diff options
author | jessib <jessib@leap.se> | 2013-01-17 11:25:39 -0800 |
---|---|---|
committer | jessib <jessib@leap.se> | 2013-01-17 11:25:39 -0800 |
commit | dc16c6f8e5382f9e5470eb2a40081d41f4112437 (patch) | |
tree | 7e04b77f9f53421141edca62d26887c196693e01 /users | |
parent | e2021bdcc40b51ab5e571c97e882bba10dc80ad6 (diff) |
Deal with corner case where we don't have authenticated user. Will write a test after merging in show view for users.
Diffstat (limited to 'users')
-rw-r--r-- | users/app/controllers/users_controller.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 3d5a6a7..b705f47 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -2,6 +2,7 @@ class UsersController < ApplicationController skip_before_filter :verify_authenticity_token, :only => [:create] + before_filter :authorize before_filter :fetch_user, :only => [:edit, :update, :destroy] before_filter :set_anchor, :only => [:edit, :update] before_filter :authorize_admin, :only => [:index] @@ -48,6 +49,7 @@ class UsersController < ApplicationController protected def fetch_user + # authorize filter has been checked first, so won't get here unless authenticated @user = User.find_by_param(params[:id]) if !@user and admin? redirect_to users_path, :alert => t(:no_such_thing, :thing => 'user') |