Skip to content

Commit

Permalink
Mod: in_place_edit 调用的Ajax API加入权限限制
Browse files Browse the repository at this point in the history
  • Loading branch information
huacnlee committed Apr 2, 2011
1 parent 61c149f commit 91e984f
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions app/controllers/home_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,13 @@ def muted
def update_in_place
# TODO: Here need to chack permission
klass, field, id = params[:id].split('__')
puts params[:id]

# 验证权限,用户是否有修改制定信息的权限
case klass
when "user" then return if current_user.id.to_s != id
end

object = klass.camelize.constantize.find(id)
if object.update_attributes(field => params[:value])
render :text => object.send(field).to_s
Expand Down

0 comments on commit 91e984f

Please sign in to comment.