lino.jorzick
/
greenlight
forked from External/greenlight
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed 500 caused by editting a user when not allowed to (#2108)

This commit is contained in:
Ahmad Farhat 2020-09-21 13:20:15 -04:00 committed by GitHub
parent 74ebb15dad
commit 360783606e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/users_controller.rb
View File

@ -223,8 +223,8 @@ class UsersController < ApplicationController
# Checks that the user is allowed to edit this user # Checks that the user is allowed to edit this user
def check_admin_of def check_admin_of
redirect_to current_user.main_room if current_user && redirect_to root_path if current_user &&
@user != current_user && @user != current_user &&
!current_user.admin_of?(@user, "can_manage_users") !current_user.admin_of?(@user, "can_manage_users")
end end
end end

2
spec/controllers/users_controller_spec.rb
View File

@ -65,7 +65,7 @@ describe UsersController, type: :controller do
get :edit, params: { user_uid: user2.uid } get :edit, params: { user_uid: user2.uid }
expect(response).to redirect_to(user.main_room) expect(response).to redirect_to(root_path)
end end
it "allows admins to edit other users" do it "allows admins to edit other users" do