Project

General

Profile

Actions

Patch #9317

open

Admin users should be always authorized when no context is given

Added by Alex Shulgin over 13 years ago. Updated over 11 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Permissions and roles
Target version:
-
Start date:
2011-09-25
Due date:
% Done:

0%

Estimated time:

Description

In a situation where @project might or might not be set by filters before the call to authorize you would need to check for that and either call authorize or authorize_global (otherwise admin user will get '403 You are not authorized to access this page', which is ridiculous).

With this patch applied, a plain before_filter :authorize may be used instead.


Files

Actions

Also available in: Atom PDF