diff options
author | Louise Crow <louise.crow@gmail.com> | 2014-11-07 16:19:19 +0000 |
---|---|---|
committer | Louise Crow <louise.crow@gmail.com> | 2014-12-18 14:03:50 +0000 |
commit | 8c33668e81cf47b5b858c93c307de04e8683fc7c (patch) | |
tree | b9ef39edc6c4080bf1005d5bc1c88b7b4efe416e /app | |
parent | 45caf256135181997e5ab12eb06ce5d07cbe2545 (diff) |
Make clearing a profile photo a post-restricted action
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/admin_user_controller.rb | 4 | ||||
-rw-r--r-- | app/views/admin_user/show.html.erb | 2 |
2 files changed, 1 insertions, 5 deletions
diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb index 6031c816b..bbb5d002a 100644 --- a/app/controllers/admin_user_controller.rb +++ b/app/controllers/admin_user_controller.rb @@ -83,10 +83,6 @@ class AdminUserController < AdminController def clear_profile_photo @admin_user = User.find(params[:id]) - if !request.post? - raise "Can only clear profile photo from POST request" - end - if @admin_user.profile_photo @admin_user.profile_photo.destroy end diff --git a/app/views/admin_user/show.html.erb b/app/views/admin_user/show.html.erb index 3846bc173..1e7d885c5 100644 --- a/app/views/admin_user/show.html.erb +++ b/app/views/admin_user/show.html.erb @@ -4,7 +4,7 @@ <% if @admin_user.profile_photo %> <div class="user_photo_on_admin"> - <%= form_tag admin_clear_profile_photo_path(@admin_user), :multipart => true, :class => "form" do %> + <%= form_tag clear_profile_photo_admin_user_path(@admin_user), :multipart => true, :class => "form" do %> <img src="<%= get_profile_photo_url(:url_name => @admin_user.url_name) %>"> <br> <%= submit_tag "Clear photo", :class => "btn btn-info" %> |