fix object_auth security problem
This commit is contained in:
parent
671f86b612
commit
8bd5481b3f
|
@ -66,4 +66,18 @@ class Admin::ObjectAuthsNewInterfaceController < OrbitBackendController
|
|||
end
|
||||
end
|
||||
|
||||
def check_permission(var)
|
||||
# binding.pry
|
||||
#app = ModuleApp.first({conditions:{key: params[:module_app_key]}})
|
||||
# setup_vars
|
||||
@module_app.is_manager?(current_user) || current_user.admin?
|
||||
end
|
||||
|
||||
def setup_vars
|
||||
@app_title = request.env['HTTP_REFERER'].split('/')[4]
|
||||
#@app_title = request.fullpath.split('/')[1] if(@app_title == "back_end")
|
||||
@app_title.gsub!(/[?].*/,'')
|
||||
@module_app = ModuleApp.first(conditions: {:key => @app_title} )
|
||||
end
|
||||
|
||||
end
|
Loading…
Reference in New Issue