Return to per-action permission filters

2024-11-30 20:15:30 +01:00 · 2024-11-30 20:15:30 +01:00 · b38d72e9b0
commit b38d72e9b0
parent 13685aa476
2 changed files with 6 additions and 8 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -3,13 +3,11 @@ class UsersController < ApplicationController

  before_action :find_user, only: [:show, :update, :disguise]

-  before_action do
-    case action_name.to_sym
-    when :revert
-      raise AccessForbidden unless current_user_disguised?
-    else
-      raise AccessForbidden unless current_user.at_least(:admin)
-    end
+  before_action only: :revert do
+    raise AccessForbidden unless current_user_disguised?
+  end
+  before_action except: :revert do
+    raise AccessForbidden unless current_user.at_least(:admin)
  end

  def index
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -34,7 +34,7 @@ en:
          You have not been granted access to this action (403 Forbidden).
          This should not happen, please notify site administrator.
        not_found: >
-          The record that you requested operation on does not exist (404).
+          The record that you requested operation on does not exist (404 Not Found).
          This should not happen, please notify site administrator.
        unprocessable_entity: >
          The request is semantically incorrect and was rejected (422 Unprocessable Entity).