zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-08-05 01:11:43 +02:00
Code Issues Projects Releases Packages Wiki Activity

Own contacts can be deleted without password

Browse source
This commit is contained in:
Priit Tark 2015-05-04 11:27:14 +03:00
parent 670df629b4
commit 8cc03774ff
3 changed files with 43 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/models/ability.rb
View file

@ -37,7 +37,7 @@ class Ability
can(:check, Epp::Contact)
can(:create, Epp::Contact)
can(:update, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id && c.auth_info == pw }
can(:delete, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id && c.auth_info == pw }
can(:delete, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
can(:renew, Epp::Contact)
can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
end