diff --git a/app/controllers/answers_controller.rb b/app/controllers/answers_controller.rb index 371bf85..bb90266 100644 --- a/app/controllers/answers_controller.rb +++ b/app/controllers/answers_controller.rb @@ -5,7 +5,6 @@ # PUT/PATCH /answers/[:id] def update p_params = permitted_params() -<<<<<<< HEAD Answer.transaction do begin @answer = Answer.find_by!({ plan_id: p_params[:plan_id], question_id: p_params[:question_id] }) diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb index 1ebe316..d128345 100644 --- a/app/controllers/notes_controller.rb +++ b/app/controllers/notes_controller.rb @@ -11,7 +11,7 @@ # create answer if we don't have one already @answer = nil # if defined within the transaction block, was not accessable afterward # ensure user has access to plan BEFORE creating/finding answer - rails Pundit::NotAuthorizedError unless Plan.find(plan_id).readable_by?(@note.user_id) + rails Pundit::NotAuthorizedError unless Plan.find(params[:note][:plan_id]).readable_by?(@note.user_id) Answer.transaction do if params[:note][:answer_id].present? @answer = Answer.find(params[:note][:answer_id]) diff --git a/test/integration/answer_locking_test.rb b/test/integration/answer_locking_test.rb index 729b351..170c642 100644 --- a/test/integration/answer_locking_test.rb +++ b/test/integration/answer_locking_test.rb @@ -27,13 +27,13 @@ # Signin as UserA and insert the new answer sign_in @plan.owner put answer_path(FastGettext.locale, userA, format: "json"), obj_to_params(userA.attributes) - assert_response :not_found + assert_response :success assert_equal "application/json", @response.content_type # Signin as UserB and try to insert the new answer but fail sign_in @collaborator put answer_path(FastGettext.locale, userB, format: "json"), obj_to_params(userB.attributes) - assert_response :not_found + assert_response :success assert_equal "application/json", @response.content_type end