Don't allow characters to look at another character's items

author: David Gay <david@davidgay.org> 2021-06-13 21:15:47 -0400
committer: David Gay <david@davidgay.org> 2021-06-13 21:15:47 -0400
commit: 18c2378d06d5f9323e50eead92b3cf7dc61917b5 (patch)
tree: d6bb01644c01fe1a12d3654a28e0c8ed11c2c8d9 /app/controllers/characters
parent: 387c61348b24777e42b2ecc78c578cc4328f8eec (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/app/controllers/characters/items_controller.rb b/app/controllers/characters/items_controller.rb
index 470e21c..e38b69a 100644
--- a/app/controllers/characters/items_controller.rb
+++ b/app/controllers/characters/items_controller.rb
@@ -1,6 +1,7 @@
 class Characters::ItemsController < ApplicationController
+  before_action :set_character, only: :index
+
   def index
-    @character = Character.find(params[:character_id])
   end
 
   def equip
@@ -66,4 +67,13 @@ class Characters::ItemsController < ApplicationController
       redirect_to character_items_path(current_char)
     end
   end
+
+  private
+    def set_character
+      @character = Character.find(params[:character_id])
+      unless current_char == @character
+        flash[:alert] = "You can only look at your own items."
+        redirect_to character_path(@character)
+      end
+    end
 end
author	David Gay <david@davidgay.org>	2021-06-13 21:15:47 -0400
committer	David Gay <david@davidgay.org>	2021-06-13 21:15:47 -0400
commit	18c2378d06d5f9323e50eead92b3cf7dc61917b5 (patch)
tree	d6bb01644c01fe1a12d3654a28e0c8ed11c2c8d9 /app/controllers/characters
parent	387c61348b24777e42b2ecc78c578cc4328f8eec (diff)