Revision 5f65c486
Added by Dominic Cleal about 10 years ago
app/controllers/api/base_controller.rb | ||
---|---|---|
resource_identifying_attributes.each do |key|
|
||
find_method = "find_by_#{key}"
|
||
model = md[1].classify.constantize
|
||
controller = "#{md[1].pluralize}_#{controller_name}"
|
||
controller = md[1].pluralize
|
||
authorized_scope = model.authorized("#{action_permission}_#{controller}")
|
||
@nested_obj ||= authorized_scope.send(find_method, params[param])
|
||
end
|
Also available in: Unified diff
fixes #5612 - use correct permissions for authz in parameters API
(cherry picked from commit 7cb05aa94e942bd3917c6cde33957288ea84a735)