Modified: branches/component-querying/app/controllers/friendships_controller.rb (3522 => 3523)
--- branches/component-querying/app/controllers/friendships_controller.rb 2013-04-26 09:14:23 UTC (rev 3522)
+++ branches/component-querying/app/controllers/friendships_controller.rb 2013-04-30 08:59:16 UTC (rev 3523)
@@ -230,7 +230,7 @@
not_auth = true
end
when "destroy" # link - just the friend id, but current user can be "friend" or "user" in the friendship
- unless params[:user_id].to_i == @friendship.friend_id.to_i && (address@hidden, @friendship.friend_id].include? current_user.id)
+ unless address@hidden, @friendship.friend_id].include? current_user.id
not_auth = true
end
else # link - just the current user id, and it should be "friend" in the friendship ("accept" for example)