Add new category_edit restriction for viewing body admin.

author: Matthew Somerville <matthew-github@dracos.co.uk> 2016-09-08 13:53:16 +0100
committer: Matthew Somerville <matthew-github@dracos.co.uk> 2016-09-09 16:36:06 +0100
commit: a86124e579dd23d04a3539358cc3b9c77f474b11 (patch)
tree: 62b235e8d7042c38bd3794e9d5c695bcbcd37b1e /perllib/FixMyStreet/App/Controller/Admin.pm
parent: b09ed851c874ac9abd8fb94d9ef995e828a628da (diff)
1 files changed, 9 insertions, 3 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm
index 1f07aae82..b643c9633 100644
--- a/perllib/FixMyStreet/App/Controller/Admin.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin.pm
@@ -219,8 +219,11 @@ sub bodies : Path('bodies') : Args(0) {
     my ( $self, $c ) = @_;
 
     if (my $body_id = $c->get_param('body')) {
-        $c->res->redirect( $c->uri_for( 'body', $body_id ) );
-        return;
+        return $c->res->redirect( $c->uri_for( 'body', $body_id ) );
+    }
+
+    if (!$c->user->is_superuser && $c->user->from_body && $c->cobrand->moniker ne 'zurich') {
+        return $c->res->redirect( $c->uri_for( 'body', $c->user->from_body->id ) );
     }
 
     $c->forward( '/auth/get_csrf_token' );
@@ -298,7 +301,10 @@ sub body : Path('body') : Args(1) {
 
     $c->stash->{body_id} = $body_id;
 
-    $c->forward( 'check_for_super_user' );
+    unless ($c->user->has_permission_to('category_edit', $body_id)) {
+        $c->forward('check_for_super_user');
+    }
+
     $c->forward( '/auth/get_csrf_token' );
     $c->forward( 'lookup_body' );
     $c->forward( 'fetch_all_bodies' );
author	Matthew Somerville <matthew-github@dracos.co.uk>	2016-09-08 13:53:16 +0100
committer	Matthew Somerville <matthew-github@dracos.co.uk>	2016-09-09 16:36:06 +0100
commit	a86124e579dd23d04a3539358cc3b9c77f474b11 (patch)
tree	62b235e8d7042c38bd3794e9d5c695bcbcd37b1e /perllib/FixMyStreet/App/Controller/Admin.pm
parent	b09ed851c874ac9abd8fb94d9ef995e828a628da (diff)