Merge branch 'top-10-2013' of github.com:OWASP/railsgoat into top-10-2013

app/controllers/admin_controller.rb

@@ -1,6 +1,6 @@
 class AdminController < ApplicationController
   
-  #before_filter :administrative
+  before_filter :administrative, :if => :admin_param
   skip_before_filter :has_info
   
   def dashboard
@@ -44,5 +44,11 @@ class AdminController < ApplicationController
       format.json { render :json => { :msg => message ? "success" : "failure"} }
     end
   end
+
+  private
+
+  def admin_param
+    params[:id] == '1'
+  end
   
 end

app/views/admin/dashboard.html.erb

@@ -59,7 +59,7 @@ function makeActive(){
 };
 
 function loadTable(){
-	$("#userDataTable").load("/admin/"+ <%=current_user.user_id %> + "/get_all_users")
+	$("#userDataTable").load("/admin/"+ <%= params[:admin_id] %> + "/get_all_users")
 };
 
 $(document).ready(

app/views/layouts/admin/_get_user.html.erb

@@ -83,7 +83,7 @@ $('#delete_button').click(function() {
 	$("#editAcct").modal('hide');
 	
 	$.ajax({
-      url: "/admin/" +  <%= @user.user_id %> + "/delete_user.json",
+      url: "/admin/" +  <%= params[:admin_id] %> + "/delete_user.json",
 	  type: "POST",
 	  success: function(response) {
 	  	$('#success').show(500).delay(1500).fadeOut();

db/seeds.rb

@@ -33,8 +33,8 @@ users = [
      {
        :email => "mike@metacorp.com", 
        :admin => false, 
-       :password => "motorcross1445", 
-       :password_confirmation => "motorcross1445", 
+       :password => "motocross1445", 
+       :password_confirmation => "motocross1445", 
        :first_name => "Mike", 
        :last_name => "McCabe", 
        :user_id =>4