diff options
| author | Luke Shumaker <LukeShu@sbcglobal.net> | 2014-03-05 22:53:41 -0500 |
|---|---|---|
| committer | Luke Shumaker <LukeShu@sbcglobal.net> | 2014-03-05 22:53:41 -0500 |
| commit | 526bff770017a1f6a66e45b5b6e61840711078b8 (patch) | |
| tree | 6efe701f65affd361a4b173938f824a9621a1786 /app/controllers/servers_controller.rb | |
| parent | c6471297f0a871ba1062f1285790d39e5471b966 (diff) | |
add access control to the controllers for alerts, servers, and tournaments
Diffstat (limited to 'app/controllers/servers_controller.rb')
| -rw-r--r-- | app/controllers/servers_controller.rb | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/app/controllers/servers_controller.rb b/app/controllers/servers_controller.rb index 7d54eb6..6d8ac75 100644 --- a/app/controllers/servers_controller.rb +++ b/app/controllers/servers_controller.rb @@ -1,5 +1,6 @@ class ServersController < ApplicationController before_action :set_server, only: [:show, :edit, :update, :destroy] + before_action :check_perms # GET /servers # GET /servers.json @@ -67,6 +68,15 @@ class ServersController < ApplicationController @server = Server.find(params[:id]) end + def check_perms + unless (signed_in? and current_user.in_group(:admin)) + respond_to do |format| + format.html { render action: 'permission_denied', status: :forbidden } + format.json { render json: "Permission denied", status: :forbidden } + end + end + end + # Never trust parameters from the scary internet, only allow the white list through. def server_params params[:server] |