Commit 9605c96b2d4418ac1b688ec124c1634139fa8d25
1 parent
6532f818
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
Forbid edition of raw html blocks for regular users
Showing
1 changed file
with
6 additions
and
2 deletions
Show diff stats
app/controllers/box_organizer_controller.rb
| @@ -83,8 +83,12 @@ class BoxOrganizerController < ApplicationController | @@ -83,8 +83,12 @@ class BoxOrganizerController < ApplicationController | ||
| 83 | 83 | ||
| 84 | def save | 84 | def save |
| 85 | @block = boxes_holder.blocks.find(params[:id]) | 85 | @block = boxes_holder.blocks.find(params[:id]) |
| 86 | - @block.update_attributes(params[:block]) | ||
| 87 | - redirect_to :action => 'index' | 86 | + if @block.kind_of?(RawHTMLBlock) && !user.is_admin?(environment) |
| 87 | + render_access_denied | ||
| 88 | + else | ||
| 89 | + @block.update_attributes(params[:block]) | ||
| 90 | + redirect_to :action => 'index' | ||
| 91 | + end | ||
| 88 | end | 92 | end |
| 89 | 93 | ||
| 90 | def boxes_editor? | 94 | def boxes_editor? |