Keep non-admins out of user profiles

Fixes #16.
This commit is contained in:
Matthew Dillon 2015-10-13 08:47:22 -07:00
parent 4a54813440
commit 1de25effb5

View file

@ -1,6 +1,18 @@
import Ember from 'ember';
export default Ember.Route.extend({
beforeModel: function(transition) {
this._super(transition);
if (this.get('session.currentUser.role') !== 'A') {
let user_id = transition.params['protected.users.show'].user_id;
let currentUser_id = this.get('session.currentUser.id')
if (currentUser_id !== user_id) {
this.transitionTo('protected.users.show', currentUser_id);
}
}
},
model: function(params) {
return this.store.findRecord('user', params.user_id, { reload: true });
},