alex
/
orbit4-5
forked from saurabh/orbit4-5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

authorization fix for create and update of plugins

This commit is contained in:
Harry Bomrah 2015-04-28 17:54:49 +08:00
parent 2f58c02ee5
commit 8c2f10e59c
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/orbit_member_controller.rb
View File

@ -15,8 +15,10 @@ class OrbitMemberController < ApplicationController
visited_user = MemberProfile.find(params[:member_profile_id]).user.id if visited_user.nil? rescue nil visited_user = MemberProfile.find(params[:member_profile_id]).user.id if visited_user.nil? rescue nil
if (current_user.id == visited_user rescue false) if (current_user.id == visited_user rescue false)
@user_has_privileges = true @user_has_privileges = true
else elsif visited_user == nil && (params[:action] == "create" || params[:action] == "update")
@user_has_privileges = false @user_has_privileges = true
else
@user_has_privileges = false
end end
end end
end end

9
app/views/layouts/member_plugin.html.erb
View File

@ -46,10 +46,11 @@
</ul> </ul>
<%= yield :right_nav %> <%= yield :right_nav %>
</div> </div>
<% if current_user.is_admin? %>
<div class="subnav"> <div class="subnav">
<%= render 'admin/personal_plugins/plugin_list' %> <%= render 'admin/personal_plugins/plugin_list' %>
</div> </div>
<% end %>
<%= yield %> <%= yield %>
<%= javascript_include_tag "lib/pageslide.js" %> <%= javascript_include_tag "lib/pageslide.js" %>