From b9a280f0771dd671f2eac3b7d23b988b0e764153 Mon Sep 17 00:00:00 2001
From: mr <mr@mrautenberg.de>
Date: Tue, 4 Oct 2011 14:22:25 +0200
Subject: more secure

---
 views/model.haml      | 2 +-
 views/model_name.haml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/views/model.haml b/views/model.haml
index 51a7498..e88f9b4 100644
--- a/views/model.haml
+++ b/views/model.haml
@@ -27,7 +27,7 @@
             %div{:id => "model_#{model.id}_progress", :class => "model_progress", :title => "#{percentage_completed}%"}
               //= haml :model_progress, :locals=>{:percentage_completed=>percentage_completed}, :layout => false
 
-        - if is_authorized(model.web_uri, "DELETE")
+        - if is_authorized(model.web_uri, "DELETE") && is_aluist
           %a{:href => url_for("/model/#{model.id}"), :id => "delete_#{model.id}", :class => 'delete_link'}
             - if model.status =~ /Completed|Error|Cancelled/ 
               &nbsp;(delete)
diff --git a/views/model_name.haml b/views/model_name.haml
index 19819f4..b83868e 100644
--- a/views/model_name.haml
+++ b/views/model_name.haml
@@ -5,7 +5,7 @@
   });
 %h2
   = model.name
-  - if is_authorized(model.web_uri, "PUT")
+  - if is_authorized(model.web_uri, "PUT") && is_aluist
     %span{:class => "edit_button"}
       (
       %a{:href => url_for("/model/#{model.id}/name?mode=edit"), :id => "edit_#{model.id}"} edit
-- 
cgit v1.2.3