there was a minor glitch: non-admins could see links they shouldn't

mamhoff · Dec 10, 2013 · 5c16d21 · 5c16d21
1 parent 2dc024f
commit 5c16d21
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 5 deletions.
diff --git a/app/views/tours/index.html.erb b/app/views/tours/index.html.erb
@@ -3,9 +3,11 @@
 <% @tours.each do |tour| %>
 	<div class="well">
 	<p> <%= tour.name %> 
-	<%= link_to "delete", tour, method: :delete,  
-							data: {confirm: "Are you sure?"},
-							title: tour.name %>
+		<% if user_signed_in? && current_user.has_role?('admin') %>
+		<%= link_to "delete", tour, method: :delete,  
+								data: {confirm: "Are you sure?"},
+								title: tour.name %>
+		<% end %>
 	</p>
 	</div>
 <% end %>

diff --git a/spec/views/tours/index.html.erb_spec.rb b/spec/views/tours/index.html.erb_spec.rb
@@ -1,7 +1,11 @@
 require 'spec_helper'
 
 describe "roles/index.html.erb" do
-  before { visit tours_path }
+  before do
+      FactoryGirl.create(:tour)
+      visit tours_path
+    end
+
   it "should have the word tour index" do
   	expect(page).to have_content("Tour index")
   end
@@ -13,7 +17,6 @@
   describe "signed in as admin" do
 
     before do 
-    FactoryGirl.create(:tour)
     admin = FactoryGirl.create(:user, :admin)
       sign_in admin
       visit tours_path