From f011fae12a089c0dac027b3977330b02743c77fe Mon Sep 17 00:00:00 2001
From: Giovanni Sakti <giosakti@gmail.com>
Date: Mon, 17 Dec 2018 06:09:26 +0700
Subject: [PATCH] only the user themselves can update their public key

---
 app/views/users/show.html.slim | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/app/views/users/show.html.slim b/app/views/users/show.html.slim
index c3145b7b..0d977487 100755
--- a/app/views/users/show.html.slim
+++ b/app/views/users/show.html.slim
@@ -74,15 +74,21 @@
   br
   .card
     .card-body
-      h6.card-title Public Key
-      = form_tag user_public_key_update_path, method: :post do
-          .row
-            .col
-              = text_area_tag "public_key", @user.public_key, class: "form-contol text-align-top", style: "height:200px;width:100%;", placeholder: "Your public key here..."
-          br
-          .row
-            .col-md-3
-              = submit_tag "Update key", class: "form-control btn-md btn-primary"
+      - if (current_user.admin? or (current_user.id == @user.id))
+        h6.card-title Public Key
+        = form_tag user_public_key_update_path, method: :post do
+            .row
+              .col
+                = text_area_tag "public_key", @user.public_key, class: "form-contol text-align-top", style: "height:200px;width:100%;", placeholder: "Your public key here..."
+            br
+            .row
+              .col-md-3
+                = submit_tag "Update key", class: "form-control btn-md btn-primary"
+      - else
+        h6.card-title Public Key
+        .row
+          .col
+            = @user.public_key
 
   br
   .card