Karavel/fixin.me
0
0
Fork 0
forked from fixin.me/fixin.me
Code Pull Requests Activity

Return to per-action permission filters

Browse Source
This commit is contained in:
cryptogopher 2024-11-30 20:15:30 +01:00
parent 13685aa476
commit b38d72e9b0
2 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/controllers/users_controller.rb
View File

@ -3,13 +3,11 @@ class UsersController < ApplicationController
before_action :find_user, only: [:show, :update, :disguise] before_action :find_user, only: [:show, :update, :disguise]
before_action do before_action only: :revert do
case action_name.to_sym raise AccessForbidden unless current_user_disguised?
when :revert end
raise AccessForbidden unless current_user_disguised? before_action except: :revert do
else raise AccessForbidden unless current_user.at_least(:admin)
raise AccessForbidden unless current_user.at_least(:admin)
end
end end
def index def index

2
config/locales/en.yml
View File

@ -34,7 +34,7 @@ en:
You have not been granted access to this action (403 Forbidden). You have not been granted access to this action (403 Forbidden).
This should not happen, please notify site administrator. This should not happen, please notify site administrator.
not_found: > not_found: >
The record that you requested operation on does not exist (404). The record that you requested operation on does not exist (404 Not Found).
This should not happen, please notify site administrator. This should not happen, please notify site administrator.
unprocessable_entity: > unprocessable_entity: >
The request is semantically incorrect and was rejected (422 Unprocessable Entity). The request is semantically incorrect and was rejected (422 Unprocessable Entity).