Forbid edition of raw html blocks for regular users

Victor Costa
1 parent 6532f818
Showing 1 changed file with 6 additions and 2 deletions Show diff stats
app/controllers/box_organizer_controller.rb
@@ -83,8 +83,12 @@ class BoxOrganizerController &lt; ApplicationController
  
   def save
     @block = boxes_holder.blocks.find(params[:id])
-    @block.update_attributes(params[:block])
-    redirect_to :action => 'index'
+    if @block.kind_of?(RawHTMLBlock) && !user.is_admin?(environment)
+      render_access_denied
+    else
+      @block.update_attributes(params[:block])
+      redirect_to :action => 'index'
+    end
   end
  
   def boxes_editor?
...	...	@@ -83,8 +83,12 @@ class BoxOrganizerController < ApplicationController
83	83
84	84	def save
85	85	@block = boxes_holder.blocks.find(params[:id])
86		- @block.update_attributes(params[:block])
87		- redirect_to :action => 'index'
	86	+ if @block.kind_of?(RawHTMLBlock) && !user.is_admin?(environment)
	87	+ render_access_denied
	88	+ else
	89	+ @block.update_attributes(params[:block])
	90	+ redirect_to :action => 'index'
	91	+ end
88	92	end
89	93
90	94	def boxes_editor?
...	...