Don't allow users to see each others balances

This commit is contained in:
redfast00 2019-04-10 11:58:48 +02:00
parent 008f56a563
commit 51a045dae9
No known key found for this signature in database
GPG key ID: 5946E0E34FD0553C

View file

@ -4,7 +4,7 @@ class UsersController < ApplicationController
before_action :authenticate_user!, except: :show
before_action :authenticate_user_or_client!, only: :show
load_and_authorize_resource except: :show, find_by: :name
load_and_authorize_resource find_by: :name
def show
@user = User.find_by(name: params[:id]) || User.new