Rollback one change from previous commit
S5 should not be visible on unpublished, password-protected webs.
This commit is contained in:
Jacques Distler
parent
155dc88891
commit
73120cdc1c
2 changed files with 4 additions and 3 deletions
|
|
@ -222,14 +222,15 @@ class ApplicationController < ActionController::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
def authorization_needed?
|
def authorization_needed?
|
||||||
not %w(login authenticate feeds published atom_with_headlines atom_with_content s5 file blahtex_png).include?(action_name)
|
not %w(login authenticate feeds published atom_with_headlines atom_with_content file blahtex_png).include?(action_name)
|
||||||
end
|
end
|
||||||
|
|
||||||
def authorized?
|
def authorized?
|
||||||
@web.nil? or
|
@web.nil? or
|
||||||
@web.password.nil? or
|
@web.password.nil? or
|
||||||
cookies[CGI.escape(@web_name)] == @web.password or
|
cookies[CGI.escape(@web_name)] == @web.password or
|
||||||
password_check(params['password'])
|
password_check(params['password']) or
|
||||||
|
(@web.published? and action_name == 's5')
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -38,7 +38,7 @@ class FileController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def blahtex_png
|
def blahtex_png
|
||||||
send_file(@web.blahtex_pngs_path + '/' + params['id'])
|
send_file(@web.blahtex_pngs_path + '/' + params['id']) if check_authorized
|
||||||
end
|
end
|
||||||
|
|
||||||
def delete
|
def delete
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue