fix invite authentication
This commit is contained in:
parent
cee96915f9
commit
7ef6832ab3
2 changed files with 10 additions and 4 deletions
|
@ -80,8 +80,8 @@ class ApplicationController < ActionController::Base
|
|||
|
||||
# checks if the current_user is member of given group.
|
||||
# if fails the user will redirected to startpage
|
||||
def authenticate_membership_or_admin
|
||||
@group = Group.find(params[:id])
|
||||
def authenticate_membership_or_admin(group_id = params[:id])
|
||||
@group = Group.find(group_id)
|
||||
unless @group.member?(@current_user) or @current_user.role_admin?
|
||||
redirect_to root_path, alert: I18n.t('application.controller.error_members_only')
|
||||
end
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
class InvitesController < ApplicationController
|
||||
|
||||
before_filter :authenticate_membership_or_admin, :only => [:new]
|
||||
#TODO: authorize also for create action.
|
||||
before_filter :authenticate_membership_or_admin_for_invites
|
||||
|
||||
def new
|
||||
@invite = Invite.new(:user => @current_user, :group => @group)
|
||||
end
|
||||
|
||||
def create
|
||||
authenticate_membership_or_admin params[:invite][:group_id]
|
||||
@invite = Invite.new(params[:invite])
|
||||
if @invite.save
|
||||
Mailer.invite(@invite).deliver
|
||||
|
@ -23,4 +23,10 @@ class InvitesController < ApplicationController
|
|||
render action: :new
|
||||
end
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def authenticate_membership_or_admin_for_invites
|
||||
authenticate_membership_or_admin((params[:invite][:group_id] rescue params[:id]))
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue