summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorerdgeist <erdgeist@erdgeist.org>2026-06-29 21:35:09 +0200
committererdgeist <erdgeist@erdgeist.org>2026-06-30 19:21:16 +0200
commitebad58c71661b62ec62f7e77ec977bda2b5bc0a3 (patch)
tree9bbeb926dde4b8cbca62caeafc2464d37ad83d47 /app
parent3bb2271850bab577f35291a174b1985aea2b2b55 (diff)
Permit :admin in params only for admins
Diffstat (limited to 'app')
-rw-r--r--app/controllers/users_controller.rb4
1 files changed, 3 insertions, 1 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 98fd534..f01691f 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -55,7 +55,9 @@ class UsersController < ApplicationController
55 private 55 private
56 56
57 def user_params 57 def user_params
58 params.fetch(:user, {}).permit(:login, :email, :password, :password_confirmation, :admin) 58 allowed = [:login, :email, :password, :password_confirmation]
59 allowed << :admin if current_user.admin?
60 params.fetch(:user, {}).permit(allowed)
59 end 61 end
60 62
61 def find_user 63 def find_user