From 73d7e378aa97edeb5b3495b42a0b1f2881fbe13d Mon Sep 17 00:00:00 2001 From: Harry Bomrah Date: Mon, 1 Dec 2014 21:07:00 +0800 Subject: [PATCH] authorization problems fix --- app/controllers/admin/page_contents_controller.rb | 4 ++-- app/views/admin/page_contents/_index.html.erb | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/controllers/admin/page_contents_controller.rb b/app/controllers/admin/page_contents_controller.rb index ca05003..a85901c 100644 --- a/app/controllers/admin/page_contents_controller.rb +++ b/app/controllers/admin/page_contents_controller.rb @@ -15,8 +15,8 @@ class Admin::PageContentsController < OrbitAdminController end def new - if can_edit_or_delete?(nil) - @page = Page.find(params[:page_id]) + @page = Page.find(params[:page_id]) + if can_edit_or_delete?(@page) @page_content = PageContext.new else render_401 diff --git a/app/views/admin/page_contents/_index.html.erb b/app/views/admin/page_contents/_index.html.erb index 6ba03c8..3c3db4f 100644 --- a/app/views/admin/page_contents/_index.html.erb +++ b/app/views/admin/page_contents/_index.html.erb @@ -24,8 +24,10 @@ <%= format_value page.page_contexts.last.updated_at rescue nil %> <%= User.find(page.page_contexts.last.update_user_id).user_name rescue nil %> + <% if can_edit_or_delete?(page) %> <%= select_tag("category_id",options_for_select(@categories, (page.category_id.to_s rescue "")), prompt: "Select a category", class: "category_select", style: "margin-bottom:0; width:150px;") %> + <% end %> <% end %>