prey / gdpr_rails

Rails Engine for the GDPR compliance
https://preyproject.com
MIT License
626 stars 62 forks source link

:allow_admins redirects to root_path, which requires admin access #23

Closed viamin closed 6 years ago

viamin commented 6 years ago

If you visit the root path when logged in as a regular user, the :allow_admins callback redirects to root_path, which creates a circular redirect.

Non-admins should be able to load the app.

Fix is just to add except: :index to the callback

michelson commented 6 years ago

Hi @viamin , thanks for this contribution

since root_url shows admin information this endpoint should be enabled for admins only. I suggest that this PR instead of bypass protection of index , redirects to pending terms endpoints (user_terms/pending )

viamin commented 6 years ago

Sounds reasonable. I'll update the PR.