Permalink
Browse files

Changed default destroy conditions to false

This will make gem users be obligated to override the default
gem's destroy conditions and should prevent systems that accidentally
allow comments to be destroyed by anyone.
  • Loading branch information...
Draiken committed Jul 24, 2012
1 parent 0f1a2b3 commit 5bdcb5ccb8c82197d569d7cf9a4881f82ff0b2a0
Showing with 7 additions and 1 deletion.
  1. +1 −0 CHANGELOG.md
  2. +5 −0 features/step_definitions/remove_comment_steps.rb
  3. +1 −1 lib/opinio.rb
View
@@ -3,6 +3,7 @@
## 0.5.1
* Added two new methods for easy customization of the controller's flow: `opinio_after_create_path` and `opinio_after_destroy_path`
+* Changed default destroy conditions to false to prevent unsecure behaviour
## 0.5
@@ -14,6 +14,11 @@
end
When /^I remove that comment$/ do
+ # forces any comment to be destroyed by anyone
+ Opinio.set_destroy_conditions do
+ true
+ end
+
within("#comment_#{@comment.id}") do
click_link 'Delete'
end
View
@@ -26,7 +26,7 @@ module Controllers
@@interval_between_comments = false
mattr_accessor :destroy_conditions
- @@destroy_conditions = Proc.new { true }
+ @@destroy_conditions = Proc.new { false }
mattr_accessor :current_user_method
@@current_user_method = :current_user

0 comments on commit 5bdcb5c

Please sign in to comment.