Skip to content

Commit

Permalink
Locked down dashboard to admins
Browse files Browse the repository at this point in the history
  • Loading branch information
@augustf
augustf committed May 6, 2012
1 parent ebc5126 commit df36d6a
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion app/controllers/dashboard_controller.rb
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,14 @@
class DashboardController < ApplicationController

# GET /dashboard
def index
authorize! :read, @concerto_config

This comment has been minimized.

Sign in to view

Copy link
@bamnet

bamnet May 6, 2012

Member

Maybe I'm feeling particularly dumb at the moment, but where is @concerto_config getting set? I think the only reason this is working is because admins can manage "everything" and nil is considered part of everything. I think you could get away with passing in a ConcertoConfig class which would be a bit safer if the nil functionality breaks.
@concerto_configs = ConcertoConfig.all
end

#get a hash of concerto_config keysand values and update them using the ConcertoConfig setter
def update
authorize! :update, @concerto_config
params[:concerto_config].each do |k,v|
ConcertoConfig.set(k,v)
end
Expand Down

0 comments on commit df36d6a

Please sign in to comment.