aboutsummaryrefslogtreecommitdiffstats
path: root/perllib/FixMyStreet/App/Controller
diff options
context:
space:
mode:
Diffstat (limited to 'perllib/FixMyStreet/App/Controller')
-rw-r--r--perllib/FixMyStreet/App/Controller/Admin.pm7
-rw-r--r--perllib/FixMyStreet/App/Controller/Admin/ResponsePriorities.pm5
-rw-r--r--perllib/FixMyStreet/App/Controller/Offline.pm9
3 files changed, 14 insertions, 7 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm
index 592d37d4e..d8c5cdf6d 100644
--- a/perllib/FixMyStreet/App/Controller/Admin.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin.pm
@@ -1006,10 +1006,9 @@ sub load_template_body : Private {
my ($self, $c, $body_id) = @_;
my $zurich_user = $c->user->from_body && $c->cobrand->moniker eq 'zurich';
- my $has_permission = $c->user->has_body_permission_to('template_edit') &&
- $c->user->from_body->id eq $body_id;
+ my $has_permission = $c->user->has_body_permission_to('template_edit', $body_id);
- unless ( $c->user->is_superuser || $zurich_user || $has_permission ) {
+ unless ( $zurich_user || $has_permission ) {
$c->detach( '/page_error_404_not_found', [] );
}
@@ -1235,7 +1234,7 @@ sub user_edit : Path('user_edit') : Args(1) {
my $user = $c->cobrand->users->find( { id => $id } );
$c->detach( '/page_error_404_not_found', [] ) unless $user;
- unless ( $c->user->is_superuser || $c->user->has_body_permission_to('user_edit') || $c->cobrand->moniker eq 'zurich' ) {
+ unless ( $c->user->has_body_permission_to('user_edit') || $c->cobrand->moniker eq 'zurich' ) {
$c->detach('/page_error_403_access_denied', []);
}
diff --git a/perllib/FixMyStreet/App/Controller/Admin/ResponsePriorities.pm b/perllib/FixMyStreet/App/Controller/Admin/ResponsePriorities.pm
index 032e593c6..a6c13c117 100644
--- a/perllib/FixMyStreet/App/Controller/Admin/ResponsePriorities.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin/ResponsePriorities.pm
@@ -92,10 +92,9 @@ sub edit : Path : Args(2) {
sub load_user_body : Private {
my ($self, $c, $body_id) = @_;
- my $has_permission = $c->user->has_body_permission_to('responsepriority_edit') &&
- $c->user->from_body->id eq $body_id;
+ my $has_permission = $c->user->has_body_permission_to('responsepriority_edit', $body_id);
- unless ( $c->user->is_superuser || $has_permission ) {
+ unless ( $has_permission ) {
$c->detach( '/page_error_404_not_found' );
}
diff --git a/perllib/FixMyStreet/App/Controller/Offline.pm b/perllib/FixMyStreet/App/Controller/Offline.pm
index 9acb33f7e..5f3b69f2e 100644
--- a/perllib/FixMyStreet/App/Controller/Offline.pm
+++ b/perllib/FixMyStreet/App/Controller/Offline.pm
@@ -11,6 +11,7 @@ FixMyStreet::App::Controller::Offline - Catalyst Controller
=head1 DESCRIPTION
Offline pages Catalyst Controller.
+On staging site, appcache only for people who want it.
=head1 METHODS
@@ -18,6 +19,10 @@ Offline pages Catalyst Controller.
sub manifest : Path("/offline/appcache.manifest") {
my ($self, $c) = @_;
+ if (FixMyStreet->staging_flag('enable_appcache', 0)) {
+ $c->response->status(404);
+ $c->response->body('NOT FOUND');
+ }
$c->res->content_type('text/cache-manifest; charset=utf-8');
$c->res->header(Cache_Control => 'no-cache, no-store');
}
@@ -25,6 +30,10 @@ sub manifest : Path("/offline/appcache.manifest") {
sub appcache : Path("/offline/appcache") {
my ($self, $c) = @_;
$c->detach('/page_error_404_not_found', []) if keys %{$c->req->params};
+ if (FixMyStreet->staging_flag('enable_appcache', 0)) {
+ $c->response->status(404);
+ $c->response->body('NOT FOUND');
+ }
}
__PACKAGE__->meta->make_immutable;