diff options
Diffstat (limited to 'app/controllers/users_controller.rb')
-rw-r--r-- | app/controllers/users_controller.rb | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 27e89af..16f42d3 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -157,9 +157,9 @@ class UsersController < ApplicationController def update if (mod? && current_user.role >= @user.role ) || (@user.is?(current_user) && confirmed?) if mod? - userdata = user_params([:name, :skype, :skype_public, :youtube, :twitter, :about, :role, :badge, :confirmed]) + userdata = user_params([:name, :skype, :skype_public, :youtube, :twitter, :about, :role, :badge, :confirmed, :header_scroll, :utc_time, :dark]) else - userdata = user_params([:name, :skype, :skype_public, :youtube, :twitter, :about]) + userdata = user_params([:name, :skype, :skype_public, :youtube, :twitter, :about, :header_scroll, :utc_time, :dark]) end if userdata[:role] role = Role.get(userdata[:role]) @@ -241,6 +241,13 @@ class UsersController < ApplicationController end end + def edit_website_settings + unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? + flash[:alert] = "You are not allowed to edit this user's website settings!" + redirect_to @user + end + end + def update_login if @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? authenticated = !@user.is?(current_user) || @user.authenticate(params[:current_password]) |