diff options
author | Azul <azul@leap.se> | 2012-12-01 19:22:12 +0100 |
---|---|---|
committer | Azul <azul@leap.se> | 2012-12-01 19:22:12 +0100 |
commit | 01b37eb1115fcc5df97479f16ed3c1d9ee4415a0 (patch) | |
tree | 39b556c131d74ffa76080a3ce997bd23a7b59772 /users/app | |
parent | 0a49faf417a993e838d1c37361d573bb86223f75 (diff) | |
parent | 277b9f98bfbe2ef0217dfd17c8d9d6597369b903 (diff) |
Merge branch 'develop' into help_develop
Diffstat (limited to 'users/app')
-rw-r--r-- | users/app/controllers/users_controller.rb | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 925b584..3407191 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -2,7 +2,7 @@ class UsersController < ApplicationController skip_before_filter :verify_authenticity_token, :only => [:create] - before_filter :fetch_user, :only => [:edit, :update] + before_filter :fetch_user, :only => [:edit, :update, :destroy] before_filter :authorize_admin, :only => [:index] respond_to :json, :html @@ -34,10 +34,15 @@ class UsersController < ApplicationController respond_with @user end + def destroy + @user.destroy + redirect_to users_path + end + protected def fetch_user @user = User.find_by_param(params[:id]) - access_denied unless @user == current_user + access_denied unless admin? or (@user == current_user) end end |