projects
/
rails.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
2e2189e
)
Only allow users to read their own messages.
author
Tom Hughes
<tom@compton.nu>
Wed, 22 Aug 2007 07:38:50 +0000
(07:38 +0000)
committer
Tom Hughes
<tom@compton.nu>
Wed, 22 Aug 2007 07:38:50 +0000
(07:38 +0000)
app/controllers/message_controller.rb
patch
|
blob
|
history
diff --git
a/app/controllers/message_controller.rb
b/app/controllers/message_controller.rb
index 9b678e274aa06b526471811cd56c7a5d39847c2e..d8689c28a0fe7b2925929dcd5abb2bff9c32659e 100644
(file)
--- a/
app/controllers/message_controller.rb
+++ b/
app/controllers/message_controller.rb
@@
-29,12
+29,11
@@
class MessageController < ApplicationController
def read
@title = 'read message'
- if params[:message_id]
- id = params[:message_id]
- @message = Message.find_by_id(id)
- @message.message_read = 1
- @message.save
- end
+ @message = Message.find(params[:message_id], :conditions => ["to_user_id = ?", @user.id])
+ @message.message_read = 1
+ @message.save
+ rescue ActiveRecord::RecordNotFound
+ render :none, :status => :not_found
end
def inbox