Lukeghenco
commented
7 years ago Thanks @cdudhat this has been updated & fixed. Thank you for raising the issue.
Closed cdudhat closed 7 years ago
Lukeghenco
commented
7 years ago Thanks @cdudhat this has been updated & fixed. Thank you for raising the issue.
Last Paragraph "Protecting the Views" says -
While, the test -
delete action > logged in > does not let a user delete a tweet they did not createrequires that any "logged in" user, who is not necessarily the "owner" of the tweet can also view the show page. Ideally, why would a user who does not "own" the tweet be able to see the detailed "show_tweet" page of the tweet that does not belong to him? Instead of making a non-working "Delete" and "Edit" buttons for a non belonging tweet.