From f44b8d3c643fd6ea4f8ba84c6fd8098ecf25310a Mon Sep 17 00:00:00 2001 From: Chris Roos Date: Mon, 25 Sep 2023 15:49:35 +0100 Subject: [PATCH] WIP: Ensure that user has signin permission And that app is not retired. I am still not sure how much should go in the "scope" vs in the Pundit policy. --- app/controllers/account/signin_permissions_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/account/signin_permissions_controller.rb b/app/controllers/account/signin_permissions_controller.rb index 293c9aa54..aff43fc25 100644 --- a/app/controllers/account/signin_permissions_controller.rb +++ b/app/controllers/account/signin_permissions_controller.rb @@ -16,13 +16,13 @@ def create end def delete - @application = Doorkeeper::Application.not_retired.find(params[:application_id]) + @application = Doorkeeper::Application.can_signin(current_user).find(params[:application_id]) authorize @application, :remove_signin_permission?, policy_class: AccountApplicationsPolicy end def destroy - application = Doorkeeper::Application.not_retired.find(params[:application_id]) + application = Doorkeeper::Application.can_signin(current_user).find(params[:application_id]) authorize application, :remove_signin_permission?, policy_class: AccountApplicationsPolicy