使用者 update course 的話,必須是當初創作者才可以更新
如 edit 時做過的一樣,先改測試 spec/controllers/courses_controller_spec.rb:
diff --git a/spec/controllers/courses_controller_spec.rb b/spec/controllers/courses_controller_spec.rb
index a1d4e5d..1e7c44c 100644
--- a/spec/controllers/courses_controller_spec.rb
+++ b/spec/controllers/courses_controller_spec.rb
@@ -150,51 +150,67 @@ RSpec.describe CoursesController, type: :controller do
end
describe "PUT update" do
- let(:user) { create(:user) }
- before { sign_in user }
+ let(:author) { create(:user) }
+ let(:not_author) { create(:user) }
- context "when course has title" do
- it "assigns @course" do
- course = create(:course)
+ context "sign in as author" do
+ before { sign_in author }
- put :update, params: { id: course.id, course: { title: "Title", description: "Description" } }
+ context "when course has title" do
+ it "assigns @course" do
+ course = create(:course, user: author)
- expect(assigns[:course]).to eq(course)
- end
+ put :update, params: { id: course.id, course: { title: "Title", description: "Description" } }
- it "changes value" do
- course = create(:course)
+ expect(assigns[:course]).to eq(course)
+ end
- put :update, params: { id: course.id, course: { title: "Title", description: "Description" } }
+ it "changes value" do
+ course = create(:course, user: author)
- expect(assigns[:course].title).to eq("Title")
- expect(assigns[:course].description).to eq("Description")
- end
+ put :update, params: { id: course.id, course: { title: "Title", description: "Description" } }
+
+ expect(assigns[:course].title).to eq("Title")
+ expect(assigns[:course].description).to eq("Description")
+ end
- it "redirects to course_path" do
- course = create(:course)
+ it "redirects to course_path" do
+ course = create(:course, user: author)
- put :update, params: { id: course.id, course: { title: "Title", description: "Description" } }
+ put :update, params: { id: course.id, course: { title: "Title", description: "Description" } }
- expect(response).to redirect_to course_path(course)
+ expect(response).to redirect_to course_path(course)
+ end
end
- end
- context "when course doesn't have title " do
- it "doesn't update a record " do
- course = create(:course)
+ context "when course doesn't have title " do
+ it "doesn't update a record " do
+ course = create(:course, user: author)
+
+ put :update, params: { id: course.id, course: { title: "", description: "Description" } }
+
+ expect(course.description).not_to eq("Description")
+ end
- put :update, params: { id: course.id, course: { title: "", description: "Description" } }
+ it "renders edit template" do
+ course = create(:course, user: author)
- expect(course.description).not_to eq("Description")
+ put :update, params: { id: course.id, course: { title: "", description: "Description" } }
+
+ expect(response).to render_template("edit")
+ end
end
+ end
- it "renders edit template" do
- course = create(:course)
+ context "sign in not as author" do
+ before { sign_in not_author }
- put :update, params: { id: course.id, course: { title: "", description: "Description" } }
+ it "raises an error" do
+ course = create(:course, user: author)
- expect(response).to render_template("edit")
+ expect do
+ put :update, params: { id: course.id, course: { title: "", description: "Description" } }
+ end.to raise_error ActiveRecord::RecordNotFound
end
end
end
再修改代碼 app/controllers/courses_controller.rb:
diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb
index f1654d3..47dfef9 100644
--- a/app/controllers/courses_controller.rb
+++ b/app/controllers/courses_controller.rb
@@ -29,7 +29,7 @@ class CoursesController < ApplicationController
end
def update
- @course = Course.find(params[:id])
+ @course = current_user.courses.find(params[:id])
if @course.update(course_params)
redirect_to course_path(@course)
即可。