Update permission checking

app/controllers/default/units_controller.rb

@@ -1,11 +1,30 @@
 class Default::UnitsController < ApplicationController
   navigation_tab :units
 
+  before_action :find_unit, only: [:import, :export, :destroy]
+
   before_action except: :index do
+    case action_name.to_sym
+    when :import, :import_all
+      raise AccessForbidden unless current_user.at_least(:active)
+    else
       raise AccessForbidden unless current_user.at_least(:admin)
     end
+  end
 
   def index
     @units = current_user.units.defaults_diff
   end
+
+  def import
+  end
+
+  def import_all
+  end
+
+  def export
+  end
+
+  def destroy
+  end
 end

app/controllers/units_controller.rb

@@ -1,5 +1,5 @@
 class UnitsController < ApplicationController
-  before_action only: [:new] do
+  before_action only: :new do
     find_unit if params[:id].present?
   end
   before_action :find_unit, only: [:edit, :update, :rebase, :destroy]

app/controllers/users_controller.rb

@@ -2,11 +2,14 @@ class UsersController < ApplicationController
   helper_method :allow_disguise?
 
   before_action :find_user, only: [:show, :update, :disguise]
-  before_action except: :revert do
+
+  before_action do
+    case action_name.to_sym
+    when :revert
+      raise AccessForbidden unless current_user_disguised?
+    else
       raise AccessForbidden unless current_user.at_least(:admin)
     end
-  before_action only: :revert do
-    raise AccessForbidden unless current_user_disguised?
   end
 
   def index