authorizing destroy reviews requests

baf3ebbe · Mauricio Giacomini Girardello · 282833dd · baf3ebbe · baf3ebbe · baf3ebbe
Commit baf3ebbe authored 8 years ago by Mauricio Giacomini Girardello
--- a/app/controllers/concerns/reviewable_controller.rb
+++ b/app/controllers/concerns/reviewable_controller.rb
@@ -45,7 +45,7 @@ module ReviewableController
    rate = Rate.where(user: current_user, review: @review).first_or_initialize
    if rate.update(approves: approves)
-      render json: rate, status: :ok
+      render json: rate, status: :created
    else
      render json: rate.errors, status: :unprocessable_entity
    end

--- a/app/policies/review_policy.rb
+++ b/app/policies/review_policy.rb
@@ -5,18 +5,20 @@ class ReviewPolicy < ApplicationPolicy
  end
  def update?
-    record if owns?
+    record if own?
  end
  def destroy?
-    record if record.user == user
+    record if own?
  end
  def rate?
    record if user_exists?
  end
-  def owner
+  private
-    record.users
+  def own?
+    record.user == user
  end
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -35,7 +35,6 @@ Rails.application.routes.draw do
    mount_devise_token_auth_for 'User', skip: [:omniauth_callbacks], at: :auth
  end
-  # devise_for :users, :controllers => { :omniauth_callbacks => "callbacks" }
  namespace :v1 do
    resources :users, concerns: :followable do
      member do