Use `GroupFinder` to check if a user can read a group

3fe7f31a · Bob Van Landuyt · deb45634 · 3fe7f31a
Commit 3fe7f31a authored Oct 10, 2017 by Bob Van Landuyt
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

app/controllers/groups_controller.rb app/controllers/groups_controller.rb +4 -2

No files found.
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -60,12 +60,14 @@ class GroupsController < Groups::ApplicationController

  def children
    parent = if params[:parent_id].present?
-               Group.find(params[:parent_id])
+               GroupFinder.new(current_user).execute(id: params[:parent_id])
             else
               @group
             end
-    if parent.nil? || !can?(current_user, :read_group, parent)
+
+    if parent.nil?
      render_404
+      return
    end

    setup_children(parent)