diff options
Diffstat (limited to 'app/controllers/notification_settings_controller.rb')
-rw-r--r-- | app/controllers/notification_settings_controller.rb | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/app/controllers/notification_settings_controller.rb b/app/controllers/notification_settings_controller.rb index 5d425ad8420..acda174c229 100644 --- a/app/controllers/notification_settings_controller.rb +++ b/app/controllers/notification_settings_controller.rb @@ -2,12 +2,16 @@ class NotificationSettingsController < ApplicationController before_action :authenticate_user! def create - project = current_user.projects.find(params[:project][:id]) + project = Project.find(params[:project][:id]) - @notification_setting = current_user.notification_settings_for(project) - @saved = @notification_setting.update_attributes(notification_setting_params) + if can?(current_user, :read_project, project) + @notification_setting = current_user.notification_settings_for(project) + @saved = @notification_setting.update_attributes(notification_setting_params) - render_response + render_response + else + render_404 + end end def update @@ -21,7 +25,7 @@ class NotificationSettingsController < ApplicationController def render_response render json: { - html: view_to_html_string("notifications/buttons/_notifications", notification_setting: @notification_setting), + html: view_to_html_string("shared/notifications/buttons/_button", notification_setting: @notification_setting), saved: @saved } end |