security improved

2011-10-17 13:39:03 +03:00 · 2011-10-17 13:39:03 +03:00 · 783ca89796
commit 783ca89796
parent b08e4074b4
9 changed files with 74 additions and 26 deletions
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@ -52,12 +52,11 @@ class SnippetsController < ApplicationController

  def destroy
    @snippet = @project.snippets.find(params[:id])
-    authorize_admin_snippet! unless @snippet.author == current_user
+
+    return access_denied! unless can?(current_user, :admin_snippet, @snippet)

    @snippet.destroy

-    respond_to do |format|
-      format.js { render :nothing => true }  
-    end
+    redirect_to project_snippets_path(@project)
  end
 end