From 5932d8d3a34ebb9610b866904e5f1149f635cb52 Mon Sep 17 00:00:00 2001 From: nonamethanks Date: Wed, 1 Jun 2022 14:07:30 +0200 Subject: [PATCH] BURs: don't allow edits to approved scripts Also fix bad formatting for non-admins in BUR index --- app/policies/bulk_update_request_policy.rb | 2 +- app/views/bulk_update_requests/_bur_edit_links.html.erb | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/policies/bulk_update_request_policy.rb b/app/policies/bulk_update_request_policy.rb index c8246987a..7027443c7 100644 --- a/app/policies/bulk_update_request_policy.rb +++ b/app/policies/bulk_update_request_policy.rb @@ -6,7 +6,7 @@ class BulkUpdateRequestPolicy < ApplicationPolicy end def update? - unbanned? && (user.is_admin? || record.user_id == user.id) + unbanned? && !record.is_approved? && (user.is_admin? || record.user_id == user.id) end def approve? diff --git a/app/views/bulk_update_requests/_bur_edit_links.html.erb b/app/views/bulk_update_requests/_bur_edit_links.html.erb index def972e05..0321f12f5 100644 --- a/app/views/bulk_update_requests/_bur_edit_links.html.erb +++ b/app/views/bulk_update_requests/_bur_edit_links.html.erb @@ -1,9 +1,9 @@ <%# bur %> -<%= link_to_if policy(bur).approve?, "Approve", approve_bulk_update_request_path(bur), remote: true, method: :post, "data-confirm": "Are you sure you want to approve this bulk update request?" %> | +<%= link_to_if policy(bur).approve?, "Approve", approve_bulk_update_request_path(bur), remote: true, method: :post, "data-confirm": "Are you sure you want to approve this bulk update request?" %> <% if policy(bur).destroy? %> - <%= link_to "Reject", bur, remote: true, method: :delete, "data-confirm": "Are you sure you want to reject this bulk update request?" %> | + | <%= link_to "Reject", bur, remote: true, method: :delete, "data-confirm": "Are you sure you want to reject this bulk update request?" %> <% end %> <% if policy(bur).update? %> - <%= link_to "Edit", edit_bulk_update_request_path(bur), :"data-shortcut" => "e" %> + | <%= link_to "Edit", edit_bulk_update_request_path(bur), :"data-shortcut" => "e" %> <% end %>