ownership_authentication.rb 2.38 KB
Edit Raw Blame History



1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95


module OwnershipAuthentication
  extend ActiveSupport::Concern

  def project_owner?
    if self.kind_of?(ProjectsController)
      id = params[:id]
    elsif self.kind_of?(RepositoriesController)
      id = params[:project_id]
    else
      raise "Not supported"
    end

    check_project_ownership(id)
  end

  def repository_owner?
    check_repository_ownership(params[:id])
  end

  def reading_group_owner?
    if self.kind_of?(ReadingGroupsController)
      id = params[:id]
    elsif self.kind_of?(ReadingsController)
      id = params[:reading_group_id]
    else
      raise "Not supported"
    end

    check_reading_group_ownership(id)
  end

  def reading_owner?
    check_reading_group_ownership(params[:reading_group_id])
  end

  def kalibro_configuration_owner?
    if self.kind_of?(KalibroConfigurationsController)
      id = params[:id]
    elsif (self.kind_of?(BaseMetricConfigurationsController))
      id = params[:kalibro_configuration_id]
    else
      raise "Not supported"
    end
    check_kalibro_configuration_ownership(id)
  end

  def metric_configuration_owner?
    check_kalibro_configuration_ownership(params[:kalibro_configuration_id])
  end

  private

  def check_repository_ownership(id)
    if current_user.repository_attributes.find_by_repository_id(id).nil?
      respond_to do |format|
        format.html { redirect_to projects_url, notice: t('not_allowed') }
        format.json { head :no_content }
      end
    end

    return true
  end


  def check_project_ownership(id)
    if current_user.project_attributes.find_by_project_id(id).nil?
      respond_to do |format|
        format.html { redirect_to projects_url, notice: t('not_allowed') }
        format.json { head :no_content }
      end
    end

    return true
  end

  def check_reading_group_ownership(id)
    if current_user.reading_group_attributes.find_by_reading_group_id(id).nil?
      respond_to do |format|
        format.html { redirect_to reading_group_url(id: id), notice: t('not_allowed') }
        format.json { head :no_content }
      end
    end

    return true
  end

  def check_kalibro_configuration_ownership(id)
    if current_user.kalibro_configuration_attributes.find_by_kalibro_configuration_id(id).nil?
      respond_to do |format|
        format.html { redirect_to kalibro_configurations_url(id: id), notice: t('not_allowed') }
        format.json { head :no_content }
      end
    end
  end
end