Update correct_user to fix broken test and add new test for time based

profile editing
land-of-apps · Dec 22, 2023 · 9a32d27 · 9a32d27
1 parent 0b9f965
commit 9a32d27
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 5 deletions.
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -72,12 +72,14 @@ def user_params
     # Before filters
 
     # Confirms the correct user.
-    def correct_user
-      @user = User.find(params[:id])
-      if Time.now - @user.created_at > 24.hours
-        flash[:danger] = "You can only edit your profile within 24 hours of account creation."
-      end
+  def correct_user
+    @user = User.find(params[:id])
+    if Time.current - @user.created_at > 24.hours
+      flash[:danger] = "You can only edit your profile within 24 hours of account creation."
+      redirect_to(root_url, status: :see_other) and return
     end
+    redirect_to(root_url, status: :see_other) unless current_user?(@user) 
+  end
 
     # Confirms an admin user.
     def admin_user

diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb
@@ -38,6 +38,23 @@ def setup
     assert_redirected_to root_url
   end
 
+  test "should not allow the user to edit profile after 24 hours of account creation" do
+    @user.update(created_at: 2.days.ago)
+    log_in_as(@user)
+    get edit_user_path(@user)
+    assert_not flash.empty?
+    assert_equal "You can only edit your profile within 24 hours of account creation.", flash[:danger]
+    assert_redirected_to root_url
+  end
+
+  test "should allow the user to edit profile within 24 hours of account creation" do
+    @user.update(created_at: 1.hour.ago)
+    log_in_as(@user)
+    get edit_user_path(@user)
+    assert flash.empty?
+    assert_response :success
+  end
+
   test "should redirect update when logged in as wrong user" do
     log_in_as(@other_user)
     patch user_path(@user), params: { user: { name: @user.name,