Merge pull request #1912 from basecamp/refactor-reaction-permission-check

monorkin · web-flow · commit 06478f23d2f1 · 2025-12-04T11:04:12.000+01:00
Change reaction admin permission check to be in-line with other controllers
diff --git a/app/controllers/cards/comments/reactions_controller.rb b/app/controllers/cards/comments/reactions_controller.rb
@@ -2,6 +2,8 @@ class Cards::Comments::ReactionsController < ApplicationController
   include CardScoped
 
   before_action :set_comment
+  before_action :set_reaction, only: %i[ destroy ]
+  before_action :ensure_permision_to_administer_reaction, only: %i[ destroy ]
 
   def index
   end
@@ -14,17 +16,19 @@ def create
   end
 
   def destroy
-    @reaction = @comment.reactions.find(params[:id])
-
-    if Current.user != @reaction.reacter
-      head :forbidden
-    else
-      @reaction.destroy
-    end
+    @reaction.destroy
   end
 
   private
     def set_comment
       @comment = @card.comments.find(params[:comment_id])
     end
+
+    def set_reaction
+      @reaction = @comment.reactions.find(params[:id])
+    end
+
+    def ensure_permision_to_administer_reaction
+      head :forbidden if Current.user != @reaction.reacter
+    end
 end
