diff options
Diffstat (limited to 'app/controllers/groups/labels_controller.rb')
-rw-r--r-- | app/controllers/groups/labels_controller.rb | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/app/controllers/groups/labels_controller.rb b/app/controllers/groups/labels_controller.rb index 57bca5ebc52..f927cae90b1 100644 --- a/app/controllers/groups/labels_controller.rb +++ b/app/controllers/groups/labels_controller.rb @@ -4,7 +4,8 @@ class Groups::LabelsController < Groups::ApplicationController include ToggleSubscriptionAction before_action :label, only: [:edit, :update, :destroy] - before_action :authorize_admin_labels!, only: [:new, :create, :edit, :update, :destroy] + before_action :authorize_group_for_admin_labels!, only: [:new, :create, :edit, :update, :destroy] + before_action :authorize_label_for_admin_label!, only: [:edit, :update, :destroy] before_action :save_previous_label_path, only: [:edit] respond_to :html @@ -75,10 +76,14 @@ class Groups::LabelsController < Groups::ApplicationController protected - def authorize_admin_labels! + def authorize_group_for_admin_labels! return render_404 unless can?(current_user, :admin_label, @group) end + def authorize_label_for_admin_label! + return render_404 unless can?(current_user, :admin_label, @label) + end + def authorize_read_labels! return render_404 unless can?(current_user, :read_label, @group) end |