From 1de25effb52ec4d491d7535d49c6bbb6d4df4eec Mon Sep 17 00:00:00 2001
From: Matthew Dillon <mrdillon@alaska.edu>
Date: Tue, 13 Oct 2015 08:47:22 -0700
Subject: [PATCH 1/3] Keep non-admins out of user profiles

Fixes #16.
---
 app/pods/protected/users/show/route.js | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/app/pods/protected/users/show/route.js b/app/pods/protected/users/show/route.js
index bc22dc0..1830dc1 100644
--- a/app/pods/protected/users/show/route.js
+++ b/app/pods/protected/users/show/route.js
@@ -1,6 +1,18 @@
 import Ember from 'ember';
 
 export default Ember.Route.extend({
+  beforeModel: function(transition) {
+    this._super(transition);
+
+    if (this.get('session.currentUser.role') !== 'A') {
+      let user_id = transition.params['protected.users.show'].user_id;
+      let currentUser_id = this.get('session.currentUser.id')
+      if (currentUser_id !== user_id) {
+        this.transitionTo('protected.users.show', currentUser_id);
+      }
+    }
+  },
+
   model: function(params) {
     return this.store.findRecord('user', params.user_id, { reload: true });
   },

From 45eca0227c160c2b80e18b8c80a52466209fb7c1 Mon Sep 17 00:00:00 2001
From: Matthew Dillon <mrdillon@alaska.edu>
Date: Tue, 13 Oct 2015 10:31:47 -0700
Subject: [PATCH 2/3] Tweak custom session

---
 app/initializers/custom-session.js | 18 ++----------------
 app/sessions/custom.js             | 12 ++++++++++++
 2 files changed, 14 insertions(+), 16 deletions(-)
 create mode 100644 app/sessions/custom.js

diff --git a/app/initializers/custom-session.js b/app/initializers/custom-session.js
index a4b66b9..08d48b8 100644
--- a/app/initializers/custom-session.js
+++ b/app/initializers/custom-session.js
@@ -1,25 +1,11 @@
-import Session from 'simple-auth/session';
-import parseBase64 from '../utils/parse-base64';
 import Ember from 'ember';
 
-var CustomSession = Session.extend({
-  currentUser: function() {
-    let token = this.get('secure.token');
-    if (!Ember.isEmpty(token)) {
-      let t = parseBase64(token);
-      return this.container.lookup('service:store').find('user', t['sub']);
-    }
-    return null;
-  }.property('secure.token'),
-
-});
-
 export function initialize(container, application) {
-  application.register('session:custom', CustomSession);
+  application.inject('session:custom', '_store', 'service:store');
 }
 
 export default {
   name: 'custom-session',
-  before: 'simple-auth',
+  after: 'ember-data',
   initialize: initialize
 };
diff --git a/app/sessions/custom.js b/app/sessions/custom.js
new file mode 100644
index 0000000..e5a8385
--- /dev/null
+++ b/app/sessions/custom.js
@@ -0,0 +1,12 @@
+import Session from 'simple-auth/session';
+import parseBase64 from '../utils/parse-base64';
+
+export default Session.extend({
+  currentUser: function() {
+    let token = this.get('secure.token');
+    if (token && this.get('isAuthenticated')) {
+      let t = parseBase64(token);
+      return this._store.findRecord('user', t['sub']);
+    }
+  }.property('secure.token', 'isAuthenticated')
+});

From be1b58a380740bbd9916b2428135e0984caf5a11 Mon Sep 17 00:00:00 2001
From: Matthew Dillon <mrdillon@alaska.edu>
Date: Tue, 13 Oct 2015 10:32:25 -0700
Subject: [PATCH 3/3] Need to wait for currentUser promise
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Also, add ‘id’ to password change payload
---
 app/pods/protected/users/changepassword/controller.js | 1 +
 app/pods/protected/users/show/route.js                | 9 ++++-----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/pods/protected/users/changepassword/controller.js b/app/pods/protected/users/changepassword/controller.js
index a157605..94ce219 100644
--- a/app/pods/protected/users/changepassword/controller.js
+++ b/app/pods/protected/users/changepassword/controller.js
@@ -16,6 +16,7 @@ export default Ember.Controller.extend({
       let options = {
         method: 'POST',
         data: {
+          id: this.get('session.currentUser.id'),
           password: this.get('password'),
         },
       };
diff --git a/app/pods/protected/users/show/route.js b/app/pods/protected/users/show/route.js
index 1830dc1..e812128 100644
--- a/app/pods/protected/users/show/route.js
+++ b/app/pods/protected/users/show/route.js
@@ -4,13 +4,12 @@ export default Ember.Route.extend({
   beforeModel: function(transition) {
     this._super(transition);
 
-    if (this.get('session.currentUser.role') !== 'A') {
+    this.get('session.currentUser').then((currentUser) => {
       let user_id = transition.params['protected.users.show'].user_id;
-      let currentUser_id = this.get('session.currentUser.id')
-      if (currentUser_id !== user_id) {
-        this.transitionTo('protected.users.show', currentUser_id);
+      if (!currentUser.get('isAdmin') && currentUser.get('id') !== user_id) {
+        this.transitionTo('protected.users.index');
       }
-    }
+    })
   },
 
   model: function(params) {