From: martyntaylor <[email protected]>
---
src/app/controllers/users_controller.rb | 31 ++++++++++++++++++++++++-------
1 files changed, 24 insertions(+), 7 deletions(-)
diff --git a/src/app/controllers/users_controller.rb
b/src/app/controllers/users_controller.rb
index f61c6d2..6d3102a 100644
--- a/src/app/controllers/users_controller.rb
+++ b/src/app/controllers/users_controller.rb
@@ -50,16 +50,33 @@ class UsersController < ApplicationController
end
def edit
- @user = @current_user
+ @user = params[:id] ? User.find(params[:id]) : @current_user
+ if @user
+ if @user != @current_user
+ if !...@current_user.permissions.collect { |p| p.role }.find { |r|
r.name == "Administrator" }
+ flash[:notice] = "Invalid Permission to perform this operation"
+ redirect_to :dashboard
+ end
+ end
+ end
end
def update
- @user = @current_user # makes our views "cleaner" and more consistent
- if @user.update_attributes(params[:user])
- flash[:notice] = "User updated!"
- redirect_to account_url
- else
- render :action => :edit
+ @user = params[:id] ? User.find(params[:id]) : @current_user
+ if @user
+ if @user != @current_user
+ if !...@current_user.permissions.collect { |p| p.role }.find { |r|
r.name == "Administrator" }
+ flash[:notice] = "Invalid Permission to perform this operation"
+ redirect_to :dashboard
+ end
+ else
+ if @user.update_attributes(params[:user])
+ flash[:notice] = "User updated!"
+ redirect_to account_url
+ else
+ render :action => :edit
+ end
+ end
end
end
--
1.7.2.2
_______________________________________________
deltacloud-devel mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/deltacloud-devel
