Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Corrected issues with profile security: logged out users should not b…

…e able to view mentees, mentees cannot view other mentees.
  • Loading branch information...
commit fd18b755f31a34277ca15d855df4dfd271692a25 1 parent d18c36f
@dmhaffner dmhaffner authored
View
2  app/controllers/mentees_controller.rb
@@ -1,6 +1,6 @@
class MenteesController < ApplicationController
- before_filter :authenticate, :except => [:index, :show, :new, :create]
+ before_filter :authenticate, :except => [:new, :create]
def authenticate
if session[:id]==nil
View
12 app/controllers/mentors_controller.rb
@@ -123,12 +123,12 @@ def index
# GET /mentors/1.xml
def show
# Mentors cannot view other mentors profiles
- if (session[:usertype] == :mentor)
- if (params[:id].to_s != session[:id].to_s)
- redirect_to '/mentors', :notice => 'You cannot view the profiles of other mentors.'
- return
- end
- end
+# if (session[:usertype] == :mentor)
+# if (params[:id].to_s != session[:id].to_s)
+# redirect_to '/mentors', :notice => 'You cannot view the profiles of other mentors.'
+# return
+# end
+# end
@mentor = Mentor.find(params[:id])
@availability_calendar = @mentor.availability_calendar
View
84 app/views/mentors/#index.html.erb#
@@ -0,0 +1,84 @@
+<style type="text/css">
+#FilterDiv {
+/*float: left; */
+width: 200px;
+position:absolute;
+}
+#FilterDiv label {
+display:block;
+}
+th a {
+color: white;
+}
+</style>
+
+<h1>Mentors</h1>
+<div id="FilterDiv" style="">
+ <strong>Filter</strong>
+ <%= form_tag "/mentors", :method => "get" do %>
+ <% @filterables.each do |f| %>
+ <p></p>
+ <%=f.first%>
+ <br />
+ <% f.each do |str| %>
+ <% if str == f.first then %>
+ <% next %>
+ <% end %>
+ <label>
+ <% if @checked.include?(str) %>
+ <%= check_box_tag(f.first+str,str,checked = true) %>
+ <% else %>
+ <%= check_box_tag(f.first+str,str,checked = false) %>
+ <% end %>
+ <%= str %>
+ </label>
+ <% end %>
+ <% end %>
+ <p></p>
+ <%= submit_tag("Filter") %>
+ <% end %>
+<a href="/mentors">Clear Filter</a>
+</div>
+
+<style>
+.mentorRowCol {
+ display: inline-block;
+ width:200px;
+ vertical-align:top;
+ padding:5px;
+}
+.mentorRowColFirst {
+ width:155px !important;
+}
+.mentorRow {
+ position:relative;
+ left:200px;
+ width:620px;
+ border: 2px red solid;
+ padding:3px;
+ margin:12px 0px;
+}
+</style>
+
+<% if
+<% if @mentors != false %>
+<% @mentors.each do |mentor| %>
+<div class="mentorRow">
+ <div class="mentorRowCol mentorRowColFirst">
+ <%= link_to mentor.name, mentor %><br />
+ <a href="<%=url_for(mentor) %>"><%= image_tag mentor.gravatar_url(:size => 50,:default =>"wavatar") %></a>
+ </div>
+ <div class="mentorRowCol">
+ Location: <%= mentor.location %><br />
+ Current Position: <%= mentor.current_position %><br />
+ Total Years Experience: <%= mentor.total_years_experience %>
+ </div>
+ <div class="mentorRowCol">
+ Skill Set:
+ <% mentor.skills.each do |e| %>
+ <br/><%=e.title%> (<%=e.comfort_level%>)
+ <% end %>
+ </div>
+</div>
+<% end %>
+<% end %>
Please sign in to comment.
Something went wrong with that request. Please try again.