Merge pull request #3204 from evazion/fix-3203

Fix #3203: Overly restrictive permissions
2017-07-07 18:59:13 -07:00
parent df33901938 24b2f2bf52
commit 1cc9abc2db
20 changed files with 72 additions and 49 deletions
--- a/app/controllers/artists_controller.rb
+++ b/app/controllers/artists_controller.rb
@@ -1,6 +1,6 @@
 class ArtistsController < ApplicationController
  respond_to :html, :xml, :json
-  before_filter :member_only, :except => [:index, :show, :banned]
+  before_filter :member_only, :except => [:index, :show, :show_or_new, :banned]
  before_filter :builder_only, :only => [:destroy]
  before_filter :admin_only, :only => [:ban, :unban]
  before_filter :load_artist, :only => [:ban, :unban, :show, :edit, :update, :destroy, :undelete]
@@ -93,7 +93,9 @@ class ArtistsController < ApplicationController
    if @artist
      redirect_to artist_path(@artist)
    else
-      redirect_to new_artist_path(:name => params[:name])
+      @artist = Artist.new(name: params[:name])
+      @post_set = PostSets::Artist.new(@artist)
+      respond_with(@artist)
    end
  end