From bcfa571b0328a4b3e94479a31c027621ceb86ad5 Mon Sep 17 00:00:00 2001
From: Luke Shumaker <shumakl@purdue.edu>
Date: Fri, 4 Apr 2014 20:35:16 -0400
Subject: Implement the new security mechanism

---
 app/controllers/alerts_controller.rb | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

(limited to 'app/controllers/alerts_controller.rb')

diff --git a/app/controllers/alerts_controller.rb b/app/controllers/alerts_controller.rb
index d2b1558..333022a 100644
--- a/app/controllers/alerts_controller.rb
+++ b/app/controllers/alerts_controller.rb
@@ -1,7 +1,4 @@
 class AlertsController < ApplicationController
-	before_action :set_alert, only: [:show, :edit, :update, :destroy]
-	before_action :check_perms, only: [:new, :create, :edit, :update, :destroy]
-
 	# GET /alerts
 	# GET /alerts.json
 	def index
@@ -63,18 +60,14 @@ class AlertsController < ApplicationController
 	end
 
 	private
+
 	# Use callbacks to share common setup or constraints between actions.
 	def set_alert
 		@alert = Alert.find(params[:id])
 	end
 
-	def check_perms
-		unless (signed_in? and (current_user.in_group?(:admin) or current_user.in_group?(:host)))
-			respond_to do |format|
-				format.html { render action: 'permission_denied', status: :forbidden }
-				format.json { render json: "Permission denied", status: :forbidden }
-			end
-		end
+	def is_owner?(object)
+		object.author == current_user
 	end
 
 	# Never trust parameters from the scary internet, only allow the white list through.
-- 
cgit v1.2.3