diff options
Diffstat (limited to 'app/controllers/controller_extension')
-rw-r--r-- | app/controllers/controller_extension/fetch_user.rb | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/app/controllers/controller_extension/fetch_user.rb b/app/controllers/controller_extension/fetch_user.rb new file mode 100644 index 0000000..695d723 --- /dev/null +++ b/app/controllers/controller_extension/fetch_user.rb @@ -0,0 +1,20 @@ +# +# fetch the user taking into account permissions. +# While normal users can only change settings for themselves +# admins can change things for all users. +# +module ControllerExtension::FetchUser + extend ActiveSupport::Concern + + protected + + def fetch_user + @user = User.find(params[:user_id] || params[:id]) + if !@user && admin? + redirect_to users_url, :alert => t(:no_such_thing, :thing => 'user') + elsif !admin? && @user != current_user + access_denied + end + end + +end |