Permalink
Browse files

For read, ask the record. For create/update/delete, demand superuser

  • Loading branch information...
1 parent 7516756 commit 8c794937b553b86210dbe121686a2380a10bdc58 @sartak sartak committed Feb 24, 2011
Showing with 3 additions and 8 deletions.
  1. +3 −8 lib/Jifty/Plugin/RecordHistory/Model/Change.pm
@@ -76,15 +76,10 @@ sub delegate_current_user_can {
my $right = shift;
my %args = @_;
- my $record = $self->__record(%args);
+ return $self->__record(%args)->current_user_can($right) if $right eq 'read';
- if ($record->can('current_user_can_for_change')) {
- return $record->current_user_can_for_change($right, %args, change => $self);
- }
-
- $right = 'update' if $right ne 'read';
-
- return $self->__record(%args)->current_user_can($right);
+ # only superuser can create, update, and delete change entries
+ return $self->current_user->is_superuser;
}
sub add_change_field {

0 comments on commit 8c79493

Please sign in to comment.