Get rid of custom CSRF protection for user role changes
authorTom Hughes <tom@compton.nu>
Tue, 20 Mar 2012 16:22:07 +0000 (16:22 +0000)
committerTom Hughes <tom@compton.nu>
Tue, 20 Mar 2012 17:21:13 +0000 (17:21 +0000)
commit5f33656c8d6725969ac63dbfe038633ad0e4352f
tree2fa73dfe186f8badb2b2baeb4be1bdf7ddedb4bd
parent0b87b003ee01bc7be53faa1ec994e52fa1074533
Get rid of custom CSRF protection for user role changes

By restricting role changes to POST requests, which they should be
anyway, we get all the rails CSRF protection for free.
app/controllers/user_roles_controller.rb
app/views/user/view.html.erb
app/views/user_roles/grant.html.erb [deleted file]
app/views/user_roles/revoke.html.erb [deleted file]
config/routes.rb
db/structure.sql
test/functional/user_roles_controller_test.rb
test/integration/user_roles_test.rb