Skip to content

Commit 95bd19f

Browse files
LindseyBLindseyB
committed
Non-admins cannot edit blog entires.
1 parent a07b5ee commit 95bd19f

2 files changed

Lines changed: 15 additions & 1 deletion

File tree

features/blog.feature

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,4 +37,13 @@ Feature: The Hackety Blog
3737
And I am on the post page for the post with the title "new title"
3838
And I should see "new title"
3939
And I should see "new body"
40-
40+
Scenario: Not logged in users cannot edit a post
41+
Given I'm not logged in
42+
And there is a blog post with the title "First Post"
43+
And I go to the edit post page for the post with the title "First Post"
44+
Then I should see "Sorry, buddy"
45+
Scenario: Non-admin users cannot edit a post
46+
Given I'm logged in
47+
And there is a blog post with the title "First Post"
48+
And I go to the edit post page for the post with the title "First Post"
49+
Then I should see "Sorry, buddy"

hackety.rb

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,11 @@
5858
end
5959

6060
get "/posts/:id/edit" do
61+
unless current_user.admin?
62+
flash[:notice] = "Sorry, buddy"
63+
redirect "/posts"
64+
end
65+
6166
@post = Post.find(params[:id])
6267
haml :posts_edit
6368
end

0 commit comments

Comments
 (0)