From cbc407111efe1ea7c0adf6f7b5e03044af5b115c Mon Sep 17 00:00:00 2001 From: Ahmad Farhat <ahmad.af.farhat@gmail.com> Date: Mon, 6 Jun 2022 14:15:26 -0400 Subject: [PATCH] Secure room settings (#3508) --- app/controllers/rooms_controller.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/controllers/rooms_controller.rb b/app/controllers/rooms_controller.rb index a2741d29..934eab05 100644 --- a/app/controllers/rooms_controller.rb +++ b/app/controllers/rooms_controller.rb @@ -27,7 +27,8 @@ class RoomsController < ApplicationController unless: -> { !Rails.configuration.enable_email_verification } before_action :find_room, except: [:create, :join_specific_room, :cant_create_rooms] before_action :verify_room_ownership_or_admin_or_shared, only: [:start, :shared_access] - before_action :verify_room_ownership_or_admin, only: [:update_settings, :destroy, :preupload_presentation, :remove_presentation] + before_action :verify_room_ownership_or_admin, + only: [:room_settings, :update_settings, :destroy, :preupload_presentation, :remove_presentation] before_action :verify_room_ownership_or_shared, only: [:remove_shared_access] before_action :verify_room_owner_verified, only: [:show, :join], unless: -> { !Rails.configuration.enable_email_verification } -- GitLab