Foodsoft/foodsoft
1
1
Fork 0
Code Issues 36 Pull requests 5 Projects 1 Releases Wiki Activity

fix invite authentication

Browse source
This commit is contained in:
wvengen 2013-12-22 14:20:25 +01:00
parent cee96915f9
commit 7ef6832ab3
2 changed files with 10 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
app/controllers/invites_controller.rb
View file

@ -1,13 +1,13 @@
class InvitesController < ApplicationController
before_filter :authenticate_membership_or_admin, :only => [:new]
#TODO: authorize also for create action.
before_filter :authenticate_membership_or_admin_for_invites
def new
@invite = Invite.new(:user => @current_user, :group => @group)
end
def create
authenticate_membership_or_admin params[:invite][:group_id]
@invite = Invite.new(params[:invite])
if @invite.save
Mailer.invite(@invite).deliver
@ -23,4 +23,10 @@ class InvitesController < ApplicationController
render action: :new
end
end
protected
def authenticate_membership_or_admin_for_invites
authenticate_membership_or_admin((params[:invite][:group_id] rescue params[:id]))
end
end