If a user goes to https://www.railsschool.org/polls, they are able to edit all poll questions and publish them. This is a security issue since administrators of the site should be the only ones to be able to edit poll questions.
Bug reproduction steps:
- log in to rails school
- go to https://www.railsschool.org/polls/
- press edit on a poll
- edit the poll question/answer
- save and publish
Expected Outcome: Access should be denied to a regular user. Only admins should be able to edit polls.
Actual Outcome: The poll will be published to the site for all users to see.
If a user goes to https://www.railsschool.org/polls, they are able to edit all poll questions and publish them. This is a security issue since administrators of the site should be the only ones to be able to edit poll questions.
Bug reproduction steps:
Expected Outcome: Access should be denied to a regular user. Only admins should be able to edit polls.
Actual Outcome: The poll will be published to the site for all users to see.