diff options
author | jessib <jessib@leap.se> | 2013-01-15 12:52:09 -0800 |
---|---|---|
committer | jessib <jessib@leap.se> | 2013-01-15 12:52:09 -0800 |
commit | e2021bdcc40b51ab5e571c97e882bba10dc80ad6 (patch) | |
tree | 59052403102c027dde9d73f4b85cc643e15bb86b /help/app | |
parent | 3dc8886beb7d3689c87d9aa1e5ad2d4c6c5b4c55 (diff) |
For both users and tickets, if the object is not found and the current user is an admin, they should see an alert that the object wasn't found, and be redirected to the current controller.
If the object isn't found and the current user is not an admin, then we will continue to give an error about no access, so as not to leak information about what IDs do and don't exist.
Diffstat (limited to 'help/app')
-rw-r--r-- | help/app/controllers/tickets_controller.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb index d47939e..b613088 100644 --- a/help/app/controllers/tickets_controller.rb +++ b/help/app/controllers/tickets_controller.rb @@ -99,7 +99,7 @@ class TicketsController < ApplicationController def fetch_ticket @ticket = Ticket.find(params[:id]) if !@ticket and admin? - redirect_to tickets_path, :alert => "No such ticket" + redirect_to tickets_path, :alert => t(:no_such_thing, :thing => 'ticket') return end access_denied unless ticket_access? |