summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/controllers/controller_extension/fetch_user.rb (renamed from app/controllers/users_base_controller.rb)8
-rw-r--r--app/controllers/users_controller.rb3
-rw-r--r--app/controllers/v1/users_controller.rb9
3 files changed, 8 insertions, 12 deletions
diff --git a/app/controllers/users_base_controller.rb b/app/controllers/controller_extension/fetch_user.rb
index 9becf0d..695d723 100644
--- a/app/controllers/users_base_controller.rb
+++ b/app/controllers/controller_extension/fetch_user.rb
@@ -1,8 +1,10 @@
#
-# common base class for all user related controllers
+# fetch the user taking into account permissions.
+# While normal users can only change settings for themselves
+# admins can change things for all users.
#
-
-class UsersBaseController < ApplicationController
+module ControllerExtension::FetchUser
+ extend ActiveSupport::Concern
protected
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 0f822cb..dcf7607 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -2,7 +2,8 @@
# This is an HTML-only controller. For the JSON-only controller, see v1/users_controller.rb
#
-class UsersController < UsersBaseController
+class UsersController < ApplicationController
+ include ControllerExtension::FetchUser
before_filter :require_login, :except => [:new]
before_filter :redirect_if_logged_in, :only => [:new]
diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb
index 5c9e33f..bfa04fc 100644
--- a/app/controllers/v1/users_controller.rb
+++ b/app/controllers/v1/users_controller.rb
@@ -1,5 +1,6 @@
module V1
class UsersController < ApiController
+ include ControllerExtension::FetchUser
before_filter :fetch_user, :only => [:update]
before_filter :require_admin, :only => [:index]
@@ -35,13 +36,5 @@ module V1
head :forbidden
end
end
-
- def fetch_user
- @user = User.find(params[:id])
- if @user != current_user
- access_denied
- end
- end
-
end
end