[myexperiment-hackers] [3458] trunk: Fixed permission issue with editing oauth client apps

[noreply]

Revision

3458

Author

fbacall

Date

2013-03-01 15:06:35 +0000 (Fri, 01 Mar 2013)

Log Message

Fixed permission issue with editing oauth client apps

Modified Paths

• trunk/app/controllers/oauth_controller.rb
• trunk/config/routes.rb

Diff

Modified: trunk/app/controllers/oauth_controller.rb (3457 => 3458)

--- trunk/app/controllers/oauth_controller.rb	2013-03-01 10:16:06 UTC (rev 3457)
+++ trunk/app/controllers/oauth_controller.rb	2013-03-01 15:06:35 UTC (rev 3458)
@@ -181,7 +181,7 @@
     end
     begin
       client_app=ClientApplication.find(id)
-      if Authorization.check(action_permissions[action_name], client_app, current_user)
+      if Authorization.check(action_permissions[action_name] || action_name, client_app, current_user)
         @client_application = client_app
       else
         error("Client Application not found (id not authorized)", "is invalid (not authorized)")

Modified: trunk/config/routes.rb (3457 => 3458)

--- trunk/config/routes.rb	2013-03-01 10:16:06 UTC (rev 3457)
+++ trunk/config/routes.rb	2013-03-01 15:06:35 UTC (rev 3458)
@@ -162,7 +162,7 @@
   map.resources :messages, :collection => { :sent => :get, :delete_all_selected => :delete }
 
   # all oauth
-  map.oauth '/oauth',:controller=>'oauth',:action=""
+  map.resources :oauth
   map.authorize '/oauth/authorize',:controller=>'oauth',:action=""
   map.request_token '/oauth/request_token',:controller=>'oauth',:action=""
   map.access_token '/oauth/access_token',:controller=>'oauth',:action=""