diff --git a/app/controllers/assessor_interface/work_histories_controller.rb b/app/controllers/assessor_interface/work_histories_controller.rb index 808367ac8a..07ba88892d 100644 --- a/app/controllers/assessor_interface/work_histories_controller.rb +++ b/app/controllers/assessor_interface/work_histories_controller.rb @@ -2,9 +2,9 @@ module AssessorInterface class WorkHistoriesController < BaseController - def edit - authorize [:assessor_interface, work_history] + before_action { authorize [:assessor_interface, work_history] } + def edit @form = WorkHistoryContactForm.new( work_history:, @@ -16,8 +16,6 @@ def edit end def update - authorize [:assessor_interface, work_history] - @form = WorkHistoryContactForm.new( form_params.merge(work_history:, user: current_staff), diff --git a/spec/policies/assessor_interface/work_history_policy_spec.rb b/spec/policies/assessor_interface/work_history_policy_spec.rb index b5b2ba9dc6..cd8b9391a8 100644 --- a/spec/policies/assessor_interface/work_history_policy_spec.rb +++ b/spec/policies/assessor_interface/work_history_policy_spec.rb @@ -12,30 +12,22 @@ describe "#index?" do subject(:index?) { policy.index? } - - let(:user) { create(:staff, :confirmed) } - it { is_expected.to be false } + it_behaves_like "a policy method without permission" end describe "#show?" do subject(:show?) { policy.show? } - - let(:user) { create(:staff, :confirmed) } - it { is_expected.to be false } + it_behaves_like "a policy method without permission" end describe "#create?" do subject(:create?) { policy.create? } - - let(:user) { create(:staff, :confirmed) } - it { is_expected.to be false } + it_behaves_like "a policy method without permission" end describe "#new?" do subject(:new?) { policy.new? } - - let(:user) { create(:staff, :confirmed) } - it { is_expected.to be false } + it_behaves_like "a policy method without permission" end describe "#update?" do @@ -50,8 +42,6 @@ describe "#destroy?" do subject(:destroy?) { policy.destroy? } - - let(:user) { create(:staff, :confirmed) } - it { is_expected.to be false } + it_behaves_like "a policy method without permission" end end