Modified: trunk/app/controllers/networks_controller.rb (3338 => 3339)
--- trunk/app/controllers/networks_controller.rb 2013-01-23 13:46:22 UTC (rev 3338)
+++ trunk/app/controllers/networks_controller.rb 2013-01-23 14:24:06 UTC (rev 3339)
@@ -505,9 +505,12 @@
def find_network_auth_owner
begin
- @network = Network.find(params[:id], :conditions => ["networks.user_id = ?", current_user.id], :include => [ :owner, :memberships ])
+ @network = Network.find(params[:id], :include => [ :owner, :memberships ])
+ unless @network.owner == current_user || current_user.admin?
+ error("Group not found (id not authorized)", "is invalid (not group administrator)")
+ end
rescue ActiveRecord::RecordNotFound
- error("Group not found (id not authorized)", "is invalid (not group adminsitrator)")
+ error("Group not found (id not authorized)", "is invalid (not group administrator)")
end
end
Modified: trunk/app/views/networks/show.rhtml (3338 => 3339)
--- trunk/app/views/networks/show.rhtml 2013-01-23 13:46:22 UTC (rev 3338)
+++ trunk/app/views/networks/show.rhtml 2013-01-23 14:24:06 UTC (rev 3339)
@@ -30,6 +30,8 @@
<% end %>
<% if mine? @network %>
<li><%= icon('edit', edit_network_path(@network), 'Edit', nil, 'Edit Group') %></li>
+ <% end %>
+ <% if mine?(@network) || current_user.admin? %>
<li><%= icon('destroy', network_path(@network), 'Delete Group', { :confirm => 'Are you sure?', :method => :delete }, 'Delete Group') %></li>
<% end %>
<% end %>