From 68e6a01743594baa05139ea9e653eaf6191d7284 Mon Sep 17 00:00:00 2001 From: James Espinosa Date: Sat, 5 Jul 2014 19:15:32 -0500 Subject: [PATCH] Clean up trailing and leading whitespace --- app/controllers/admin_controller.rb | 12 ++--- app/controllers/api/v1/users_controller.rb | 24 +++++----- app/controllers/application_controller.rb | 2 +- app/controllers/benefit_forms_controller.rb | 24 +++++----- app/controllers/dashboard_controller.rb | 4 +- app/controllers/paid_time_off_controller.rb | 2 +- app/controllers/pay_controller.rb | 18 ++++---- app/controllers/performance_controller.rb | 4 +- app/controllers/retirement_controller.rb | 4 +- app/controllers/schedule_controller.rb | 18 ++++---- app/controllers/sessions_controller.rb | 16 +++---- app/controllers/tutorials_controller.rb | 46 +++++++++---------- app/controllers/work_info_controller.rb | 10 ++-- app/models/benefits.rb | 14 +++--- app/models/key_management.rb | 2 +- app/models/paid_time_off.rb | 4 +- app/models/pay.rb | 16 +++---- app/models/performance.rb | 4 +- app/models/schedule.rb | 2 +- app/models/user.rb | 20 ++++---- app/models/work_info.rb | 16 +++---- app/views/admin/dashboard.html.erb | 10 ++-- app/views/benefit_forms/index.html.erb | 22 ++++----- app/views/dashboard/home.html.erb | 10 ++-- app/views/layouts/admin/_analytics.html.erb | 6 +-- .../layouts/admin/_get_all_users.html.erb | 4 +- app/views/layouts/admin/_get_user.html.erb | 32 ++++++------- app/views/layouts/application.html.erb | 14 +++--- app/views/layouts/shared/_header.html.erb | 4 +- app/views/layouts/shared/_messages.html.erb | 2 +- app/views/layouts/shared/_sidebar.html.erb | 12 ++--- app/views/layouts/tutorial/_header.html.erb | 2 +- app/views/layouts/tutorial/_sidebar.html.erb | 16 +++---- .../_access_control_first.html.erb | 10 ++-- .../_insecure_compare.html.erb | 16 +++---- .../_password_complexity.html.erb | 12 ++--- .../broken_auth_sess/_user_pass_enum.html.erb | 12 ++--- .../tutorial/credentials/_creds.html.erb | 24 +++++----- .../tutorial/csrf/_csrf_first.html.erb | 16 +++---- .../_model_attributes_exposure.html.erb | 10 ++-- .../exposure/_password_hashing.html.erb | 16 +++---- .../layouts/tutorial/exposure/_ssn.html.erb | 20 ++++---- .../injection/_injection_command.html.erb | 22 ++++----- .../injection/_injection_first.html.erb | 14 +++--- .../tutorial/injection/_sqli_scope.html.erb | 26 +++++------ .../_insecure_components_first.html.erb | 2 +- .../_insecure_components_second.html.erb | 6 +-- .../insecure_dor/_insecure_dor_first.html.erb | 10 ++-- .../logic_flaws/_broken_regexp.html.erb | 40 ++++++++-------- .../_insecure_crypto_reuse.html.erb | 16 +++---- .../_admin_mass_assign.html.erb | 28 +++++------ .../_benefit_forms_constantize.html.erb | 24 +++++----- .../misconfig/_misconfig_first.html.erb | 4 +- .../misconfig/_misconfig_second.html.erb | 2 +- .../redirects/_redirects_first.html.erb | 22 ++++----- .../tutorial/ssl_tls/_ssl_tls_first.html.erb | 4 +- .../url_access/_url_access_first.html.erb | 20 ++++---- .../layouts/tutorial/xss/_dom_xss.html.erb | 24 +++++----- .../layouts/tutorial/xss/_xss_first.html.erb | 10 ++-- app/views/layouts/tutorials.html.erb | 8 ++-- app/views/messages/index.html.erb | 16 +++---- app/views/messages/show.html.erb | 2 +- app/views/paid_time_off/index.html.erb | 14 +++--- app/views/pay/index.html.erb | 46 +++++++++---------- app/views/performance/index.html.erb | 2 +- app/views/retirement/index.html.erb | 4 +- app/views/sessions/new.html.erb | 8 ++-- app/views/tutorials/exposure.html.erb | 10 ++-- app/views/tutorials/gauntlt.html.erb | 6 +-- app/views/tutorials/guard.html.erb | 2 +- app/views/tutorials/index.html.erb | 20 ++++---- app/views/tutorials/misconfig.html.erb | 2 +- app/views/users/account_settings.html.erb | 26 +++++------ app/views/users/new.html.erb | 16 +++---- app/views/work_info/index.html.erb | 10 ++-- 75 files changed, 499 insertions(+), 499 