barbie-bot/fixin.me
0
0
Fork 0
forked from fixin.me/fixin.me
Code Pull Requests Activity

Return to per-action permission filters

Browse Source
This commit is contained in:
cryptogopher
2024-11-30 20:15:30 +01:00
parent 13685aa476
commit b38d72e9b0
2 changed files with 6 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/controllers/users_controller.rb
View File

@@ -3,13 +3,11 @@ class UsersController < ApplicationController
before_action :find_user, only: [:show, :update, :disguise]
before_action do
case action_name.to_sym
when :revert
raise AccessForbidden unless current_user_disguised?
else
raise AccessForbidden unless current_user.at_least(:admin)
end
before_action only: :revert do
raise AccessForbidden unless current_user_disguised?
end
before_action except: :revert do
raise AccessForbidden unless current_user.at_least(:admin)
end
def index