From 1de25effb52ec4d491d7535d49c6bbb6d4df4eec Mon Sep 17 00:00:00 2001
From: Matthew Dillon <mrdillon@alaska.edu>
Date: Tue, 13 Oct 2015 08:47:22 -0700
Subject: [PATCH] Keep non-admins out of user profiles

Fixes #16.
---
 app/pods/protected/users/show/route.js | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/app/pods/protected/users/show/route.js b/app/pods/protected/users/show/route.js
index bc22dc0..1830dc1 100644
--- a/app/pods/protected/users/show/route.js
+++ b/app/pods/protected/users/show/route.js
@@ -1,6 +1,18 @@
 import Ember from 'ember';
 
 export default Ember.Route.extend({
+  beforeModel: function(transition) {
+    this._super(transition);
+
+    if (this.get('session.currentUser.role') !== 'A') {
+      let user_id = transition.params['protected.users.show'].user_id;
+      let currentUser_id = this.get('session.currentUser.id')
+      if (currentUser_id !== user_id) {
+        this.transitionTo('protected.users.show', currentUser_id);
+      }
+    }
+  },
+
   model: function(params) {
     return this.store.findRecord('user', params.user_id, { reload: true });
   },