From 6e44b2bd04dcd4d707bb28cfb17090829e241fdd Mon Sep 17 00:00:00 2001 From: Zach Latta Date: Sat, 27 Jan 2018 20:39:17 -0800 Subject: [PATCH] Don't show interview_notes to non-admins --- .../new_club_application_serializer.rb | 9 ++++++++- .../requests/v1/new_club_applications_spec.rb | 16 ++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/api/app/serializers/new_club_application_serializer.rb b/api/app/serializers/new_club_application_serializer.rb index a1f2290e7..b085c9258 100644 --- a/api/app/serializers/new_club_application_serializer.rb +++ b/api/app/serializers/new_club_application_serializer.rb @@ -28,10 +28,17 @@ class NewClubApplicationSerializer < ActiveModel::Serializer :curious_what_convinced, :curious_how_did_hear, :point_of_contact_id, - :submitted_at + :submitted_at, + :interviewed_at, + :interview_duration + + attribute :interview_notes, if: :admin? has_many :leader_profiles + # for admin? method + delegate :admin?, to: :current_user + class LeaderProfileSerializer < ActiveModel::Serializer attributes :id, :completed_at has_one :user diff --git a/api/spec/requests/v1/new_club_applications_spec.rb b/api/spec/requests/v1/new_club_applications_spec.rb index 545467f0c..0e2a968be 100644 --- a/api/spec/requests/v1/new_club_applications_spec.rb +++ b/api/spec/requests/v1/new_club_applications_spec.rb @@ -131,6 +131,22 @@ 'email' => profile.user.email } ) + + # includes interviewed_at and interview_duration, but not interview_notes + expect(json).to include('interviewed_at') + expect(json).to include('interview_duration') + expect(json).to_not include('interview_notes') + end + + it 'includes interview_notes when authed as an admin' do + user.make_admin! + user.save + + get "/v1/new_club_applications/#{club_application.id}", + headers: auth_headers + + expect(response.status).to eq(200) + expect(json).to include('interview_notes') end it '404s when application does not exist' do