701#pullrequestreview-84269604
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20171218/fa01b57b/attachment.html>


More information about the rails-dev mailing list