Page MenuHomeGRNET
Files F1299874

No OneTemporary
Actions

File Metadata

Created
Wed, Nov 19, 3:11 AM

View Options

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 2838975..ef79c33 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,24 +1,31 @@
class UsersController < ApplicationController
before_action :authenticate_user!
before_action :user, only: [:token, :generate_token]
# GET /users/1/token
def token
end
# POST /users/1/generate_token
def generate_token
@user.token = SecureRandom.hex(10)
@user.save!
redirect_to token_user_path(@user)
end
private
def user
@user ||= User.find(params[:id])
+
+ # Guard access to other user tokens
+ if current_user.id != @user.id && !admin?
+ redirect_to(root_path, alert: 'You need admin rights for that!')
+ end
+
+ @user
end
end

Event Timeline