diff options
| author | Bob Van Landuyt <bob@vanlanduyt.co> | 2017-10-10 14:34:20 +0300 |
|---|---|---|
| committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2017-10-10 15:09:56 +0300 |
| commit | 3fe7f31ac047e1b9ba3ae53cea17012ce2f7f3e7 (patch) | |
| tree | db9592d83e076aecc416350848b09dd90d6e39e0 /app/controllers/groups_controller.rb | |
| parent | deb45634ae841d64d1756c4cc0dc3c442e171ba9 (diff) | |
Use `GroupFinder` to check if a user can read a group
Diffstat (limited to 'app/controllers/groups_controller.rb')
| -rw-r--r-- | app/controllers/groups_controller.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index b1deb29c61f..8c2053e8574 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -60,12 +60,14 @@ class GroupsController < Groups::ApplicationController def children parent = if params[:parent_id].present? - Group.find(params[:parent_id]) + GroupFinder.new(current_user).execute(id: params[:parent_id]) else @group end - if parent.nil? || !can?(current_user, :read_group, parent) + + if parent.nil? render_404 + return end setup_children(parent) |