<br /><br />
-<%= if_user(@trace.user) do %>
+<% if current_user && (current_user==@trace.user || current_user.administrator? || current_user.moderator?)%>
<div class="buttons">
- <%= button_to t('trace.view.edit_track'), :controller => 'trace', :action => 'edit', :id => @trace.id %>
+ <%= if_user(@trace.user) do %>
+ <%= button_to t('trace.view.edit_track'), :controller => 'trace', :action => 'edit', :id => @trace.id %>
+ <% end %>
<%= button_to t('trace.view.delete_track'), :controller => 'trace', :action => 'delete', :id => @trace.id %>
</div>
<% end %>
post :delete, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user }
assert_response :not_found
- # Finally with a trace that we are allowed to delete
+ # Now with a trace that we are allowed to delete
post :delete, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user }
assert_response :redirect
assert_redirected_to :action => :list, :display_name => public_trace_file.user.display_name
trace = Trace.find(public_trace_file.id)
assert_equal false, trace.visible
+
+ # Finally with a trace that is deleted by an admin
+ public_trace_file = create(:trace, :visibility => "public")
+ admin = create(:administrator_user)
+
+ post :delete, :params => { :display_name => admin.display_name, :id => public_trace_file.id }, :session => { :user => admin }
+ assert_response :redirect
+ assert_redirected_to :action => :list, :display_name => admin.display_name
+ trace = Trace.find(public_trace_file.id)
+ assert_equal false, trace.visible
end
# Check getting a specific trace through the api