Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2025-12-31 22:38:49 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move the access control to a dedicated helper

Browse source
This commit is contained in:
Jyri-Petteri Paloposki 2020-08-18 11:51:16 +03:00
parent 95cb7ec799
commit 2d4ba48ad4
2 changed files with 8 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

7
app/controllers/users_controller.rb
View file

@ -1,6 +1,7 @@
class UsersController < ApplicationController
before_action :admin_login_required, :only => [ :index, :show ]
before_action :admin_or_self_login_required, :only => [ :destroy ]
skip_before_action :login_required, :only => [ :new, :create ]
prepend_before_action :login_optional, :only => [ :new, :create ]
@ -132,12 +133,6 @@ class UsersController < ApplicationController
def destroy
@deleted_user = User.find(params[:id])
# Check that the user has access (logged in as admin or the target user.)
unless current_user && (current_user.is_admin || current_user == @deleted_user)
render :body => t('errors.user_unauthorized'), :status => 401
return
end
# Remove the user
@saved = @deleted_user.destroy