Skip to content

Commit

Permalink
Allow authorize_resource to be called on index (#1234)
Browse files Browse the repository at this point in the history
Fixes #1233 and #1822.
westonganger authored Nov 13, 2020
1 parent 7a217b6 commit f048ff4
Showing 3 changed files with 8 additions and 12 deletions.
1 change: 1 addition & 0 deletions app/controllers/administrate/application_controller.rb
Original file line number Diff line number Diff line change
@@ -3,6 +3,7 @@ class ApplicationController < ActionController::Base
protect_from_forgery with: :exception

def index
authorize_resource(resource_class)
search_term = params[:search].to_s.strip
resources = Administrate::Search.new(scoped_resource,
dashboard_class,
17 changes: 6 additions & 11 deletions spec/controllers/admin/orders_controller_spec.rb
Original file line number Diff line number Diff line change
@@ -12,21 +12,16 @@ def pundit_user
end
end

let!(:user) { create :customer }
let(:user) { create(:customer) }

before(:each) do
# Create a few orders for the user and a few for other customers
create_list :order, 4, customer: create(:customer)
create_list :order, 7, customer: user
create_list :order, 2, customer: create(:customer)
create_list :order, 2, customer: user
end

# Policies are defined in order_policy.rb
describe "GET index" do
it "shows only the records in the admin scope" do
order = create(:order, customer: user)
_missing_order = create(:order)

locals = capture_view_locals { get :index }
expect(locals[:resources].count).to eq(9) # only my orders

expect(locals[:resources]).to contain_exactly(order)
end
end

2 changes: 1 addition & 1 deletion spec/example_app/app/policies/application_policy.rb
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@ def initialize(user, record)
end

def index?
false
true
end

def show?

0 comments on commit f048ff4

Please sign in to comment.