Better protection against spam

This commit is contained in:
echarp 2016-01-26 15:31:03 +01:00
parent 50e7d931c0
commit f980b60145

View File

@ -4,10 +4,8 @@ class OrgasController < ApplicationController
before_action :set_orga, except: [:index, :new, :create]
before_action :set_mailer_host
before_action :authenticate_user!, only: [:edit, :update],
before_action :authenticate_user!, except: [:index, :new, :create, :show],
unless: :check_secret
before_action :authenticate_user!, except: [:index, :new, :create, :show,
:edit, :update]
def index
@search = apply_scopes(Orga).moderated.includes(:kind,
@ -98,6 +96,7 @@ class OrgasController < ApplicationController
# Check that you can only edit an existing event if you know its secret
def check_secret
!@orga.secret || @orga.secret == params[:secret]
!%w(validate refuse).include?(action_name) &&
(!@orga.secret || @orga.secret == params[:secret])
end
end