Require authorization for direct uploads

Respond with 403 to JSON requests that are unauthorized, instead of
redirecting.
This commit is contained in:
Rosa Gutierrez
2025-12-22 21:05:55 +01:00
committed by Rosa Gutierrez
parent 43dd149ff2
commit 3fcf5a9d08
3 changed files with 27 additions and 7 deletions
+6 -1
View File
@@ -26,7 +26,12 @@ module Authorization
end
def ensure_can_access_account
redirect_to session_menu_path(script_name: nil) if Current.user.blank? || !Current.user.active?
if Current.user.blank? || !Current.user.active?
respond_to do |format|
format.html { redirect_to session_menu_path(script_name: nil) }
format.json { head :forbidden }
end
end
end
def redirect_existing_user