diff options
author | Felipe Artur <felipefac@gmail.com> | 2016-03-29 12:24:42 -0300 |
---|---|---|
committer | Felipe Artur <felipefac@gmail.com> | 2016-04-18 11:12:27 -0300 |
commit | 57519565f167cb771ffed504feefe7b0eb37c027 (patch) | |
tree | 07d6d44f9b9995b4f7c47513ed0f4bb61acdd725 /app/controllers/users_controller.rb | |
parent | b05f0a48584ea45cc89a8efaafd8e54642b8497c (diff) | |
download | gitlab-ce-57519565f167cb771ffed504feefe7b0eb37c027.tar.gz |
Move verification to abilities
Diffstat (limited to 'app/controllers/users_controller.rb')
-rw-r--r-- | app/controllers/users_controller.rb | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 49ddcfed7b1..69b66e161cf 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,7 +1,8 @@ class UsersController < ApplicationController skip_before_action :authenticate_user! - before_action :set_user - before_filter :authorize_read_user, only: [:show] + #TO-DO Remove this "set_user" before action. It is not good to use before filters for loading database records. + before_action :set_user, except: [:show] + before_action :authorize_read_user, only: [:show] def show respond_to do |format| @@ -76,7 +77,8 @@ class UsersController < ApplicationController private def authorize_read_user - render_404 unless @user.public? + set_user + render_404 unless can?(current_user, :read_user, @user) end def set_user |