diff options
| author | Azul <azul@leap.se> | 2014-07-14 15:49:31 +0200 | 
|---|---|---|
| committer | Azul <azul@leap.se> | 2014-07-14 15:58:30 +0200 | 
| commit | 67f70b31bd16b05759e1f8393f077ee17f2c34be (patch) | |
| tree | c269a2a342fdc6974cbf55586eb12832bb45e25e | |
| parent | f07c952c870bfb8634ef0d80737b67a1eec760f6 (diff) | |
move fetch_user into module so it can be mixed in
We have an ApiController that wants to call #fetch_user. Since we can only inherit from one class i moved fetch_user into an extension.
| -rw-r--r-- | app/controllers/controller_extension/fetch_user.rb (renamed from app/controllers/users_base_controller.rb) | 8 | ||||
| -rw-r--r-- | app/controllers/users_controller.rb | 3 | ||||
| -rw-r--r-- | app/controllers/v1/users_controller.rb | 9 | 
3 files changed, 8 insertions, 12 deletions
| diff --git a/app/controllers/users_base_controller.rb b/app/controllers/controller_extension/fetch_user.rb index 9becf0d..695d723 100644 --- a/app/controllers/users_base_controller.rb +++ b/app/controllers/controller_extension/fetch_user.rb @@ -1,8 +1,10 @@  # -# common base class for all user related controllers +# fetch the user taking into account permissions. +# While normal users can only change settings for themselves +# admins can change things for all users.  # - -class UsersBaseController < ApplicationController +module ControllerExtension::FetchUser +  extend ActiveSupport::Concern    protected diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 0f822cb..dcf7607 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -2,7 +2,8 @@  # This is an HTML-only controller. For the JSON-only controller, see v1/users_controller.rb  # -class UsersController < UsersBaseController +class UsersController < ApplicationController +  include ControllerExtension::FetchUser    before_filter :require_login, :except => [:new]    before_filter :redirect_if_logged_in, :only => [:new] diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb index 5c9e33f..bfa04fc 100644 --- a/app/controllers/v1/users_controller.rb +++ b/app/controllers/v1/users_controller.rb @@ -1,5 +1,6 @@  module V1    class UsersController < ApiController +    include ControllerExtension::FetchUser      before_filter :fetch_user, :only => [:update]      before_filter :require_admin, :only => [:index] @@ -35,13 +36,5 @@ module V1          head :forbidden        end      end - -    def fetch_user -      @user = User.find(params[:id]) -      if @user != current_user -        access_denied -      end -    end -    end  end | 
