DirectUploadsController only accepts confirmed users
This commit is contained in:
parent
10c991be89
commit
d68b68fb70
2 changed files with 14 additions and 6 deletions
|
@ -39,11 +39,15 @@ module Controllers::User::Authorization
|
||||||
QueryRoles.user_has_role?(current_user.id, role_names, host_id)
|
QueryRoles.user_has_role?(current_user.id, role_names, host_id)
|
||||||
end
|
end
|
||||||
|
|
||||||
def authenticate_confirmed_user!
|
def authenticate_confirmed_user!(msg=nil, type= :html)
|
||||||
if !current_user
|
if !current_user
|
||||||
reject_with_sign_in
|
reject_with_sign_in(msg, type)
|
||||||
elsif !current_user.confirmed? && !current_role?(%i[super_associate super_admin])
|
elsif !current_user.confirmed? && !current_role?(%i[super_associate super_admin])
|
||||||
|
if type == :html
|
||||||
redirect_to new_user_confirmation_path, flash: { error: 'You need to confirm your account to do that.' }
|
redirect_to new_user_confirmation_path, flash: { error: 'You need to confirm your account to do that.' }
|
||||||
|
else
|
||||||
|
render json: {message:msg}, status: :unauthorized
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,14 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
#
|
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
|
||||||
|
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
|
||||||
class DirectUploadsController < ActiveStorage::DirectUploadsController
|
class DirectUploadsController < ActiveStorage::DirectUploadsController
|
||||||
include Controllers::Nonprofit::Authorization
|
include Controllers::Nonprofit::Authorization
|
||||||
skip_before_action :verify_authenticity_token, only: [:create]
|
skip_before_action :verify_authenticity_token, only: [:create]
|
||||||
before_action do
|
before_action :authenticate_user_with_json!
|
||||||
authenticate_user!("You must be logged in to use this", :json)
|
|
||||||
|
private
|
||||||
|
def authenticate_confirmed_user_with_json!
|
||||||
|
authenticate_confirmed_user!("You must be logged in to use this", :json)
|
||||||
end
|
end
|
||||||
end
|
end
|
Loading…
Reference in a new issue