WIP: Ensure that user has signin permission

And that app is not retired. I am still not sure how much should go in the "scope" vs in the Pundit policy.
alphagov · Sep 25, 2023 · f44b8d3 · f44b8d3
1 parent f3152be
commit f44b8d3
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/app/controllers/account/signin_permissions_controller.rb b/app/controllers/account/signin_permissions_controller.rb
@@ -16,13 +16,13 @@ def create
   end
 
   def delete
-    @application = Doorkeeper::Application.not_retired.find(params[:application_id])
+    @application = Doorkeeper::Application.can_signin(current_user).find(params[:application_id])
 
     authorize @application, :remove_signin_permission?, policy_class: AccountApplicationsPolicy
   end
 
   def destroy
-    application = Doorkeeper::Application.not_retired.find(params[:application_id])
+    application = Doorkeeper::Application.can_signin(current_user).find(params[:application_id])
 
     authorize application, :remove_signin_permission?, policy_class: AccountApplicationsPolicy