Change permissions for updating

code-dot-org · Feb 26, 2018 · 659540c · 659540c
1 parent 08d0873
commit 659540c
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/dashboard/app/models/ability.rb b/dashboard/app/models/ability.rb
@@ -106,6 +106,7 @@ def initialize(user)
           workshop.facilitators.include? user
         end
         can [:read, :start, :end, :workshop_survey_report, :summary, :filter], Pd::Workshop, facilitators: {id: user.id}
+        can [:read, :update], Pd::Workshop, organizer_id: user.id
         can :create, Pd::Workshop do |_|
           Pd::CourseFacilitator.exists?(facilitator: user, course: Pd::Workshop::COURSE_CSF)
         end

diff --git a/dashboard/test/controllers/api/v1/pd/workshops_controller_test.rb b/dashboard/test/controllers/api/v1/pd/workshops_controller_test.rb
@@ -327,9 +327,20 @@ class Api::V1::Pd::WorkshopsControllerTest < ::ActionController::TestCase
     assert_response :forbidden
   end
 
+  test 'Facilitators can update workshops they organized' do
+    sign_in(@facilitator)
+
+    workshop = create :pd_workshop, organizer: @facilitator
+    put :update, params: {
+      id: workshop.id,
+      pd_workshop: workshop_params
+    }
+    assert_response :success
+  end
+
   test_user_gets_response_for(
     :update,
-    name: 'facilitators cannot update workshops',
+    name: 'facilitators cannot update workshops they did not organize',
     method: :put,
     response: :forbidden,
     user: -> {@facilitator},