lino.jorzick/greenlight
1
0
Fork 0
forked from External/greenlight
Code Issues Pull Requests Projects Releases Wiki Activity

GRN2-xx: Admin actions are now dictated by the correct role permission (#1140)

Browse Source 
* Admin actions are now dictated by the correct role permission

* Rspec fix

Co-authored-by: Jesus Federico <jesus@123it.ca>
This commit is contained in:
Ahmad Farhat
2020-04-01 10:58:13 -04:00
committed by GitHub
parent c72d77dbcb
commit 348713d4df
9 changed files with 144 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/admins_controller.rb
View File

@ -309,7 +309,7 @@ class AdminsController < ApplicationController
# Verifies that admin is an administrator of the user in the action
def verify_admin_of_user
redirect_to admins_path,
flash: { alert: I18n.t("administrator.flash.unauthorized") } unless current_user.admin_of?(@user)
flash: { alert: I18n.t("administrator.flash.unauthorized") } unless current_user.admin_of?(@user, "can_manage_users")
end
# Creates the invite if it doesn't exist, or updates the updated_at time if it does