diff --git a/app/controllers/account/settings_controller.rb b/app/controllers/account/settings_controller.rb index 29a037ab5..9acebbae4 100644 --- a/app/controllers/account/settings_controller.rb +++ b/app/controllers/account/settings_controller.rb @@ -1,13 +1,16 @@ class Account::SettingsController < ApplicationController - before_action def show @account = Account.sole @users = User.active.alphabetically end def update - Account.sole.update!(account_params) - redirect_to account_settings_path + if Current.user.can_administer? + Account.sole.update!(account_params) + redirect_to account_settings_path + else + head :forbidden + end end private diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 786f80bcf..6c16b1906 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,6 +1,7 @@ class ApplicationController < ActionController::Base include LoadBalancerRouting, WriterAffinity - include Authentication, Authorization + include Authentication + include Authorization include CurrentRequest, CurrentTimezone, SetPlatform include TurboFlash, ViewTransitions diff --git a/app/controllers/concerns/authentication/session_lookup.rb b/app/controllers/concerns/authentication/session_lookup.rb deleted file mode 100644 index b180f217f..000000000 --- a/app/controllers/concerns/authentication/session_lookup.rb +++ /dev/null @@ -1,7 +0,0 @@ -module Authentication::SessionLookup - def find_session_by_cookie - if token = cookies.signed[:session_token] - Session.find_by(token: token) - end - end -end diff --git a/app/controllers/concerns/authorization.rb b/app/controllers/concerns/authorization.rb index 6bb040c33..aca10b5b2 100644 --- a/app/controllers/concerns/authorization.rb +++ b/app/controllers/concerns/authorization.rb @@ -38,18 +38,4 @@ module Authorization def redirect_existing_user redirect_to root_path if Current.user end - - def account_entry_url(membership) - if !ApplicationRecord.tenant_exists?(membership.tenant) - elsif membership.user.blank? - # We are joining an account. This means the user doesn't yet exist and - # we have to create it - new_user_url(script_name: "/#{membership.tenant}", membership: membership.to_signed(for: :user_creation)) - # The user exists, but was deactivated, we want to remove the membership - unlink_membership_url(script_name: nil, membership: membership.to_signed(for: :unlinking)) - else - # Everything is fine, let the user enter the account - root_url(script_name: "/#{membership.tenant}") - end - end end diff --git a/app/controllers/memberships/email_addresses/confirmations_controller.rb b/app/controllers/memberships/email_addresses/confirmations_controller.rb index 962bf78dd..8ad43971f 100644 --- a/app/controllers/memberships/email_addresses/confirmations_controller.rb +++ b/app/controllers/memberships/email_addresses/confirmations_controller.rb @@ -9,10 +9,10 @@ class Memberships::EmailAddresses::ConfirmationsController < ApplicationControll end def create - Membership.change_email_address_using_token(token) + membership = Membership.change_email_address_using_token(token) terminate_session - start_new_session_for @membership.reload.identity + start_new_session_for membership.reload.identity redirect_to edit_user_url(script_name: "/#{@membership.tenant}", id: @membership.user) end diff --git a/app/models/membership/email_address_changeable.rb b/app/models/membership/email_address_changeable.rb index 3b6dbdf84..5ec2b554a 100644 --- a/app/models/membership/email_address_changeable.rb +++ b/app/models/membership/email_address_changeable.rb @@ -19,6 +19,8 @@ module Membership::EmailAddressChangeable new_email_address = parsed_token.params.fetch("new_email_address") membership.change_email_address(new_email_address) end + + membership end end diff --git a/app/views/account/join_codes/edit.html.erb b/app/views/account/join_codes/edit.html.erb index ebac0fa26..c96a4ac82 100644 --- a/app/views/account/join_codes/edit.html.erb +++ b/app/views/account/join_codes/edit.html.erb @@ -1,7 +1,7 @@ <% @page_title = "Change usage limit" %> <% content_for :header do %> - <%= render "filters/menu" %> + <%= render "my/menus/menu" %>