Redstoner/redstoner.com
Archived
0
Fork 0
Code Issues Pull Requests 2 Wiki Activity

Apparently that 'unnecessary permission check' was necessary. ¯\_(ツ)_/¯

Browse Source
This commit is contained in:
MrYummy
2017-06-13 02:19:29 +02:00
parent 4d42fdfeb4
commit b075a5fd75
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/controllers/messages_controller.rb
View File

@@ -1,5 +1,7 @@
class MessagesController < ApplicationController class MessagesController < ApplicationController
before_filter :check_permission, only: :destroy
def index def index
if current_user if current_user
@messages = Message.where(user_target: current_user).page(params[:page]) @messages = Message.where(user_target: current_user).page(params[:page])
@@ -70,4 +72,14 @@ class MessagesController < ApplicationController
params.require(:message).permit([:text, :user_target_id, :user_sender_id]) params.require(:message).permit([:text, :user_target_id, :user_sender_id])
end end
private
def check_permission
@message = Message.find(params[:id])
unless @message.user_target == current_user
flash[:alert] = "You are not allowed to view this message"
redirect_to home_statics_path
end
end
end end