Limit casa case controller method permissions to the case's organization

[FireLemons]

What type(s) of user does this feature affect?

• volunteers
• supervisors
• admins

Description Make sure all the methods in app/policies/casa_case_policy.rb contain some logic to prevent casa case access from users belonging to a different organization.

Fix / Update tests if needed

See app/policies/application_policy.rb for helper methods See https://github.com/varvet/pundit

QA Login Details:
Link to QA site

Login Emails:

• [email protected] view site as a volunteer
• [email protected] view site as a supervisor
• [email protected] view site as an admin

password for all users: 12345678

Questions? Join Slack!

We highly recommend that you join us in slack https://rubyforgood.herokuapp.com/ #casa channel to ask questions quickly and hear about office hours (currently Tuesday 6-8pm Pacific), stakeholder news, and upcoming new issues.