diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/application_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/referentials_controller.rb | 8 |
2 files changed, 9 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 45b7f55f6..c4961123d 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -28,7 +28,7 @@ class ApplicationController < ActionController::Base protected def user_not_authorized - redirect_to forbidden_path + render 'errors/forbidden', status: 403 end def current_organisation diff --git a/app/controllers/referentials_controller.rb b/app/controllers/referentials_controller.rb index 5267c15d8..6e3694547 100644 --- a/app/controllers/referentials_controller.rb +++ b/app/controllers/referentials_controller.rb @@ -7,6 +7,8 @@ class ReferentialsController < ChouetteController respond_to :json, :only => :show respond_to :js, :only => :show + before_action :check_cloning_source_is_accessible, only: %i(new create) + def new new! do build_referential @@ -175,6 +177,12 @@ class ReferentialsController < ChouetteController ) end + def check_cloning_source_is_accessible + return unless params[:from] + source = Referential.find params[:from] + return user_not_authorized unless current_user.organisation.workgroups.include?(source.workbench.workgroup) + end + def load_workbench @workbench ||= Workbench.find(params[:workbench_id]) if params[:workbench_id] @workbench ||= resource&.workbench if params[:id] |