From 9dbb9c91e8c5c8cd6bebbf63d0d591c392a19381 Mon Sep 17 00:00:00 2001 From: maebeale Date: Fri, 15 May 2026 09:43:05 -0400 Subject: [PATCH] Allow authenticated users to access the people index and search Open up the People index and people typeahead search to all authenticated users (previously admin-only). Show, edit, update, destroy remain admin-only. Co-Authored-By: Claude Opus 4.7 --- app/policies/person_policy.rb | 4 ++-- spec/policies/person_policy_spec.rb | 2 +- spec/requests/people_authorization_spec.rb | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/policies/person_policy.rb b/app/policies/person_policy.rb index 199d254b0..d465529a1 100644 --- a/app/policies/person_policy.rb +++ b/app/policies/person_policy.rb @@ -2,7 +2,7 @@ class PersonPolicy < ApplicationPolicy # See https://actionpolicy.evilmartians.io/#/writing_policies def index? - admin? + authenticated? end def show? @@ -26,7 +26,7 @@ def destroy? end def search? - admin? + authenticated? end # Scoping diff --git a/spec/policies/person_policy_spec.rb b/spec/policies/person_policy_spec.rb index f95fcf550..2d3cfc0ee 100644 --- a/spec/policies/person_policy_spec.rb +++ b/spec/policies/person_policy_spec.rb @@ -23,7 +23,7 @@ def policy_for(record: nil, user:) context "with regular user" do subject { policy_for(user: regular_user) } - it { is_expected.not_to be_allowed_to(:index?) } + it { is_expected.to be_allowed_to(:index?) } end context "with no user" do diff --git a/spec/requests/people_authorization_spec.rb b/spec/requests/people_authorization_spec.rb index 0ea936a4c..51a60d7fb 100644 --- a/spec/requests/people_authorization_spec.rb +++ b/spec/requests/people_authorization_spec.rb @@ -16,9 +16,9 @@ context "as a regular user" do before { sign_in regular_user } - it "redirects to root" do + it "renders successfully" do get people_path - expect(response).to redirect_to(root_path) + expect(response).to have_http_status(:ok) end end