scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-09-21 07:26:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Properly set warden session in asset syncs controller [SCI-10637]

Browse source
This commit is contained in:
Martin Artnik 2024-04-15 10:29:28 +02:00
parent 9a48d635b7
commit 83477a461a
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/asset_sync_controller.rb
View file

@ -117,7 +117,8 @@ class AssetSyncController < ApplicationController
render_error(:unauthorized) and return unless @asset_sync_token&.token_valid?
@asset = @asset_sync_token.asset
@current_user = @asset_sync_token.user
sign_in(@asset_sync_token.user)
render_error(:forbidden, @asset.file.filename) and return unless can_manage_asset?(@asset)
end