diff options
| author | hukl <contact@smyck.org> | 2009-11-03 20:16:40 +0100 |
|---|---|---|
| committer | hukl <contact@smyck.org> | 2009-11-03 20:16:40 +0100 |
| commit | 0c186fe46bbd5fa0b09ea9025c0d6ed256d8d11d (patch) | |
| tree | 963a74ebada9e1479656a03d644683a2f6929991 /app/controllers/users_controller.rb | |
| parent | 3b35b3a0bba7991a243eb794303b838ae90bb69c (diff) | |
Prevent regular users from promoting themselves to admins
Diffstat (limited to 'app/controllers/users_controller.rb')
| -rw-r--r-- | app/controllers/users_controller.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index eb1cd4c..87df678 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb | |||
| @@ -33,6 +33,7 @@ class UsersController < ApplicationController | |||
| 33 | end | 33 | end |
| 34 | 34 | ||
| 35 | def update | 35 | def update |
| 36 | params[:user].delete(:admin) unless current_user.is_admin? | ||
| 36 | if @user.update_attributes(params[:user]) | 37 | if @user.update_attributes(params[:user]) |
| 37 | flash[:notice] = "Updated user #{@user.login}" | 38 | flash[:notice] = "Updated user #{@user.login}" |
| 38 | redirect_to user_path(@user) | 39 | redirect_to user_path(@user) |
