restrict edit page access to users allowed to update

2016-07-11 21:06:12 +02:00
parent bb1d2c0c3e
commit d9ae4e7d3a
2 changed files with 8 additions and 0 deletions
--- a/app/controllers/forums_controller.rb
+++ b/app/controllers/forums_controller.rb
@@ -16,6 +16,10 @@ class ForumsController < ApplicationController
  end

  def edit
+    unless admin?
+      flash[:alert] = "You are not allowed to change a forum"
+      redirect_to forums_path
+    end
  end

  def new