Merge pull request #2362 from biosistemika/SCI-4300-dropdowns-in-shared-inventories

SCI-4300 skip permission checks for list
2025-02-22 14:54:38 +08:00 · 2020-01-27 15:25:32 +01:00 · 2020-01-27 15:25:32 +01:00 · 7ec874596d
commit 7ec874596d
parent f605c0def3 0d3e8ac3e1
4 changed files with 3 additions and 16 deletions
--- a/app/controllers/repository_columns/checklist_columns_controller.rb
+++ b/app/controllers/repository_columns/checklist_columns_controller.rb
@ -4,7 +4,7 @@ module RepositoryColumns
  class ChecklistColumnsController < BaseColumnsController
    before_action :load_column, only: %i(update destroy items)
    before_action :check_create_permissions, only: :create
-    before_action :check_manage_permissions, only: %i(update destroy items)
+    before_action :check_manage_permissions, only: %i(update destroy)
    helper_method :delimiters

    def create
--- a/app/controllers/repository_columns/list_columns_controller.rb
+++ b/app/controllers/repository_columns/list_columns_controller.rb
@ -4,7 +4,7 @@ module RepositoryColumns
  class ListColumnsController < BaseColumnsController
    before_action :load_column, only: %i(update destroy items)
    before_action :check_create_permissions, only: :create
-    before_action :check_manage_permissions, only: %i(update destroy items)
+    before_action :check_manage_permissions, only: %i(update destroy)
    helper_method :delimiters

    def create
--- a/app/controllers/repository_columns/status_columns_controller.rb
+++ b/app/controllers/repository_columns/status_columns_controller.rb
@ -5,7 +5,7 @@ module RepositoryColumns
    include InputSanitizeHelper
    before_action :load_column, only: %i(update destroy items)
    before_action :check_create_permissions, only: :create
-    before_action :check_manage_permissions, only: %i(update destroy items)
+    before_action :check_manage_permissions, only: %i(update destroy)

    def create
      service = RepositoryColumns::CreateColumnService
--- a/spec/controllers/repository_columns/status_columns_controller_spec.rb
+++ b/spec/controllers/repository_columns/status_columns_controller_spec.rb
@ -262,18 +262,5 @@ RSpec.describe RepositoryColumns::StatusColumnsController, type: :controller do
        expect(response).to(have_http_status(404))
      end
    end
-
-    context 'when user does not have permissions' do
-      before do
-        user_team.role = :guest
-        user_team.save
-      end
-
-      it 'respons with status 403' do
-        action
-
-        expect(response).to(have_http_status(403))
-      end
-    end
  end
 end