diff options
| -rw-r--r-- | app/controllers/messages_controller.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index 7deaeed..778f755 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -1,5 +1,7 @@ class MessagesController < ApplicationController + before_filter :check_permission, only: :destroy + def index if current_user @messages = Message.where(user_target: current_user).page(params[:page]) @@ -70,4 +72,14 @@ class MessagesController < ApplicationController params.require(:message).permit([:text, :user_target_id, :user_sender_id]) end + + private + + def check_permission + @message = Message.find(params[:id]) + unless @message.user_target == current_user + flash[:alert] = "You are not allowed to view this message" + redirect_to home_statics_path + end + end end |