From 0f0393ecc57d3ceb41a3c01fdcac23a0ab4bd1a8 Mon Sep 17 00:00:00 2001
From: Absurdon <peter@brodkorb-web.de>
Date: Fri, 10 Nov 2017 12:12:03 +0100
Subject: [PATCH] Fixing path to administrate view and added permission checks
 to controller

---
 app/controllers/custom_urls_controller.rb                   | 5 ++++-
 app/views/about/adminpanel.html.erb                         | 1 +
 app/views/{CustomUrls => custom_urls}/administrate.html.erb | 0
 3 files changed, 5 insertions(+), 1 deletion(-)
 rename app/views/{CustomUrls => custom_urls}/administrate.html.erb (100%)

diff --git a/app/controllers/custom_urls_controller.rb b/app/controllers/custom_urls_controller.rb
index b6b1a8d..fc69578 100644
--- a/app/controllers/custom_urls_controller.rb
+++ b/app/controllers/custom_urls_controller.rb
@@ -1,9 +1,10 @@
 class CustomUrlsController < ApplicationController
   def administrate
+    raise AccessError unless cuser && cuser.admin?
   end
 
   def create
-
+    raise AccessError unless request.xhr?
   end
 
   def show
@@ -15,8 +16,10 @@ class CustomUrlsController < ApplicationController
   end
 
   def update
+    raise AccessError unless request.xhr?
   end
 
   def destroy
+    raise AccessError unless request.xhr?
   end
 end
diff --git a/app/views/about/adminpanel.html.erb b/app/views/about/adminpanel.html.erb
index 45035ea..f4b0099 100644
--- a/app/views/about/adminpanel.html.erb
+++ b/app/views/about/adminpanel.html.erb
@@ -18,5 +18,6 @@
     <li><%= link_to "Contests", contests_path %></li>
     <li><%= link_to "Challenges", challenges_path %></li>
     <li><%= link_to "Maps", maps_path %></li>
+    <li><%= link_to "Custom Article URLs", custom_urls_path %></li>
   </ul>
 </div>
diff --git a/app/views/CustomUrls/administrate.html.erb b/app/views/custom_urls/administrate.html.erb
similarity index 100%
rename from app/views/CustomUrls/administrate.html.erb
rename to app/views/custom_urls/administrate.html.erb