Enforce permissions on leagues and teams actions.

AFDC · Sep 15, 2024 · 33074a6 · 33074a6
1 parent 273d796
commit 33074a6
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/app/controllers/leagues_controller.rb b/app/controllers/leagues_controller.rb
@@ -1,7 +1,8 @@
 class LeaguesController < ApplicationController
     before_filter :load_league_from_params, except: [:index, :new, :create]
     before_filter :initialize_roster_csv, only: [:manage_roster, :upload_roster, :setup_roster_import, :import_roster]
-    filter_access_to [:update_invites], attribute_check: true
+    filter_access_to :index
+    filter_access_to :all, attribute_check: true
 
     def index
     end

diff --git a/app/controllers/teams_controller.rb b/app/controllers/teams_controller.rb
@@ -1,7 +1,7 @@
 class TeamsController < ApplicationController
-	filter_access_to [:edit_avatar, :update_avatar, :destroy_avatar], :attribute_check => true
 	before_filter :load_team_from_params, only: [:show, :edit, :update]
 	before_filter :load_league_from_params, only: [:new, :create]
+	filter_access_to [:edit_avatar, :update_avatar, :destroy_avatar], :attribute_check => true
 
 	def index
 		@team_list = []