Ensure views only link to those actions allowed for current user

2018-11-30 13:29:04 +01:00
parent d3f67ab4c7
commit 2125fb1c1d
56 changed files with 128 additions and 264 deletions
--- a/app/views/exercises/show.html.slim
+++ b/app/views/exercises/show.html.slim
@@ -7,8 +7,7 @@

 h1
  = @exercise
-  - if policy(@exercise).edit?
-    = render('shared/edit_button', object: @exercise)
+  = render('shared/edit_button', object: @exercise)

 = row(label: 'exercise.title', value: @exercise.title)
 = row(label: 'exercise.user', value: link_to_if(policy(@exercise.author).show?, @exercise.author, @exercise.author))