fix object_auth security problem
This commit is contained in:
parent
671f86b612
commit
8bd5481b3f
|
@ -66,4 +66,18 @@ class Admin::ObjectAuthsNewInterfaceController < OrbitBackendController
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def check_permission(var)
|
||||||
|
# binding.pry
|
||||||
|
#app = ModuleApp.first({conditions:{key: params[:module_app_key]}})
|
||||||
|
# setup_vars
|
||||||
|
@module_app.is_manager?(current_user) || current_user.admin?
|
||||||
|
end
|
||||||
|
|
||||||
|
def setup_vars
|
||||||
|
@app_title = request.env['HTTP_REFERER'].split('/')[4]
|
||||||
|
#@app_title = request.fullpath.split('/')[1] if(@app_title == "back_end")
|
||||||
|
@app_title.gsub!(/[?].*/,'')
|
||||||
|
@module_app = ModuleApp.first(conditions: {:key => @app_title} )
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
Loading…
Reference in New Issue