search

manuelmorales / teamtrick

Open source web application to implement Scrum built with Ruby on Rails.
http://team-trick.net
GNU Affero General Public License v3.0
36 stars 5 forks source link

task access #47

Open deanlxvii opened 13 years ago

deanlxvii commented 13 years ago

Only an administrator can create, edit or delete a task. The code suggests otherwise (task_controller.rb):

def show_authorized?
  current_user_is_admin_or?(:product_owner, :scrum_master, :team_member)
end

def create_authorized?
  current_user_is_admin_or?(:product_owner, :scrum_master, :team_member)
end

def update_authorized?
  current_user_is_admin_or?(:product_owner, :scrum_master, :team_member)
end

def delete_authorized?
  current_user_is_admin_or?(:product_owner, :scrum_master, :team_member)
end

It also suggests everybody has access, so deleting this block solved my problem. But the question remains why that block of code doesn't work, it seems to work in the other controllers.

manuelmorales commented 13 years ago

Hello deanlxvii. Thank you very much for reporting it. Certainly, the intention of the code is that, and the tests regarding that lines of code runs ok. You can try them with this:

spec spec/controllers/tasks_controller_spec.rb

ActiveScaffold is putting the logic behind those methods. I'll give it a deeper look as soon as I can.

deanlxvii commented 13 years ago

After a bit of a struggle to installing the right rspec version I tried:

spec spec/controllers/tasks_controller_spec.rb

tests are all green, 49 examples, 0 failures.