Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

For read, ask the record. For create/update/delete, demand superuser

  • Loading branch information...
commit 8c794937b553b86210dbe121686a2380a10bdc58 1 parent 7516756
@sartak sartak authored
Showing with 3 additions and 8 deletions.
  1. +3 −8 lib/Jifty/Plugin/RecordHistory/Model/Change.pm
View
11 lib/Jifty/Plugin/RecordHistory/Model/Change.pm
@@ -76,15 +76,10 @@ sub delegate_current_user_can {
my $right = shift;
my %args = @_;
- my $record = $self->__record(%args);
+ return $self->__record(%args)->current_user_can($right) if $right eq 'read';
- if ($record->can('current_user_can_for_change')) {
- return $record->current_user_can_for_change($right, %args, change => $self);
- }
-
- $right = 'update' if $right ne 'read';
-
- return $self->__record(%args)->current_user_can($right);
+ # only superuser can create, update, and delete change entries
+ return $self->current_user->is_superuser;
}
sub add_change_field {
Please sign in to comment.
Something went wrong with that request. Please try again.