Another security issue herp derp

This commit is contained in:
Rien Maertens 2019-04-18 20:45:56 +02:00
parent 7e991bd5bc
commit 7f30b99dde
No known key found for this signature in database
GPG key ID: 10C6D8C91DE58E4A

View file

@ -16,7 +16,7 @@ class ApplicationController < ActionController::Base
end end
def authenticate_user_or_client! def authenticate_user_or_client!
current_user || current_client || user_token || redirect_to(root_path, flash: { notice: "You have been redirected." }) user_token || current_client || current_user || redirect_to(root_path, flash: { notice: "You have been redirected." })
end end
def current_client def current_client
@ -28,7 +28,7 @@ class ApplicationController < ActionController::Base
def current_ability def current_ability
@current_ability ||= @current_ability ||=
current_client.try { |c| ClientAbility.new(c) } || current_client.try { |c| ClientAbility.new(c) } ||
UserAbility.new(current_user || user_token) UserAbility.new(user_token || current_user)
end end
def user_token def user_token