mirror of
https://github.com/Growstuff/growstuff.git
synced 2026-02-07 08:01:02 -05:00
a3b7822268
Removed JSON from classes that shouldn't have it. (PT: https://www.pivotaltracker.com/story/show/54570954) Also found a couple of controllers with broken authorization (i.e. not checking CanCan). Incidentally, this also fixes the comment form bug at https://www.pivotaltracker.com/story/show/54328716.
19 lines
521 B
Ruby
19 lines
521 B
Ruby
class ApplicationController < ActionController::Base
|
|
protect_from_forgery
|
|
|
|
include ApplicationHelper
|
|
|
|
# tweak CanCan defaults because we don't have a "current_user" method
|
|
# this means that we use current_user in specs but current_member everywhere
|
|
# else in the code.
|
|
def current_ability
|
|
@current_ability ||= Ability.new(current_member)
|
|
end
|
|
|
|
# CanCan error handling
|
|
rescue_from CanCan::AccessDenied do |exception|
|
|
redirect_to request.referer || root_url, :alert => exception.message
|
|
end
|
|
|
|
end
|