From 9a32d27d14644aa77aa0a35f7bedd5321b665424 Mon Sep 17 00:00:00 2001
From: Pete Cheslock <petecheslock@gmail.com>
Date: Fri, 22 Dec 2023 14:27:50 -0500
Subject: [PATCH] Update correct_user to fix broken test and add new test for
 time based profile editing

---
 app/controllers/users_controller.rb       | 12 +++++++-----
 test/controllers/users_controller_test.rb | 17 +++++++++++++++++
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 3ca3c01..89f1c19 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -72,12 +72,14 @@ def user_params
     # Before filters
 
     # Confirms the correct user.
-    def correct_user
-      @user = User.find(params[:id])
-      if Time.now - @user.created_at > 24.hours
-        flash[:danger] = "You can only edit your profile within 24 hours of account creation."
-      end
+  def correct_user
+    @user = User.find(params[:id])
+    if Time.current - @user.created_at > 24.hours
+      flash[:danger] = "You can only edit your profile within 24 hours of account creation."
+      redirect_to(root_url, status: :see_other) and return
     end
+    redirect_to(root_url, status: :see_other) unless current_user?(@user) 
+  end
 
     # Confirms an admin user.
     def admin_user
diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb
index b1193db..cbfaf3f 100644
--- a/test/controllers/users_controller_test.rb
+++ b/test/controllers/users_controller_test.rb
@@ -38,6 +38,23 @@ def setup
     assert_redirected_to root_url
   end
 
+  test "should not allow the user to edit profile after 24 hours of account creation" do
+    @user.update(created_at: 2.days.ago)
+    log_in_as(@user)
+    get edit_user_path(@user)
+    assert_not flash.empty?
+    assert_equal "You can only edit your profile within 24 hours of account creation.", flash[:danger]
+    assert_redirected_to root_url
+  end
+
+  test "should allow the user to edit profile within 24 hours of account creation" do
+    @user.update(created_at: 1.hour.ago)
+    log_in_as(@user)
+    get edit_user_path(@user)
+    assert flash.empty?
+    assert_response :success
+  end
+
   test "should redirect update when logged in as wrong user" do
     log_in_as(@other_user)
     patch user_path(@user), params: { user: { name: @user.name,