bugfix: closes #15

sarahcssiqueira · Oct 2, 2024 · ea03e6c · ea03e6c
1 parent b51f388
commit ea03e6c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -1,6 +1,6 @@
 class UsersController < ApplicationController
   before_action :set_user, only: [ :edit, :update ]
-  before_action :authorize_admin!, only: [ :edit, :update, :destroy ]
+  before_action :authorize_access!, only: [ :edit, :update, :destroy ]
 
   def index
     @user = User.all
@@ -57,6 +57,12 @@ def destroy
     end
   end
 
+  # Logic for authorization
+  def authorize_access!
+      unless current_user.admin? || current_user == @user
+        redirect_to root_path, alert: "You are not authorized to perform this action."
+      end
+  end
 
   private
 

diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
@@ -51,3 +51,4 @@
 <% else %>
     <p>Create account</p>
 <% end %>
+</div>