diff options
Diffstat (limited to 'lib/helper.rb')
-rw-r--r-- | lib/helper.rb | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/helper.rb b/lib/helper.rb index 191b932..a1590d7 100644 --- a/lib/helper.rb +++ b/lib/helper.rb @@ -19,8 +19,6 @@ helpers do #Check Authorization for URI with method and subjectid. def authorized?(subjectid) - # hack for reports, address problem as soon as subjectid is not longer allowed as param - return true if request.env['REQUEST_URI'] =~ /validation\/report\/.*svg$/ request_method = request.env['REQUEST_METHOD'] uri = clean_uri("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}") request_method = "GET" if request_method == "POST" && uri =~ /\/model\/\d+\/?$/ @@ -52,6 +50,7 @@ before do subjectid = session[:subjectid] if session[:subjectid] subjectid = params[:subjectid] if params[:subjectid] and !subjectid subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !subjectid + subjectid = request.cookies["subjectid"] unless subjectid # see http://rack.rubyforge.org/doc/SPEC.html subjectid = CGI.unescape(subjectid) if subjectid.include?("%23") @subjectid = subjectid |