diff --git a/app/controllers/invitations_controller.rb b/app/controllers/invitations_controller.rb index ee3865bd491..020b4707ca9 100644 --- a/app/controllers/invitations_controller.rb +++ b/app/controllers/invitations_controller.rb @@ -5,6 +5,12 @@ def new end def create + unless Current.user.admin? + flash[:alert] = t(".failure") + redirect_to settings_profile_path + return + end + @invitation = Current.family.invitations.build(invitation_params) @invitation.inviter = Current.user diff --git a/app/models/invitation.rb b/app/models/invitation.rb index 119fbc46dd7..41770b50ac4 100644 --- a/app/models/invitation.rb +++ b/app/models/invitation.rb @@ -32,9 +32,6 @@ def set_expiration end def inviter_is_admin - unless inviter.admin? - errors.add(:role, "can only be set to member for non-admin inviters") - self.role = "member" - end + inviter.admin? end end diff --git a/test/controllers/invitations_controller_test.rb b/test/controllers/invitations_controller_test.rb index 28d446ea3d0..d6bdcacbe70 100644 --- a/test/controllers/invitations_controller_test.rb +++ b/test/controllers/invitations_controller_test.rb @@ -31,10 +31,10 @@ class InvitationsControllerTest < ActionDispatch::IntegrationTest assert_equal I18n.t("invitations.create.success"), flash[:notice] end - test "non-admin cannot create admin invitation" do + test "non-admin cannot create invitations" do sign_in users(:family_member) - assert_difference("Invitation.count") do + assert_no_difference("Invitation.count") do post invitations_url, params: { invitation: { email: "new@example.com", @@ -43,8 +43,8 @@ class InvitationsControllerTest < ActionDispatch::IntegrationTest } end - invitation = Invitation.last - assert_equal "member", invitation.role # Role should be downgraded to member + assert_redirected_to settings_profile_path + assert_equal I18n.t("invitations.create.failure"), flash[:alert] end test "admin can create admin invitation" do