Open sohara opened 10 years ago
Currently we ensure user is logged in but don't check that the user is the resource owner. We should also set the flash message differently and not redirect back to the route, e.g. sorry, you cannot do that.
Currently we ensure user is logged in but don't check that the user is the resource owner. We should also set the flash message differently and not redirect back to the route, e.g. sorry, you cannot do that.