From 512a3aeede95a54d08eb24c128a21caec354bc04 Mon Sep 17 00:00:00 2001 From: benji Date: Thu, 29 Oct 2015 15:42:23 +0100 Subject: [PATCH] Rewrite ability --- app/models/ability.rb | 4 +--- spec/models/ability_spec.rb | 1 + 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/app/models/ability.rb b/app/models/ability.rb index 047deee..c489408 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -25,9 +25,7 @@ class Ability def initialize_user(user) can :read, :all can :manage, User, id: user.id - can :create, Order do |order| - order.try(:user) == user - end + can :create, Order, user: user can :destroy, Order do |order| order.try(:user) == user && order.deletable end diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb index 77813ff..2a017d3 100644 --- a/spec/models/ability_spec.rb +++ b/spec/models/ability_spec.rb @@ -24,6 +24,7 @@ describe User do it{ should be_able_to(:destroy, Order.new(user: user, created_at: (Rails.application.config.call_api_after - 1.minutes).ago)) } it{ should_not be_able_to(:destroy, Order.new(user: user, created_at: 10.minutes.ago)) } it{ should_not be_able_to(:create, Order.new) } + it{ should_not be_able_to(:create, Order.new(user: create(:user))) } it{ should_not be_able_to(:update, Order.new) } it{ should be_able_to(:read, Product.new) }