From 0c186fe46bbd5fa0b09ea9025c0d6ed256d8d11d Mon Sep 17 00:00:00 2001 From: hukl Date: Tue, 3 Nov 2009 20:16:40 +0100 Subject: Prevent regular users from promoting themselves to admins --- app/controllers/users_controller.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'app/controllers') diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index eb1cd4c..87df678 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -33,6 +33,7 @@ class UsersController < ApplicationController end def update + params[:user].delete(:admin) unless current_user.is_admin? if @user.update_attributes(params[:user]) flash[:notice] = "Updated user #{@user.login}" redirect_to user_path(@user) -- cgit v1.3