Permit role parameter #272 (#273)

This seems to have been lost at some point, preventing admin users from changing roles.
betadots · Jan 24, 2024 · 1a3e239 · 1a3e239
1 parent fc1575f
commit 1a3e239
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -81,7 +81,7 @@ def user_params
         params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation)
       else
         if current_user.try(:admin?)
-          params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation, :admin)
+          params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation, :role)
         else
           params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation)
         end

diff --git a/test/integration/users_test.rb b/test/integration/users_test.rb
@@ -18,4 +18,15 @@ class UsersTest < ActionDispatch::IntegrationTest
 
     assert_redirected_to login_path
   end
+
+  test "admin can change a user's role" do
+    admin = FactoryBot.create(:user, :admin)
+    regular_user = FactoryBot.create(:user)
+
+    sign_in_as admin
+
+    patch user_path(regular_user), params: { user: { role: "admin" } }
+
+    assert regular_user.reload.admin?
+  end
 end