search

learn-co-curriculum / sinatra-fwitter-group-project

Other
2 stars 318 forks source link

Stricter Test for Edit Action #36

Closed SuperConfuserUser closed 6 years ago

SuperConfuserUser commented 6 years ago

My project passed the application_controller_spec test line 316 'does not let a user edit a tweet they did not create' without checking if the @tweet.user == current_user. I was also still able to edit a tweet as another user when testing on shotgun.

get '/tweets/:id/edit' do
    @tweet = Tweet.find(params[:id])
    if logged_in?
       erb :'tweets/edit_tweet'
     else
      redirect "/login"
    end
end

The delete action version of this test on line 394 'does not let a user delete a tweet they did not create is good. It works because of the extra test on line 409 checking if the tweet to still exists.

Add a similar test to the edit action version between line 330 and 331 to check that content didn't change.

curiositypaths commented 6 years ago

Thanks for reporting this issue. We're now aware of it and are tracking it in

37. We will add this to our internal work queue and notify you when it is resolved.

We're closing this issue but invite you to follow progress at that URL.

-- Flatiron Curriculum Team