Skip to content

Commit 2b5efd2

Browse files
committed
BUGZZZ
1 parent bec130c commit 2b5efd2

4 files changed

Lines changed: 5 additions & 5 deletions

File tree

app/controllers/admin/faculties_controller.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ def show
3030
end
3131

3232
def missing_rmp_ids
33+
authorize Faculty, :missing_rmp_ids?
3334
@faculties = policy_scope(Faculty).with_courses.where(rmp_id: nil).order(:last_name, :first_name)
3435

3536
if params[:search].present?

app/controllers/errors_controller.rb

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
# frozen_string_literal: true
22

33
class ErrorsController < ApplicationController
4+
layout false
5+
46
def unauthorized
57
render status: :forbidden
68
end

app/views/layouts/admin.html.erb

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@
33
<head>
44
<meta charset="utf-8">
55
<meta name="viewport" content="width=device-width, initial-scale=1">
6-
<meta name="csrf-token" content="<%= form_authenticity_token %>">
76
<title><%= content_for(:title) { "Admin" } %> — WIT Calendar</title>
87
<%= csrf_meta_tags %>
98
<%= csp_meta_tag %>

config/initializers/rack_attack.rb

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -112,14 +112,12 @@ class Rack::Attack
112112
# ===========================================================================
113113

114114
throttle("admin/session", limit: 1000, period: 5.minutes) do |req|
115-
if req.path.start_with?("/admin")
116-
req.session[:session_id] || req.cookies["_session_id"]
117-
end
115+
req.cookies["_calendar_session"] if req.path.start_with?("/admin")
118116
end
119117

120118
throttle("admin/destructive", limit: 100, period: 1.minute) do |req|
121119
if req.path.start_with?("/admin") && (req.delete? || req.path.include?("revoke") || req.path.include?("destroy"))
122-
req.session[:session_id] || req.cookies["_session_id"]
120+
req.cookies["_calendar_session"]
123121
end
124122
end
125123

0 commit comments

Comments
 (0)