Commit 3fe7f31a authored by Bob Van Landuyt's avatar Bob Van Landuyt

Use `GroupFinder` to check if a user can read a group

parent deb45634
......@@ -60,12 +60,14 @@ class GroupsController < Groups::ApplicationController
def children
parent = if params[:parent_id].present?
Group.find(params[:parent_id])
GroupFinder.new(current_user).execute(id: params[:parent_id])
else
@group
end
if parent.nil? || !can?(current_user, :read_group, parent)
if parent.nil?
render_404
return
end
setup_children(parent)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment