ownership_authentication.rb 1007 Bytes
Edit Raw Blame History



1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37


module OwnershipAuthentication
  extend ActiveSupport::Concern

  def project_owner?
    check_project_ownership(params[:id])
  end

  def repository_owner?
    check_project_ownership(params[:project_id])
  end
  
  def reading_group_owner?
    check_reading_group_ownership(params[:id])
  end

  def reading_owner?
    check_reading_group_ownership(params[:reading_group_id])
  end

  def check_project_ownership(id)
    if current_user.project_ownerships.find_by_project_id(id).nil?
      respond_to do |format|
        format.html { redirect_to projects_url, notice: "You're not allowed to do this operation" }
        format.json { head :no_content }
      end
    end
  end

  def check_reading_group_ownership(id)
    if current_user.reading_group_ownerships.find_by_reading_group_id(id).nil?
      respond_to do |format|
        format.html { redirect_to reading_group_url(id), notice: "You're not allowed to do this operation" }
        format.json { head :no_content }
      end
    end
  end
end