authorization problems fix

This commit is contained in:
Harry Bomrah 2014-12-01 21:07:00 +08:00
parent 03f44469df
commit 73d7e378aa
2 changed files with 4 additions and 2 deletions

View File

@ -15,8 +15,8 @@ class Admin::PageContentsController < OrbitAdminController
end
def new
if can_edit_or_delete?(nil)
@page = Page.find(params[:page_id])
if can_edit_or_delete?(@page)
@page_content = PageContext.new
else
render_401

View File

@ -24,8 +24,10 @@
<td><%= format_value page.page_contexts.last.updated_at rescue nil %></td>
<td><%= User.find(page.page_contexts.last.update_user_id).user_name rescue nil %></td>
<td>
<% if can_edit_or_delete?(page) %>
<%= select_tag("category_id",options_for_select(@categories, (page.category_id.to_s rescue "")), prompt: "Select a category", class: "category_select", style: "margin-bottom:0; width:150px;") %>
<button <%= !page.category_id.nil? ? "data-page-category-id=#{page.category_id.to_s}" : "" %> data-page-id="<%= page.id.to_s %>" class="btn btn-primary save_category hide">Save</button>
<% end %>
</td>
</tr>
<% end %>