fixes per @mlorb 's request

2025-01-31 20:19:05 +08:00 · 2018-01-24 13:21:53 +01:00 · 2018-01-24 13:21:53 +01:00 · 9b836d04fa
commit 9b836d04fa
parent 259880c441
3 changed files with 3 additions and 3 deletions
--- a/app/controllers/users/invitations_controller.rb
+++ b/app/controllers/users/invitations_controller.rb
@ -192,7 +192,7 @@ module Users
      @role = params['role']

      render_403 if @emails && @emails.empty?
-      render_403 if @team && !can_read_team?(@team)
+      render_403 if @team && !can_manage_team_users?(@team)
      render_403 if @role && !UserTeam.roles.keys.include?(@role)
    end
  end
--- a/app/controllers/users/settings/teams_controller.rb
+++ b/app/controllers/users/settings/teams_controller.rb
@ -147,7 +147,7 @@ module Users

      def load_team
        @team = Team.find_by_id(params[:id])
-        render_403 unless can_read_team?(@team)
+        render_403 unless can_update_team?(@team)
      end

      def create_params
--- a/app/controllers/users/settings/user_teams_controller.rb
+++ b/app/controllers/users/settings/user_teams_controller.rb
@ -150,7 +150,7 @@ module Users
        # Don't allow the user to modify UserTeam-s if he's not admin,
        # unless he/she is modifying his/her UserTeam
        if current_user != @user_t.user &&
-           !can_read_team?(@user_t.team)
+           !can_manage_team_users?(@user_t.team)
          render_403
        end
      end