deletions(-) diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index 4cde79f..1c5c160 100755 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -1,8 +1,8 @@ class AdminController < ApplicationController - + before_filter :administrative, :if => :admin_param skip_before_filter :has_info - + def dashboard end @@ -27,14 +27,14 @@ class AdminController < ApplicationController @users = User.all render :partial => "layouts/admin/get_all_users" end - + def get_user @user = User.find_by_id(params[:admin_id].to_s) arr = ["true", "false"] @admin_select = @user.admin ? arr : arr.reverse render :partial => "layouts/admin/get_user" end - + def update_user user = User.find_by_id(params[:admin_id]) if user @@ -48,7 +48,7 @@ class AdminController < ApplicationController format.json { render :json => { :msg => message ? "success" : "failure"} } end end - + def delete_user user = User.find_by_user_id(params[:admin_id]) if user && !(current_user.user_id == user.user_id) @@ -67,5 +67,5 @@ class AdminController < ApplicationController def admin_param params[:admin_id] != '1' end - + end diff --git a/app/controllers/api/v1/users_controller.rb b/app/controllers/api/v1/users_controller.rb index 6866774..5ee6797 100644 --- a/app/controllers/api/v1/users_controller.rb +++ b/app/controllers/api/v1/users_controller.rb @@ -1,23 +1,23 @@ class Api::V1::UsersController < ApplicationController - + skip_before_filter :authenticated before_filter :valid_api_token before_filter :extrapolate_user - + respond_to :json - + def index # We removed the .as_json code from the model, just seemed like extra work. # dunno, maybe useful at a later time? #respond_with @user.admin ? User.all.as_json : @user.as_json - + respond_with @user.admin ? User.all : @user end - + def show respond_with @user.as_json end - + private def valid_api_token @@ -26,7 +26,7 @@ private identify_user(token) end end - + def identify_user(token="") # We've had issues with URL encoding, etc. causing issues so just to be safe # we will go ahead and unescape the user's token @@ -37,21 +37,21 @@ private (id && hash) ? true : false check_hash(id, hash) ? true : false end - + def check_hash(id, hash) digest = OpenSSL::Digest::SHA1.hexdigest("#{ACCESS_TOKEN_SALT}:#{id}") - hash == digest + hash == digest end - + # We had some issues with the token and url encoding... # this is an attempt to normalize the data. def unescape_token(token="") @clean_token = CGI::unescape(token) end - + # Added a method to make it easy to figure out who the user is. def extrapolate_user @user = User.find_by_id(@clean_token.split("-").first) end - + end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 3e56186..5ba7518 100755 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -10,7 +10,7 @@ class ApplicationController < ActionController::Base def current_user @current_user ||= ( - User.find_by_auth_token(cookies[:auth_token].to_s) || + User.find_by_auth_token(cookies[:auth_token].to_s) || User.find_by_user_id(session[:user_id].to_s) ) end diff --git a/app/controllers/benefit_forms_controller.rb b/app/controllers/benefit_forms_controller.rb index 64b851e..da34c50 100644 --- a/app/controllers/benefit_forms_controller.rb +++ b/app/controllers/benefit_forms_controller.rb @@ -1,12 +1,12 @@ class BenefitFormsController < ApplicationController - + def index @benefits = Benefits.new end def download - begin + begin path = params[:name] file = params[:type].constantize.new(path) send_file file, :disposition => 'attachment' @@ -14,7 +14,7 @@ class BenefitFormsController < ApplicationController redirect_to user_benefit_forms_path(:user_id => current_user.user_id) end end - + def upload file = params[:benefits][:upload] if file @@ -22,23 +22,23 @@ class BenefitFormsController < ApplicationController Benefits.save(file, params[:benefits][:backup]) else flash[:error] = "Something went wrong" - end + end redirect_to user_benefit_forms_path(:user_id => current_user.user_id) end - -=begin + +=begin # More secure version def download file_assoc = {"1" => "Health_n_Stuff.pdf", "2" => "Dental_n_Stuff.pdf"} - begin + begin if file_assoc.has_key?