diff options
| author | mguetlein <martin.guetlein@gmail.com> | 2011-02-10 15:25:48 +0100 |
|---|---|---|
| committer | mguetlein <martin.guetlein@gmail.com> | 2011-02-10 15:25:48 +0100 |
| commit | 1f6625cffbb49ec93f6b4647ca1d11d01c5d11ea (patch) | |
| tree | 4ee359f191276bb2d56d11557149ac27d11519b1 | |
| parent | 0011577686ede0b2670b7ad791185fef5871fee1 (diff) | |
A&A hack for report svgs
| -rw-r--r-- | lib/helper.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/helper.rb b/lib/helper.rb index 5a2436f..191b932 100644 --- a/lib/helper.rb +++ b/lib/helper.rb @@ -19,6 +19,8 @@ helpers do #Check Authorization for URI with method and subjectid. def authorized?(subjectid) + # hack for reports, address problem as soon as subjectid is not longer allowed as param + return true if request.env['REQUEST_URI'] =~ /validation\/report\/.*svg$/ request_method = request.env['REQUEST_METHOD'] uri = clean_uri("#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}#{request.env['REQUEST_URI']}") request_method = "GET" if request_method == "POST" && uri =~ /\/model\/\d+\/?$/ |