[bbb-greenlight: 10/18] Fixed bug allowing users to access their own room when they aren't allowed (#2054)

From: Bartłomiej Piotrowski <bpiotrowski src gnome org>
To: commits-list gnome org
Cc:
Subject: [bbb-greenlight: 10/18] Fixed bug allowing users to access their own room when they aren't allowed (#2054)
Date: Fri, 18 Sep 2020 06:13:00 +0000 (UTC)


commit cb700404f3521591081a515457bca3414523d181
Author: Ahmad Farhat <ahmad af farhat gmail com>
Date:   Wed Sep 2 13:45:29 2020 -0400

    Fixed bug allowing users to access their own room when they aren't allowed (#2054)

 app/controllers/rooms_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)
---
diff --git a/app/controllers/rooms_controller.rb b/app/controllers/rooms_controller.rb
index be09e6e..3cf560e 100644
--- a/app/controllers/rooms_controller.rb
+++ b/app/controllers/rooms_controller.rb
@@ -70,6 +70,11 @@ class RoomsController < ApplicationController
 
     # If its the current user's room
     if current_user && (@room.owned_by?(current_user) || @shared_room)
+      # If the user is trying to access their own room but is not allowed to
+      if @room.owned_by?(current_user) && !current_user.role.get_permission("can_create_rooms")
+        return redirect_to cant_create_rooms_path
+      end
+
       # User is allowed to have rooms
       @search, @order_column, @order_direction, recs =
         recordings(@room.bbb_id, params.permit(:search, :column, :direction), true)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]