turniere
/
turniere-backend
mirror of https://github.com/turniere/turniere-backend.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add require_owner! filter action

This commit is contained in:
Thor77 2018-11-24 19:14:31 +01:00
parent a045b6c425
commit 668584c68b
No known key found for this signature in database
GPG Key ID: 5051E71B46AA669A
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/controllers/application_controller.rb
View File

@ -10,4 +10,18 @@ class ApplicationController < ActionController::API
def configure_permitted_parameters def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:username]) devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
end end
private
def require_owner! owner
render_forbidden_error if owner != current_user
end
def render_forbidden_error
render json: {
errors: [
'Only the parent tournament owner can update this resource'
]
}, status: :forbidden
end
end end