Skip to content

able to edit poll questions as a user #210

@mmezher

Description

@mmezher

If a user goes to https://www.railsschool.org/polls, they are able to edit all poll questions and publish them. This is a security issue since administrators of the site should be the only ones to be able to edit poll questions.

Bug reproduction steps:

  1. log in to rails school
  2. go to https://www.railsschool.org/polls/
  3. press edit on a poll
  4. edit the poll question/answer
  5. save and publish

Expected Outcome: Access should be denied to a regular user. Only admins should be able to edit polls.
Actual Outcome: The poll will be published to the site for all users to see.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions