fix plugin permissions check

This commit is contained in:
Lee Lawlor 2014-05-12 10:55:24 -04:00
parent 9870e35fdf
commit 077cc8bb57

View File

@ -5,11 +5,7 @@ class PluginsController < ApplicationController
def check_permission def check_permission
@plugin = Plugin.find(params[:id]) @plugin = Plugin.find(params[:id])
if current_user.present? && @plugin.user_id != current_user.id respond_with_error(:error_auth_required) and return if current_user.blank? || (@plugin.user_id != current_user.id)
render :text=> "#{t(:permission)} #{t(:plugin)}", :layout => true and return
return true
end
return false
end end
def index def index
@ -73,21 +69,18 @@ class PluginsController < ApplicationController
end end
def show def show
# Have to check permissions in the method so I can use show to display public, or private plugins
@plugin = Plugin.find(params[:id]) @plugin = Plugin.find(params[:id])
if @plugin.private?
return if require_user # make sure the user can access this plugin
render :text=> "#{t(:permission)} #{t(:plugin)}", :layout => true and return if check_permission if (@plugin.private_flag == true)
respond_with_error(:error_auth_required) and return if current_user.blank? || (@plugin.user_id != current_user.id)
end end
@output = @plugin.html.sub('%%PLUGIN_CSS%%', @plugin.css).sub('%%PLUGIN_JAVASCRIPT%%', @plugin.js) @output = @plugin.html.sub('%%PLUGIN_CSS%%', @plugin.css).sub('%%PLUGIN_JAVASCRIPT%%', @plugin.js)
if @plugin.private?
render :layout => false and return
else
if request.url.include? api_domain if request.url.include? api_domain
render :layout => false and return render :layout => false and return
else else
protocol = ssl protocol = ssl
host = api_domain.split('://')[1] host = api_domain.split('://')[1]
@ -97,7 +90,7 @@ class PluginsController < ApplicationController
:action => "show", :action => "show",
:id => @plugin.id and return :id => @plugin.id and return
end end
end
end end
def show_public def show_public