diff options
Diffstat (limited to 'app/controllers/users_controller.rb')
-rw-r--r-- | app/controllers/users_controller.rb | 21 |
1 files changed, 2 insertions, 19 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 60857f1..82edae7 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,7 +1,4 @@ class UsersController < ApplicationController - before_action :set_user, only: [:show, :edit, :update, :destroy] - before_action :perms_edit, only: [:edit, :update, :destroy] - before_action :perms_create, only: [:new, :create] # GET /users # GET /users.json @@ -69,22 +66,8 @@ class UsersController < ApplicationController @user = User.find(params[:id]) end - def perms_edit - unless (current_user == @user) or (signed_in? and current_user.in_group? :admin) - respond_to do |format| - format.html { render action: 'permission_denied', status: :forbidden } - format.json { render json: "Permission denied", status: :forbidden } - end - end - end - - def perms_create - if signed_in? - respond_to do |format| - format.html { render action: 'already_signed_in', status: :unprocessable_entity } - format.json { render json: "Already signed in", status: :unprocessable_entity } - end - end + def is_owner?(object) + object == current_user end # Never trust parameters from the scary internet, only allow the white list through. |