supplier client sections working with problematic authentication still active

2020-02-27 15:44:43 -05:00
parent 9e86b18c3e
commit 2149345d3d
33 changed files with 456 additions and 281 deletions
@@ -53,6 +53,7 @@ module Suppliers
    def destroy
      #@product_variant = ProductVariant.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      @product_variant = ProductVariant.find(params[:id])
+      head :forbidden and return unless @product_variant.supplier_id == current_supplier.id
      @product_variant.destroy
      head :no_content
    end