From f463c66eff1584dd52f52c63bd74f96b30da07cc Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Sat, 6 Apr 2013 12:15:11 -0400
Subject: [PATCH] Cheap way to limit control to owned alerts

---
 app/controllers/alerts_controller.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/controllers/alerts_controller.rb b/app/controllers/alerts_controller.rb
index 1c54a0b..6ec982f 100644
--- a/app/controllers/alerts_controller.rb
+++ b/app/controllers/alerts_controller.rb
@@ -13,7 +13,7 @@ class AlertsController < ApplicationController
   # GET /alerts/1
   # GET /alerts/1.json
   def show
-    @alert = Alert.find(params[:id])
+    @alert = Alert.user_alerts(current_user.id).find(params[:id])
 
     respond_to do |format|
       format.html # show.html.erb
@@ -33,7 +33,7 @@ class AlertsController < ApplicationController
 
   # GET /alerts/1/edit
   def edit
-    @alert = Alert.find(params[:id])
+    @alert = Alert.user_alerts(current_user.id).find(params[:id])
   end
 
   # POST /alerts
@@ -53,7 +53,7 @@ class AlertsController < ApplicationController
   # PUT /alerts/1
   # PUT /alerts/1.json
   def update
-    @alert = Alert.find(params[:id])
+    @alert = Alert.user_alerts(current_user.id).find(params[:id])
 
     respond_to do |format|
       if @alert.update_attributes(params[:alert])
@@ -67,7 +67,7 @@ class AlertsController < ApplicationController
   # DELETE /alerts/1
   # DELETE /alerts/1.json
   def destroy
-    @alert = Alert.find(params[:id])
+    @alert = Alert.user_alerts(current_user.id).find(params[:id])
     @alert.destroy
 
     respond_to do |format|