(params[:name].to_s) path = Rails.root.join('public', 'docs', file_assoc[params[:name].to_s]) if params[:type] == "File" - file = params[:type].constantize.new(path) + file = params[:type].constantize.new(path) send_file file, :disposition => 'attachment' - end - else + end + else file = Rails.root.join('public', 'docs', "Dental_n_Stuff.pdf") send_file file, :disposition => 'attachment' end @@ -46,7 +46,7 @@ class BenefitFormsController < ApplicationController redirect_to user_benefit_forms_path(:user_id => current_user.user_id) end end -=end +=end + - end diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb index 41d4236..9ce2834 100755 --- a/app/controllers/dashboard_controller.rb +++ b/app/controllers/dashboard_controller.rb @@ -1,7 +1,7 @@ class DashboardController < ApplicationController - + skip_before_filter :has_info - + def home @user = current_user diff --git a/app/controllers/paid_time_off_controller.rb b/app/controllers/paid_time_off_controller.rb index ea64301..fb63087 100644 --- a/app/controllers/paid_time_off_controller.rb +++ b/app/controllers/paid_time_off_controller.rb @@ -1,5 +1,5 @@ class PaidTimeOffController < ApplicationController - + def index @pto = current_user.paid_time_off @schedule = Schedule.new diff --git a/app/controllers/pay_controller.rb b/app/controllers/pay_controller.rb index 6a71dc3..2089179 100644 --- a/app/controllers/pay_controller.rb +++ b/app/controllers/pay_controller.rb @@ -1,28 +1,28 @@ class PayController < ApplicationController - + def index end - + def update_dd_info msg = false pay = Pay.new( - :bank_account_num => params[:bank_account_num], - :bank_routing_num => params[:bank_routing_num], + :bank_account_num => params[:bank_account_num], + :bank_routing_num => params[:bank_routing_num], :percent_of_deposit => params[:dd_percent] ) pay.user_id = current_user.user_id - msg = true if pay.save! + msg = true if pay.save! respond_to do |format| format.json {render :json => {:msg => msg } } end end - + def show respond_to do |format| format.json { render :json => {:user => current_user.pay.as_json} } end end - + def destroy pay = Pay.find_by_id(params[:id]) if pay.present? and pay.destroy @@ -32,12 +32,12 @@ class PayController < ApplicationController end redirect_to user_pay_index_path end - + def decrypted_bank_acct_num decrypted = Encryption.decrypt_sensitive_value(params[:value_to_decrypt]) respond_to do |format| format.json {render :json => {:account_num => decrypted || "No Data" }} end end - + end diff --git a/app/controllers/performance_controller.rb b/app/controllers/performance_controller.rb index bdbff15..767fc65 100644 --- a/app/controllers/performance_controller.rb +++ b/app/controllers/performance_controller.rb @@ -1,7 +1,7 @@ class PerformanceController < ApplicationController - + def index @perf = current_user.performance end - + end diff --git a/app/controllers/retirement_controller.rb b/app/controllers/retirement_controller.rb index 1a376ee..b3663fc 100644 --- a/app/controllers/retirement_controller.rb +++ b/app/controllers/retirement_controller.rb @@ -1,7 +1,7 @@ class RetirementController < ApplicationController - + def index @info = current_user.retirement end - + end diff --git a/app/controllers/schedule_controller.rb b/app/controllers/schedule_controller.rb index 82d4736..f9d8a57 100644 --- a/app/controllers/schedule_controller.rb +++ b/app/controllers/schedule_controller.rb @@ -1,7 +1,7 @@ class ScheduleController < ApplicationController def create message = false - + if params[:schedule][:event_type] == "pto" sched = Schedule.new(params[:schedule]) sched.date_begin, sched.date_end = format_schedule_date(params[:date_range1]) @@ -11,12 +11,12 @@ class ScheduleController < ApplicationController message = true end end - + respond_to do |format| format.json {render :json => {:msg => message ? "success" : "failure" }} end end - + def get_pto_schedule begin schedules = current_user.paid_time_off.schedule @@ -29,17 +29,17 @@ class ScheduleController < ApplicationController hash[:end] = s[:date_end] jfs << hash end - rescue + rescue end respond_to do |format| format.json do render :json => jfs.to_json - end + end end end - + private - + # Returns a two part array consisting of dates # First value is the begin date and the second is the end date def format_schedule_date(date_array) @@ -50,10 +50,10 @@ class ScheduleController < ApplicationController date = Date.strptime(s.strip, '%m/%d/%Y') vals <<(date) end - rescue ArgumentError + rescue ArgumentError return [] end return vals end - + end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index a13bbc7..4b90e41 100755 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,22 +1,22 @@ class SessionsController < ApplicationController - + skip_before_filter :has_info skip_before_filter :authenticated, :only => [:new, :create] - + def new @url = params[:url] redirect_to home_dashboard_index_path if current_user end - + def create - path = params[:url].present? ? params[:url] : home_dashboard_index_path + path = params[:url].present? ? params[:url] : home_dashboard_index_path begin # Normalize the email address, why not user = User.authenticate(params[:email].to_s.downcase, params[:password]) # @url = params[:url] rescue Exception => e end - + if user if params[:remember_me] cookies.permanent[:auth_token] = user.auth_token if User.where(:user_id => user.user_id).exists? @@ -26,12 +26,12 @@ class SessionsController < ApplicationController redirect_to path else # Removed this code, just doesn't seem specific enough! - # flash[:error] = "Either your username and password is incorrect" + # flash[:error] = "Either your username and password is incorrect" flash[:error] = e.message render "new" - end + end end - + def destroy cookies.delete(:auth_token) reset_session diff --git a/app/controllers/tutorials_controller.rb b/app/controllers/tutorials_controller.rb index 7f878f3..3a294d5 100755 --- a/app/controllers/tutorials_controller.rb +++ b/app/controllers/tutorials_controller.rb @@ -1,26 +1,26 @@ class TutorialsController < ApplicationController - + skip_before_filter :has_info skip_before_filter :authenticated - + def index end - + def credentials render :partial => "layouts/tutorial/credentials/creds" end - + def show render "injection" end - + def injection end - + def xss @code = %{
  • - } @meta_code_good = %{<%= csrf_meta_tags %> } @@ -55,10 +55,10 @@ class TutorialsController < ApplicationController \} \}); \}); - + \} } end - + def misconfig end @@ -67,33 +67,33 @@ class TutorialsController < ApplicationController def access_control end - + def crypto end - + def url_access end - + def ssl_tls end - + def redirects end - + def guard end - + def logic_flaws end - + def mass_assignment end - + def guantlt - + end - + def metaprogramming end - + end diff --git a/app/controllers/work_info_controller.rb b/app/controllers/work_info_controller.rb index 1ba3981..2238259 100644 --- a/app/controllers/work_info_controller.rb +++ b/app/controllers/work_info_controller.rb @@ -1,8 +1,8 @@ class WorkInfoController < ApplicationController - + def index @user = User.find_by_user_id(params[:user_id]) - if !(@user) || @user.admin + if !(@user) || @user.admin flash[:error] = "Sorry, no user with that user id exists" redirect_to home_dashboard_index_path end @@ -12,11 +12,11 @@ class WorkInfoController < ApplicationController # More secure version def index @user = current_user - if !(@user) || @user.admin + if !