diff --git a/app/controllers/user_feedbacks_controller.rb b/app/controllers/user_feedbacks_controller.rb
index bc68ffd22..815abbb38 100644
--- a/app/controllers/user_feedbacks_controller.rb
+++ b/app/controllers/user_feedbacks_controller.rb
@@ -49,6 +49,6 @@ class UserFeedbacksController < ApplicationController
private
def check_privilege(user_feedback)
- raise User::PrivilegeError unless (user_feedback.creator_id == CurrentUser.id || CurrentUser.is_moderator?)
+ raise User::PrivilegeError unless user_feedback.editable_by?(CurrentUser.user)
end
end
diff --git a/app/models/user_feedback.rb b/app/models/user_feedback.rb
index 19059f87a..dc7536da4 100644
--- a/app/models/user_feedback.rb
+++ b/app/models/user_feedback.rb
@@ -98,4 +98,8 @@ class UserFeedback < ActiveRecord::Base
return true
end
end
+
+ def editable_by?(editor)
+ (editor.is_moderator? && editor != user) || creator == editor
+ end
end
diff --git a/app/views/user_feedbacks/index.html.erb b/app/views/user_feedbacks/index.html.erb
index d6490f147..005e7d1bc 100644
--- a/app/views/user_feedbacks/index.html.erb
+++ b/app/views/user_feedbacks/index.html.erb
@@ -20,7 +20,7 @@
| <%= compact_time(feedback.created_at) %> |
<%= format_text(feedback.body) %> |
- <% if feedback.creator_id == CurrentUser.id || CurrentUser.is_moderator? %>
+ <% if feedback.editable_by?(CurrentUser.user) %>
<%= link_to "edit", edit_user_feedback_path(feedback) %>
| <%= link_to "delete", user_feedback_path(feedback), :method => :delete, :data => {:confirm => "Are you sure you want to delete this user feedback?"} %>
<% end %>
diff --git a/app/views/user_feedbacks/show.html.erb b/app/views/user_feedbacks/show.html.erb
index 0d45da9bb..34efbfb57 100644
--- a/app/views/user_feedbacks/show.html.erb
+++ b/app/views/user_feedbacks/show.html.erb
@@ -9,7 +9,7 @@
Message <%= format_text @user_feedback.body %>
- <% if @user_feedback.creator_id == CurrentUser.id || CurrentUser.is_moderator? %>
+ <% if @user_feedback.editable_by?(CurrentUser.user) %>
<%= link_to "Edit", edit_user_feedback_path(@user_feedback) %>
<% end %>
diff --git a/test/functional/user_feedbacks_controller_test.rb b/test/functional/user_feedbacks_controller_test.rb
index 806f5d82d..688705d02 100644
--- a/test/functional/user_feedbacks_controller_test.rb
+++ b/test/functional/user_feedbacks_controller_test.rb
@@ -5,6 +5,7 @@ class UserFeedbacksControllerTest < ActionController::TestCase
setup do
@user = FactoryGirl.create(:user)
@critic = FactoryGirl.create(:gold_user)
+ @mod = FactoryGirl.create(:moderator_user)
CurrentUser.user = @critic
CurrentUser.ip_addr = "127.0.0.1"
end
@@ -62,7 +63,7 @@ class UserFeedbacksControllerTest < ActionController::TestCase
context "destroy action" do
setup do
- @user_feedback = FactoryGirl.create(:user_feedback)
+ @user_feedback = FactoryGirl.create(:user_feedback, user: @user)
end
should "delete a feedback" do
@@ -70,6 +71,21 @@ class UserFeedbacksControllerTest < ActionController::TestCase
post :destroy, {:id => @user_feedback.id}, {:user_id => @critic.id}
end
end
+
+ context "by a moderator" do
+ should "allow deleting feedbacks given to other users" do
+ assert_difference "UserFeedback.count", -1 do
+ post :destroy, {:id => @user_feedback.id}, {:user_id => @mod.id}
+ end
+ end
+
+ should "not allow deleting feedbacks given to themselves" do
+ @user_feedback = FactoryGirl.create(:user_feedback, user: @mod)
+ assert_difference "UserFeedback.count", 0 do
+ post :destroy, {:id => @user_feedback.id}, {:user_id => @mod.id}
+ end
+ end
+ end
end
end
end
|