From 18c2378d06d5f9323e50eead92b3cf7dc61917b5 Mon Sep 17 00:00:00 2001
From: David Gay <david@davidgay.org>
Date: Sun, 13 Jun 2021 21:15:47 -0400
Subject: Don't allow characters to look at another character's items

---
 app/controllers/characters/items_controller.rb | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/characters/items_controller.rb b/app/controllers/characters/items_controller.rb
index 470e21c..e38b69a 100644
--- a/app/controllers/characters/items_controller.rb
+++ b/app/controllers/characters/items_controller.rb
@@ -1,6 +1,7 @@
 class Characters::ItemsController < ApplicationController
+  before_action :set_character, only: :index
+
   def index
-    @character = Character.find(params[:character_id])
   end
 
   def equip
@@ -66,4 +67,13 @@ class Characters::ItemsController < ApplicationController
       redirect_to character_items_path(current_char)
     end
   end
+
+  private
+    def set_character
+      @character = Character.find(params[:character_id])
+      unless current_char == @character
+        flash[:alert] = "You can only look at your own items."
+        redirect_to character_path(@character)
+      end
+    end
 end
-- 
cgit v1.2.3