Fixed 500 caused by editting a user when not allowed to (#2108)

2020-09-21 13:20:15 -04:00 · 2020-09-21 13:20:15 -04:00 · 360783606e
parent 74ebb15dad
commit 360783606e
2 changed files with 4 additions and 4 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -223,8 +223,8 @@ class UsersController < ApplicationController

  # Checks that the user is allowed to edit this user
  def check_admin_of
-    redirect_to current_user.main_room if current_user &&
-                                          @user != current_user &&
-                                          !current_user.admin_of?(@user, "can_manage_users")
+    redirect_to root_path if current_user &&
+                             @user != current_user &&
+                             !current_user.admin_of?(@user, "can_manage_users")
  end
 end
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -65,7 +65,7 @@ describe UsersController, type: :controller do

      get :edit, params: { user_uid: user2.uid }

-      expect(response).to redirect_to(user.main_room)
+      expect(response).to redirect_to(root_path)
    end

    it "allows admins to edit other users" do