scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-02-28 17:54:16 +08:00
Code Issues Projects Releases Packages Wiki Activity

Remove skip asset permission check for wopi creation

Browse source
This commit is contained in:
aignatov-bio 2020-11-12 13:21:47 +01:00
parent 09f7b7c750
commit 45efc9a43a
2 changed files with 4 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/assets_controller.rb
View file

@ -17,7 +17,7 @@ class AssetsController < ApplicationController
helper_method :wopi_file_edit_button_status
before_action :load_vars, except: :create_wopi_file
before_action :check_read_permission, except: %i(edit destroy)
before_action :check_read_permission, except: %i(edit destroy create_wopi_file)
before_action :check_edit_permission, only: %i(edit destroy)
def file_preview
@ -204,11 +204,11 @@ class AssetsController < ApplicationController
end
def check_read_permission
render_403 unless can_read_asset?(@asset)
render_403 and return unless can_read_asset?(@asset)
end
def check_edit_permission
render_403 unless can_manage_asset?(@asset)
render_403 and return unless can_manage_asset?(@asset)
end
def append_wd_params(url)

4
app/controllers/wopi_controller.rb
View file

@ -1,6 +1,4 @@
# frozen_string_literal: true
class WopiController < ApplicationController
class WopiController < ActionController::Base
include WopiUtil
skip_before_action :verify_authenticity_token