(@user) || @user.admin flash[:error] = "Apologies, looks like something went wrong" redirect_to home_dashboard_index_path end end -=end - +=end + end diff --git a/app/models/benefits.rb b/app/models/benefits.rb index 5764c9d..9b0feb5 100644 --- a/app/models/benefits.rb +++ b/app/models/benefits.rb @@ -1,6 +1,6 @@ class Benefits < ActiveRecord::Base attr_accessor :backup - + def self.save(file, backup=false) data_path = Rails.root.join("public", "data") full_file_name = "#{data_path}/#{file.original_filename}" @@ -9,18 +9,18 @@ class Benefits < ActiveRecord::Base f.close make_backup(file, data_path, full_file_name) if backup == "true" end - + def self.make_backup(file, data_path, full_file_name) - if File.exists?(full_file_name) + if File.exists?(full_file_name) silence_streams(STDERR) { system("cp #{full_file_name} #{data_path}/bak#{Time.now.to_i}_#{file.original_filename}") } - end + end end -=begin +=begin def self.make_backup(file, data_path, full_file_name) FileUtils.cp "#{full_file_name}", "#{data_path}/bak#{Time.now.to_i}_#{file.original_filename}" end -=end +=end def self.silence_streams(*streams) on_hold = streams.collect { |stream| stream.dup } @@ -34,5 +34,5 @@ class Benefits < ActiveRecord::Base stream.reopen(on_hold[i]) end end - + end diff --git a/app/models/key_management.rb b/app/models/key_management.rb index 174b80c..f15c339 100644 --- a/app/models/key_management.rb +++ b/app/models/key_management.rb @@ -2,5 +2,5 @@ class KeyManagement < ActiveRecord::Base attr_accessible :iv, :user_id belongs_to :work_info belongs_to :user - + end diff --git a/app/models/paid_time_off.rb b/app/models/paid_time_off.rb index 3628d22..8c980b6 100644 --- a/app/models/paid_time_off.rb +++ b/app/models/paid_time_off.rb @@ -6,11 +6,11 @@ class PaidTimeOff < ActiveRecord::Base def sick_days_remaining self.sick_days_earned - self.sick_days_taken end - + def pto_days_remaining self.pto_earned - self.pto_taken end - + def sick_days_taken_percentage result = self.sick_days_taken.to_f / self.sick_days_earned.to_f * 100.0 end diff --git a/app/models/pay.rb b/app/models/pay.rb index 78f0278..56616b1 100644 --- a/app/models/pay.rb +++ b/app/models/pay.rb @@ -1,25 +1,25 @@ class Pay < ActiveRecord::Base - + # mass-assignable attributes attr_accessible :bank_account_num, :bank_routing_num, :percent_of_deposit - + # Associations - belongs_to :user - + belongs_to :user + # Validations validates :bank_account_num, presence: true validates :bank_routing_num, presence: true validates :percent_of_deposit, presence: true - + # callbacks before_save :encrypt_bank_account_num - + def as_json super(only: [:bank_account_num, :bank_routing_num, :percent_of_deposit, :id]) end - + def encrypt_bank_account_num self.bank_account_num = Encryption.encrypt_sensitive_value(self.bank_account_num) end - + end diff --git a/app/models/performance.rb b/app/models/performance.rb index f6785b1..73f25c1 100644 --- a/app/models/performance.rb +++ b/app/models/performance.rb @@ -1,7 +1,7 @@ class Performance < ActiveRecord::Base attr_accessible :comments, :date_submitted, :reviewer, :score - belongs_to :user - + belongs_to :user + def reviewer_name u = User.find_by_id(self.reviewer) u.full_name if u.respond_to?('fullname') diff --git a/app/models/schedule.rb b/app/models/schedule.rb index ed7dcc5..fc66df7 100644 --- a/app/models/schedule.rb +++ b/app/models/schedule.rb @@ -1,6 +1,6 @@ class Schedule < ActiveRecord::Base attr_accessible :date_begin, :date_end, :event_desc, :event_name, :event_type belongs_to :paid_time_off - + validates_presence_of :date_begin, :date_end, :event_desc, :event_name, :event_type end diff --git a/app/models/user.rb b/app/models/user.rb index 261703e..7af6ed9 100755 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -13,7 +13,7 @@ class User < ActiveRecord::Base :confirmation => true, :if => :password, :format => {:with => /\A.*(?=.{10,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\@\#\$\%\^\&\+\=]).*\z/} -=end +=end validates_presence_of :email validates_uniqueness_of :email validates_format_of :email, :with => /.+@.+\..