lino.jorzick
/
greenlight
forked from External/greenlight
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed bug allowing users to access their own room when they aren't allowed (#2054)

This commit is contained in:
Ahmad Farhat 2020-09-02 13:45:29 -04:00 committed by GitHub
parent f85fb90cae
commit cb700404f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/rooms_controller.rb
View File

@ -70,6 +70,11 @@ class RoomsController < ApplicationController
# If its the current user's room
if current_user && (@room.owned_by?(current_user) || @shared_room)
# If the user is trying to access their own room but is not allowed to
if @room.owned_by?(current_user) && !current_user.role.get_permission("can_create_rooms")
return redirect_to cant_create_rooms_path
end
# User is allowed to have rooms
@search, @order_column, @order_direction, recs =
recordings(@room.bbb_id, params.permit(:search, :column, :direction), true)