diff options
Diffstat (limited to 'app/controllers/alerts_controller.rb')
-rw-r--r-- | app/controllers/alerts_controller.rb | 13 |
1 files changed, 3 insertions, 10 deletions
diff --git a/app/controllers/alerts_controller.rb b/app/controllers/alerts_controller.rb index d2b1558..333022a 100644 --- a/app/controllers/alerts_controller.rb +++ b/app/controllers/alerts_controller.rb @@ -1,7 +1,4 @@ class AlertsController < ApplicationController - before_action :set_alert, only: [:show, :edit, :update, :destroy] - before_action :check_perms, only: [:new, :create, :edit, :update, :destroy] - # GET /alerts # GET /alerts.json def index @@ -63,18 +60,14 @@ class AlertsController < ApplicationController end private + # Use callbacks to share common setup or constraints between actions. def set_alert @alert = Alert.find(params[:id]) end - def check_perms - unless (signed_in? and (current_user.in_group?(:admin) or current_user.in_group?(:host))) - respond_to do |format| - format.html { render action: 'permission_denied', status: :forbidden } - format.json { render json: "Permission denied", status: :forbidden } - end - end + def is_owner?(object) + object.author == current_user end # Never trust parameters from the scary internet, only allow the white list through. |