Ensure views only link to those actions allowed for current user

2018-11-30 13:29:04 +01:00
parent d3f67ab4c7
commit 2125fb1c1d
56 changed files with 128 additions and 264 deletions
--- a/app/views/external_users/show.html.slim
+++ b/app/views/external_users/show.html.slim
@@ -5,7 +5,7 @@ h1 = @user.name
 = row(label: 'external_user.consumer', value: link_to(@user.consumer, @user.consumer))
 = row(label: 'external_user.role', value: t("users.roles.#{@user.role}"))

-h4.mt-4 = link_to(t('.exercise_statistics'), statistics_external_user_path(@user))
+h4.mt-4 = link_to(t('.exercise_statistics'), statistics_external_user_path(@user)) if policy(@user).statistics?

 h4.mt-4 = t('.tag_statistics')
 #loading