app/controllers/controller_extension/fetch_user.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

#
# fetch the user taking into account permissions.
# While normal users can only change settings for themselves
# admins can change things for all users.
#
module ControllerExtension::FetchUser
  extend ActiveSupport::Concern

  protected

  def fetch_user
    @user = User.find(params[:user_id] || params[:id])
    if !@user && admin?
      redirect_to users_url, :alert => t(:no_such_thing, :thing => 'user')
    elsif !admin? && @user != current_user
      access_denied
    end
  end

end