fix object_auth security problem

This commit is contained in:
Fu Matthew 2012-09-07 17:53:43 +08:00
parent 671f86b612
commit 8bd5481b3f
1 changed files with 14 additions and 0 deletions

View File

@ -66,4 +66,18 @@ class Admin::ObjectAuthsNewInterfaceController < OrbitBackendController
end end
end end
def check_permission(var)
# binding.pry
#app = ModuleApp.first({conditions:{key: params[:module_app_key]}})
# setup_vars
@module_app.is_manager?(current_user) || current_user.admin?
end
def setup_vars
@app_title = request.env['HTTP_REFERER'].split('/')[4]
#@app_title = request.fullpath.split('/')[1] if(@app_title == "back_end")
@app_title.gsub!(/[?].*/,'')
@module_app = ModuleApp.first(conditions: {:key => @app_title} )
end
end end