authorization fix for create and update of plugins

2015-04-28 17:54:49 +08:00 · 2015-04-28 17:54:49 +08:00 · b5d2d7736c
parent a20d446283
commit b5d2d7736c
2 changed files with 9 additions and 6 deletions
--- a/app/controllers/orbit_member_controller.rb
+++ b/app/controllers/orbit_member_controller.rb
@ -15,8 +15,10 @@ class OrbitMemberController < ApplicationController
  		visited_user = MemberProfile.find(params[:member_profile_id]).user.id if visited_user.nil? rescue nil
 	  	if (current_user.id == visited_user rescue false)
 	  		@user_has_privileges = true
-	  	else
-	  		@user_has_privileges = false
+	  	elsif visited_user == nil  && (params[:action] == "create" || params[:action] == "update")
+	  		@user_has_privileges = true
+      else
+        @user_has_privileges = false
 	  	end
 	 end
  end
--- a/app/views/layouts/member_plugin.html.erb
+++ b/app/views/layouts/member_plugin.html.erb
@ -46,10 +46,11 @@
        </ul>
        <%= yield :right_nav %>
      </div>
-
-      <div class="subnav">
-        <%= render 'admin/personal_plugins/plugin_list' %>
-      </div>
+      <% if current_user.is_admin? %>
+        <div class="subnav">
+          <%= render 'admin/personal_plugins/plugin_list' %>
+        </div>
+      <% end %>

      <%= yield %>
      <%= javascript_include_tag "lib/pageslide.js" %>