Revision a8134ab0
Added by Ohad Levy almost 12 years ago
- ID a8134ab01177a4e6291ff3419d2aa089c7f9a4bc
app/controllers/users_controller.rb | ||
---|---|---|
def authorize(ctrl = params[:controller], action = params[:action])
|
||
# Editing self is true when the user is granted access to just their own account details
|
||
|
||
if action == 'auto_complete_search' and User.current.allowed_to?({:controller => ctrl, :action => 'index'})
|
||
return true
|
||
end
|
||
|
||
self.editing_self = false
|
||
return true if User.current.allowed_to?({:controller => ctrl, :action => action})
|
||
if (action =~ /edit|update/ and params[:id].to_i == User.current.id)
|
Also available in: Unified diff
ensures that auto completer for users search works even when you are not an admin