3 files changed, 8 insertions, 12 deletions

diff --git a/app/controllers/users_base_controller.rb b/app/controllers/controller_extension/fetch_user.rb
index 9becf0d..695d723 100644
--- a/app/controllers/users_base_controller.rb
+++ b/app/controllers/controller_extension/fetch_user.rb
@@ -1,8 +1,10 @@
 #
-# common base class for all user related controllers
+# fetch the user taking into account permissions.
+# While normal users can only change settings for themselves
+# admins can change things for all users.
 #
-
-class UsersBaseController < ApplicationController
+module ControllerExtension::FetchUser
+  extend ActiveSupport::Concern
 
   protected
 
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 0f822cb..dcf7607 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -2,7 +2,8 @@
 # This is an HTML-only controller. For the JSON-only controller, see v1/users_controller.rb
 #
 
-class UsersController < UsersBaseController
+class UsersController < ApplicationController
+  include ControllerExtension::FetchUser
 
   before_filter :require_login, :except => [:new]
   before_filter :redirect_if_logged_in, :only => [:new]
diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb
index 5c9e33f..bfa04fc 100644
--- a/app/controllers/v1/users_controller.rb
+++ b/app/controllers/v1/users_controller.rb
@@ -1,5 +1,6 @@
 module V1
   class UsersController < ApiController
+    include ControllerExtension::FetchUser
 
     before_filter :fetch_user, :only => [:update]
     before_filter :require_admin, :only => [:index]
@@ -35,13 +36,5 @@ module V1
         head :forbidden
       end
     end
-
-    def fetch_user
-      @user = User.find(params[:id])
-      if @user != current_user
-        access_denied
-      end
-    end
-
   end
 end