diff options
| author | Azul <azul@leap.se> | 2014-07-14 15:49:31 +0200 |
|---|---|---|
| committer | Azul <azul@leap.se> | 2014-07-14 15:58:30 +0200 |
| commit | 67f70b31bd16b05759e1f8393f077ee17f2c34be (patch) | |
| tree | c269a2a342fdc6974cbf55586eb12832bb45e25e | |
| parent | f07c952c870bfb8634ef0d80737b67a1eec760f6 (diff) | |
move fetch_user into module so it can be mixed in
We have an ApiController that wants to call #fetch_user. Since we can only inherit from one class i moved fetch_user into an extension.
| -rw-r--r-- | app/controllers/controller_extension/fetch_user.rb (renamed from app/controllers/users_base_controller.rb) | 8 | ||||
| -rw-r--r-- | app/controllers/users_controller.rb | 3 | ||||
| -rw-r--r-- | app/controllers/v1/users_controller.rb | 9 |
3 files changed, 8 insertions, 12 deletions
diff --git a/app/controllers/users_base_controller.rb b/app/controllers/controller_extension/fetch_user.rb index 9becf0d..695d723 100644 --- a/app/controllers/users_base_controller.rb +++ b/app/controllers/controller_extension/fetch_user.rb @@ -1,8 +1,10 @@ # -# common base class for all user related controllers +# fetch the user taking into account permissions. +# While normal users can only change settings for themselves +# admins can change things for all users. # - -class UsersBaseController < ApplicationController +module ControllerExtension::FetchUser + extend ActiveSupport::Concern protected diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 0f822cb..dcf7607 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -2,7 +2,8 @@ # This is an HTML-only controller. For the JSON-only controller, see v1/users_controller.rb # -class UsersController < UsersBaseController +class UsersController < ApplicationController + include ControllerExtension::FetchUser before_filter :require_login, :except => [:new] before_filter :redirect_if_logged_in, :only => [:new] diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb index 5c9e33f..bfa04fc 100644 --- a/app/controllers/v1/users_controller.rb +++ b/app/controllers/v1/users_controller.rb @@ -1,5 +1,6 @@ module V1 class UsersController < ApiController + include ControllerExtension::FetchUser before_filter :fetch_user, :only => [:update] before_filter :require_admin, :only => [:index] @@ -35,13 +36,5 @@ module V1 head :forbidden end end - - def fetch_user - @user = User.find(params[:id]) - if @user != current_user - access_denied - end - end - end end |