d84184b5f1
There was a regression in 6d6d00b; `before_filter :voter_only` was a no-op in the post vote controller because it merely returned false, which does not halt the request. The fix is to arrange for a voter_only method to be defined that properly redirects to the access denied page.
18 lines
343 B
Ruby
18 lines
343 B
Ruby
class PostVotesController < ApplicationController
|
|
before_filter :voter_only
|
|
|
|
def create
|
|
@post = Post.find(params[:post_id])
|
|
@post.vote!(params[:score])
|
|
rescue PostVote::Error => x
|
|
@error = x
|
|
end
|
|
|
|
def destroy
|
|
@post = Post.find(params[:post_id])
|
|
@post.unvote!
|
|
rescue PostVote::Error => x
|
|
@error = x
|
|
end
|
|
end
|