Update permission checking

This commit is contained in:
2024-11-10 17:34:02 +01:00
parent 537cd18336
commit 817b1a4376
3 changed files with 29 additions and 7 deletions

View File

@@ -2,11 +2,14 @@ class UsersController < ApplicationController
helper_method :allow_disguise?
before_action :find_user, only: [:show, :update, :disguise]
before_action except: :revert do
raise AccessForbidden unless current_user.at_least(:admin)
end
before_action only: :revert do
raise AccessForbidden unless current_user_disguised?
before_action do
case action_name.to_sym
when :revert
raise AccessForbidden unless current_user_disguised?
else
raise AccessForbidden unless current_user.at_least(:admin)
end
end
def index