diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-04-03 12:59:55 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-04-03 12:59:55 +0000 |
| commit | 3e787f7e7d0a013376735dbe2b60054166a61499 (patch) | |
| tree | 79fc54ce0cdf4f1b1e31c4b5501f87713f52310e /app/controllers | |
| parent | a8d8c213bb61e702b6266b6f5ae71ad6be647614 (diff) | |
| download | redmine-3e787f7e7d0a013376735dbe2b60054166a61499.tar.gz redmine-3e787f7e7d0a013376735dbe2b60054166a61499.zip | |
Deny edit/update/delete for anonymous user (#25483).
Patch by Holger Just.
git-svn-id: http://svn.redmine.org/redmine/trunk@16464 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/users_controller.rb | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 7dcaa7962..f26b9b6d8 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -20,7 +20,8 @@ class UsersController < ApplicationController self.main_menu = false before_action :require_admin, :except => :show - before_action :find_user, :only => [:show, :edit, :update, :destroy] + before_action ->{ find_user(false) }, :only => :show + before_action :find_user, :only => [:edit, :update, :destroy] accept_api_auth :index, :show, :create, :update, :destroy helper :sort @@ -174,10 +175,12 @@ class UsersController < ApplicationController private - def find_user + def find_user(logged = true) if params[:id] == 'current' require_login || return @user = User.current + elsif logged + @user = User.logged.find(params[:id]) else @user = User.find(params[:id]) end |