+/i @@ -37,11 +37,11 @@ class User < ActiveRecord::Base #work_info.build_key_management(:iv => SecureRandom.hex(32)) performance.build(POPULATE_PERFORMANCE.shuffle.first) end - + def full_name "#{self.first_name} #{self.last_name}" end - + =begin # Instead of the entire user object being returned, we can use this to filter. def as_json @@ -59,10 +59,10 @@ private auth = user else raise "Incorrect Password!" - end + end return auth - end - + end + =begin # More secure version, still lacking a decent hashing routine, this is for timing attack prevention def self.authenticate(email, password) @@ -71,9 +71,9 @@ private return user else raise "Incorrect username or password" - end + end end -=end +=end def assign_user_id unless @skip_user_id_assign.present? || self.user_id.present? @@ -82,7 +82,7 @@ private self.user_id = uid.to_s if uid end end - + def hash_password unless @skip_hash_password == true if password.present? @@ -90,7 +90,7 @@ private end end end - + def generate_token(column) begin self[column] = Encryption.encrypt_sensitive_value(self.user_id) diff --git a/app/models/work_info.rb b/app/models/work_info.rb index c8e30d8..e594766 100644 --- a/app/models/work_info.rb +++ b/app/models/work_info.rb @@ -3,13 +3,13 @@ class WorkInfo < ActiveRecord::Base belongs_to :user has_one :key_management, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy #before_save :encrypt_ssn - - + + # We should probably use this def last_four "***-**-" << self.decrypt_ssn[-4,4] end - + def encrypt_ssn aes = OpenSSL::Cipher::Cipher.new(cipher_type) aes.encrypt @@ -18,7 +18,7 @@ class WorkInfo < ActiveRecord::Base self.encrypted_ssn = aes.update(self.SSN) + aes.final self.SSN = nil end - + def decrypt_ssn aes = OpenSSL::Cipher::Cipher.new(cipher_type) aes.decrypt @@ -26,19 +26,19 @@ class WorkInfo < ActiveRecord::Base aes.iv = iv if iv != nil aes.update(self.encrypted_ssn) + aes.final end - + def key raise "Key Missing" if !(KEY) KEY end - + def iv raise "No IV for this User" if !(self.key_management.iv) self.key_management.iv end - + def cipher_type 'aes-256-cbc' end - + end diff --git a/app/views/admin/dashboard.html.erb b/app/views/admin/dashboard.html.erb index da2c845..7998520 100755 --- a/app/views/admin/dashboard.html.erb +++ b/app/views/admin/dashboard.html.erb @@ -11,7 +11,7 @@

    - +
    - +
    - - - + + + <%= javascript_include_tag "jquery.dataTables.js"%> diff --git a/app/views/benefit_forms/index.html.erb b/app/views/benefit_forms/index.html.erb index 3c48e5c..a212c20 100644 --- a/app/views/benefit_forms/index.html.erb +++ b/app/views/benefit_forms/index.html.erb @@ -2,7 +2,7 @@
    - +
    @@ -21,14 +21,14 @@ PDF
    - +
    <% end %>
    - +
    @@ -47,11 +47,11 @@ PDF
    - +
    <% end %>
    - + @@ -108,27 +108,27 @@ - + \ No newline at end of file diff --git a/app/views/dashboard/home.html.erb b/app/views/dashboard/home.html.erb index 4cdbdbf..8276848 100755 --- a/app/views/dashboard/home.html.erb +++ b/app/views/dashboard/home.html.erb @@ -1,19 +1,19 @@
    - +
    - <% if @user.paid_time_off %> + <% if @user.paid_time_off %> <%= render :partial => "layouts/dashboard/dashboard_stats"%> - <% end %> + <% end %>
    -
    +
    diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index bcc55e5..2c08669 100755 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -16,26 +16,26 @@ end -<% if current_user %> - <%= render "layouts/shared/header" %> +<% if current_user %> + <%= render "layouts/shared/header" %> <%= render "layouts/shared/sidebar" %> <% else %> - <%= render "layouts/tutorial/header" %> - <%= render "layouts/tutorial/sidebar" %> + <%= render "layouts/tutorial/header" %> + <%= render "layouts/tutorial/sidebar" %> <% end %>
    <%= render "layouts/shared/messages" %> <%= yield %>
    -
    + <%= render "layouts/shared/footer" %> - + - + diff --git a/app/views/layouts/shared/_header.html.erb b/app/views/layouts/shared/_header.html.erb index 3a62d80..5426bab 100755 --- a/app/views/layouts/shared/_header.html.erb +++ b/app/views/layouts/shared/_header.html.erb @@ -8,7 +8,7 @@