Refactor the attachments controller

kasugaijin / baja-pet-rescue

Kasugaijin's open-source Ruby on Rails production app that enables dog rescue organisation staff in Mexico to post dogs and receive applications for adoption from users in USA and Canada..

27 stars 9 forks source link

Refactor the attachments controller #61

Closed kasugaijin closed 1 year ago

kasugaijin commented 1 year ago

Currently there are no before_action filters to delete an active storage attachment (used for dog images). This flow needs to have a filter put in place (check it's a verified staff ) before allowing purging of an attachment.

Tests should also be added to org dogs test to confirm the filter works i.e., test shows that anyone who is not a verified staff in the same org as the dog should not be able to delete an attachment.

kasugaijin commented 1 year ago

Added filter to check it is verified staff before calling the delete attachment action. Added integration test to org_dogs_tests.rb to ensure a user who is not verified staff cannot use a URL to delete an image.