Missed a if block for valid password

amahi · Jun 19, 2014 · c33a270 · c33a270
1 parent f012ecc
commit c33a270
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/app/controllers/webapps_controller.rb b/app/controllers/webapps_controller.rb
@@ -151,10 +151,12 @@ def add_permission
 		@webapp = Webapp.find(params[:webapp_id]) if params[:webapp_id]
 		if (@user && @webapp)
 			check = @user.valid_password?(password)
-			w = WebappAccess.find_or_create(@webapp.id)
-			w.addUser(@user,password)
+			if(check)
+				w = WebappAccess.find_or_create(@webapp.id)
+				w.addUser(@user,password)
+			end
 		end
-		status = check ? "ok" : "notok"
+		@status = check ? "ok" : "notok"
 		@users_allowed = WebappAccess.find_or_create(@webapp.id).getUsers
 	end
 

diff --git a/app/views/webapps/add_permission.json.jbuilder b/app/views/webapps/add_permission.json.jbuilder
@@ -1,5 +1,5 @@
 self.formats = [:html]
-	json.status :ok
+	json.status @status
 	json.type :permission
 	json.webappid @webapp.id
 	json.userid @user.id