Navigation Menu

Skip to content

Commit

Permalink
fixed some bogons re security checks relying on renamed methods; mino…
Browse files Browse the repository at this point in the history 
…r ui tweaks
  • Loading branch information
Dave Aronson committed Nov 25, 2011
1 parent a8ea931 commit a709545
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 10 deletions.
14 changes: 7 additions & 7 deletions app/controllers/users_controller.rb
View file
Expand Up @@ -10,7 +10,7 @@ def index
format.html # index.html.erb
format.json { render json: @users }
else
format.html { redirect_to root_path, notice: no_peeking }
format.html { redirect_to root_path, notice: "No peeking at other people's stuff!" }
end
end
end
Expand All @@ -19,7 +19,7 @@ def index
# GET /users/1.json
def show
@user = User.find(params[:id])
check_access @user
return if ! can_access @user

respond_to do |format|
format.html # show.html.erb
Expand All @@ -31,7 +31,7 @@ def show
# GET /users/new.json
def new
@user = User.new
check_access @user
return if ! can_access @user

respond_to do |format|
format.html # new.html.erb
Expand All @@ -42,14 +42,14 @@ def new
# GET /users/1/edit
def edit
@user = User.find(params[:id])
check_access @user
return if ! can_access @user
end

# POST /users
# POST /users.json
def create
@user = User.new(params[:user])
check_access @user
return if ! can_access @user

respond_to do |format|
if @user.save
Expand All @@ -66,7 +66,7 @@ def create
# PUT /users/1.json
def update
@user = User.find(params[:id])
check_access @user
return if ! can_access @user

respond_to do |format|
if @user.update_attributes(params[:user])
Expand All @@ -83,7 +83,7 @@ def update
# DELETE /users/1.json
def destroy
@user = User.find(params[:id])
check_access @user
return if ! can_access @user
@user.destroy

respond_to do |format|
Expand Down
2 changes: 1 addition & 1 deletion app/helpers/application_helper.rb
View file
Expand Up @@ -6,7 +6,7 @@ def can_access obj
else
respond_to do |format|
format.html { redirect_to root_path,
notice: 'No peeking at other people\'s stuff!' }
notice: "No peeking at other people's stuff!" }
end
false
end
Expand Down
4 changes: 2 additions & 2 deletions app/views/layouts/application.html.erb
View file
Expand Up @@ -10,8 +10,8 @@
<div align="center">
<%= render "devise/menu/make_or_edit_registration_links" %> | <%= render "devise/menu/log_in_or_out_links" %>
<h1 align="center"><%=title%></h1>
<p class="notice"><%= notice %></p>
<p class="alert"><%= alert %></p>
<% if notice %><h2 class="notice"><%= notice %></h2><% end %>
<% if alert %><h2 class="alert"><%= alert %></h2><% end %>
<%= yield %>
</div>
Expand Down

0 comments on commit a709545

Please sign in to comment.