midgard/tab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Don't allow users to see each others balances

Browse source
This commit is contained in:
redfast00 2019-04-10 11:58:48 +02:00
parent 008f56a563
commit 51a045dae9
No known key found for this signature in database
GPG key ID: 5946E0E34FD0553C
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/users_controller.rb
View file

@ -4,7 +4,7 @@ class UsersController < ApplicationController
before_action :authenticate_user!, except: :show
before_action :authenticate_user_or_client!, only: :show
load_and_authorize_resource except: :show, find_by: :name
load_and_authorize_resource find_by: :name
def show
@user = User.find_by(name: params[:id]) || User.new