Hotfix to allow edit action even if user can't update (#12826)

department-of-veterans-affairs · May 26, 2023 · 9bd9358 · 9bd9358
1 parent 1382465
commit 9bd9358
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/modules/mobile/app/controllers/mobile/v0/gender_identity_controller.rb b/modules/mobile/app/controllers/mobile/v0/gender_identity_controller.rb
@@ -5,7 +5,7 @@
 module Mobile
   module V0
     class GenderIdentityController < ApplicationController
-      before_action { authorize :demographics, :access_update? }
+      before_action(only: :update) { authorize :demographics, :access_update? }
       before_action { authorize :mpi, :queryable? }
 
       def edit

diff --git a/modules/mobile/spec/request/gender_identity_request_spec.rb b/modules/mobile/spec/request/gender_identity_request_spec.rb
@@ -135,10 +135,10 @@
     end
 
     describe 'GET /mobile/v0/gender_identity/edit' do
-      context 'returns 403' do
-        it 'returns 402', :aggregate_failures do
+      context 'returns 200' do
+        it 'returns 200', :aggregate_failures do
           get('/mobile/v0/user/gender_identity/edit', headers: iam_headers_no_camel)
-          expect(response).to have_http_status(:forbidden)
+          expect(response).to have_http_status(:ok)
         end
       end
     end