aboutsummaryrefslogtreecommitdiffstats
path: root/app
diff options
context:
space:
mode:
authorLouise Crow <louise.crow@gmail.com>2014-11-07 16:19:19 +0000
committerLouise Crow <louise.crow@gmail.com>2014-12-18 14:03:50 +0000
commit8c33668e81cf47b5b858c93c307de04e8683fc7c (patch)
treeb9ef39edc6c4080bf1005d5bc1c88b7b4efe416e /app
parent45caf256135181997e5ab12eb06ce5d07cbe2545 (diff)
Make clearing a profile photo a post-restricted action
Diffstat (limited to 'app')
-rw-r--r--app/controllers/admin_user_controller.rb4
-rw-r--r--app/views/admin_user/show.html.erb2
2 files changed, 1 insertions, 5 deletions
diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb
index 6031c816b..bbb5d002a 100644
--- a/app/controllers/admin_user_controller.rb
+++ b/app/controllers/admin_user_controller.rb
@@ -83,10 +83,6 @@ class AdminUserController < AdminController
def clear_profile_photo
@admin_user = User.find(params[:id])
- if !request.post?
- raise "Can only clear profile photo from POST request"
- end
-
if @admin_user.profile_photo
@admin_user.profile_photo.destroy
end
diff --git a/app/views/admin_user/show.html.erb b/app/views/admin_user/show.html.erb
index 3846bc173..1e7d885c5 100644
--- a/app/views/admin_user/show.html.erb
+++ b/app/views/admin_user/show.html.erb
@@ -4,7 +4,7 @@
<% if @admin_user.profile_photo %>
<div class="user_photo_on_admin">
- <%= form_tag admin_clear_profile_photo_path(@admin_user), :multipart => true, :class => "form" do %>
+ <%= form_tag clear_profile_photo_admin_user_path(@admin_user), :multipart => true, :class => "form" do %>
<img src="<%= get_profile_photo_url(:url_name => @admin_user.url_name) %>">
<br>
<%= submit_tag "Clear photo", :class => "btn btn-info" %>