Improve require_admin! and require_staff! filters (#7018)

Previously these returns 302 redirects instead of 403s, which meant posting links to admin pages in slack caused them to unfurl, rather than stay as a link. Additionally, require_admin! doesn't appear to be actively used, on require_staff!
2018-04-03 13:07:32 +02:00 · 2018-04-03 13:07:32 +02:00 · 2e59751823
commit 2e59751823
parent 1c293086a1
3 changed files with 58 additions and 13 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -39,11 +39,11 @@ class ApplicationController < ActionController::Base
  end

  def require_admin!
-    redirect_to root_path unless current_user&.admin?
+    forbidden unless current_user&.admin?
  end

  def require_staff!
-    redirect_to root_path unless current_user&.staff?
+    forbidden unless current_user&.staff?
  end

  def check_suspension