Merge pull request #360 from ncbo/bugfix/account-settings-access/346

Restore access to account settings page for usernames with @ symbols
ncbo · Nov 20, 2024 · 45b564f · 45b564f
2 parents b8d50c1 + 273eaf9
commit 45b564f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 13 deletions.
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -141,19 +141,10 @@ def unescape_id
   def verify_owner
     return if current_user_admin?
 
-    if session[:user].nil? || (!session[:user].id.eql?(params[:id]) && !session[:user].username.eql?(params[:id]))
-      redirect_to controller: 'login', action: 'index', redirect: "/accounts/#{params[:id]}"
-    end
-  end
+    user = session[:user]
+    return if user&.id == params[:id] || user&.username == params[:id]
 
-  def get_ontology_list(ont_hash)
-    return '' if ont_hash.nil?
-
-    ontologies = []
-    ont_hash.each do |ont, checked|
-      ontologies << ont if checked.to_i == 1
-    end
-    ontologies.join(';')
+    redirect_to login_index_path(redirect: "/accounts/#{params[:id]}")
   end
 
   def validate(params)

diff --git a/config/routes.rb b/config/routes.rb
@@ -11,7 +11,7 @@
 
   resources :projects, constraints: { id: /[^\/]+/ }
 
-  resources :users, path: :accounts, constraints: { id: /[\d\w\.\-\%\+ ]+/ }
+  resources :users, path: :accounts, constraints: { id: /[\d\w\.\-\%\+\@ ]+/ }
 
   resources :mappings do
     member do