summaryrefslogtreecommitdiff
path: root/app/controllers/controller_extension/fetch_user.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/controller_extension/fetch_user.rb')
-rw-r--r--app/controllers/controller_extension/fetch_user.rb20
1 files changed, 20 insertions, 0 deletions
diff --git a/app/controllers/controller_extension/fetch_user.rb b/app/controllers/controller_extension/fetch_user.rb
new file mode 100644
index 0000000..695d723
--- /dev/null
+++ b/app/controllers/controller_extension/fetch_user.rb
@@ -0,0 +1,20 @@
+#
+# fetch the user taking into account permissions.
+# While normal users can only change settings for themselves
+# admins can change things for all users.
+#
+module ControllerExtension::FetchUser
+ extend ActiveSupport::Concern
+
+ protected
+
+ def fetch_user
+ @user = User.find(params[:user_id] || params[:id])
+ if !@user && admin?
+ redirect_to users_url, :alert => t(:no_such_thing, :thing => 'user')
+ elsif !admin? && @user != current_user
+ access_denied
+ end
+ end
+
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 20:39:01 +0000