diff options
author | jomo <github@jomo.tv> | 2016-07-11 21:06:12 +0200 |
---|---|---|
committer | jomo <github@jomo.tv> | 2016-07-11 21:06:12 +0200 |
commit | d9ae4e7d3a3fbfd19d7d549692dc71b6e76060f7 (patch) | |
tree | 0e3df1ba95fecbb612f5851b15aeef2c04ea4152 | |
parent | bb1d2c0c3e2ae1444145cf07cee1e2ef933f546c (diff) |
restrict edit page access to users allowed to update
-rw-r--r-- | app/controllers/forums_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/forumthreads_controller.rb | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/app/controllers/forums_controller.rb b/app/controllers/forums_controller.rb index 2841be9..ecf570e 100644 --- a/app/controllers/forums_controller.rb +++ b/app/controllers/forums_controller.rb @@ -16,6 +16,10 @@ class ForumsController < ApplicationController end def edit + unless admin? + flash[:alert] = "You are not allowed to change a forum" + redirect_to forums_path + end end def new diff --git a/app/controllers/forumthreads_controller.rb b/app/controllers/forumthreads_controller.rb index ac090f5..b9b5714 100644 --- a/app/controllers/forumthreads_controller.rb +++ b/app/controllers/forumthreads_controller.rb @@ -11,6 +11,10 @@ class ForumthreadsController < ApplicationController end def edit + unless mod? || @thread.author.is?(current_user) + flash[:alert] = "You are not allowed to edit this thread!" + redirect_to @thread + end end def new |