[bbb-greenlight: 10/18] Fixed bug allowing users to access their own room when they aren't allowed (#2054)
- From: Bartłomiej Piotrowski <bpiotrowski src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [bbb-greenlight: 10/18] Fixed bug allowing users to access their own room when they aren't allowed (#2054)
- Date: Fri, 18 Sep 2020 06:13:00 +0000 (UTC)
commit cb700404f3521591081a515457bca3414523d181
Author: Ahmad Farhat <ahmad af farhat gmail com>
Date: Wed Sep 2 13:45:29 2020 -0400
Fixed bug allowing users to access their own room when they aren't allowed (#2054)
app/controllers/rooms_controller.rb | 5 +++++
1 file changed, 5 insertions(+)
---
diff --git a/app/controllers/rooms_controller.rb b/app/controllers/rooms_controller.rb
index be09e6e..3cf560e 100644
--- a/app/controllers/rooms_controller.rb
+++ b/app/controllers/rooms_controller.rb
@@ -70,6 +70,11 @@ class RoomsController < ApplicationController
# If its the current user's room
if current_user && (@room.owned_by?(current_user) || @shared_room)
+ # If the user is trying to access their own room but is not allowed to
+ if @room.owned_by?(current_user) && !current_user.role.get_permission("can_create_rooms")
+ return redirect_to cant_create_rooms_path
+ end
+
# User is allowed to have rooms
@search, @order_column, @order_direction, recs =
recordings(@room.bbb_id, params.permit(:search, :column, :direction), true)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]