Merge pull request #5197 from nonamethanks/fix-bur-links

BURs: don't allow edits to approved scripts

app/policies/bulk_update_request_policy.rb

@@ -6,7 +6,7 @@ class BulkUpdateRequestPolicy < ApplicationPolicy
   end
 
   def update?
-    unbanned? && (user.is_admin? || record.user_id == user.id)
+    unbanned? && !record.is_approved? && (user.is_admin? || record.user_id == user.id)
   end
 
   def approve?

app/views/bulk_update_requests/_bur_edit_links.html.erb

@@ -1,9 +1,9 @@
 <%# bur %>
 
-<%= link_to_if policy(bur).approve?, "Approve", approve_bulk_update_request_path(bur), remote: true, method: :post, "data-confirm": "Are you sure you want to approve this bulk update request?" %> |
+<%= link_to_if policy(bur).approve?, "Approve", approve_bulk_update_request_path(bur), remote: true, method: :post, "data-confirm": "Are you sure you want to approve this bulk update request?" %>
 <% if policy(bur).destroy? %>
-  <%= link_to "Reject", bur, remote: true, method: :delete, "data-confirm": "Are you sure you want to reject this bulk update request?" %> |
+  | <%= link_to "Reject", bur, remote: true, method: :delete, "data-confirm": "Are you sure you want to reject this bulk update request?" %>
 <% end %>
 <% if policy(bur).update? %>
-  <%= link_to "Edit", edit_bulk_update_request_path(bur), :"data-shortcut" => "e" %>
+  | <%= link_to "Edit", edit_bulk_update_request_path(bur), :"data-shortcut" => "e" %>
 <% end %>