Finished ownership authentication for repositories.

Signed-off-by: Renan Fichberg <rfichberg@gmail.com>

Finished ownership authentication for repositories.
Signed-off-by: Renan Fichberg <rfichberg@gmail.com>
Guilherme Rojas V. de Lima · Rafael Manzo
1 parent be93009c
Showing 6 changed files with 36 additions and 18 deletions Show diff stats
app/controllers/concerns/.keep
app/controllers/concerns/ownership_authentication.rb
app/controllers/projects_controller.rb
app/controllers/repositories_controller.rb
app/views/projects/show.html.erb
app/views/repositories/show.html.erb
@@ -0,0 +1,21 @@
+module OwnershipAuthentication
+  extend ActiveSupport::Concern
+
+  def check_project_ownership
+    check_ownership(params[:id])
+  end
+
+  def check_repository_ownership
+    check_ownership(params[:project_id])
+  end
+
+  def check_ownership(id)
+    if current_user.project_ownerships.find_by_project_id(id).nil?
+      respond_to do |format|
+        format.html { redirect_to projects_url, notice: "You're not allowed to do this operation" }
+       format.json { head :no_content }
+      end
+    end
+  end
+
+end
 \ No newline at end of file
+include OwnershipAuthentication
+
 class ProjectsController < ApplicationController
   before_action :authenticate_user!,
     except: [:index, :show]
-  before_action :check_ownership, only: [:edit, :update, :destroy]
+  before_action :check_project_ownership, only: [:edit, :update, :destroy]
  
   # GET /projects/new
   def new
@@ -75,14 +77,4 @@ class ProjectsController &lt; ApplicationController
     def project_params
       params[:project]
     end
-
-    def check_ownership
-      if current_user.project_ownerships.find_by_project_id(params[:id]).nil?
-        respond_to do |format|
-          format.html { redirect_to projects_url, notice: "You're not allowed to do this operation" }
-          format.json { head :no_content }
-        end
-      end
-    end
-
 end
+include OwnershipAuthentication
+
 class RepositoriesController < ApplicationController
   before_action :set_repository, only: [:show, :edit, :update, :destroy]
+  before_action :check_repository_ownership, except: [:show]
   after_action :process_respository, only: :create
  
   # GET /projects/1/repositories/1
@@ -10,7 +10,7 @@
  
 <h2>Repositories</h2>
  
-<%= link_to 'New Repository', new_project_repository_path(@project)%>
+<% if project_owner? @project.id %><%= link_to 'New Repository', new_project_repository_path(@project)%><% end %>
  
 <table border="1" width="30%">
   <thead>
@@ -18,7 +18,7 @@
       <th>Name</th>
       <th>Type</th>
       <th>Address</th>
-      <th>Options</th>
+      <% if project_owner? @project.id %><th>Options</th><% end %>
     </tr>
   </thead>
  
@@ -28,10 +28,12 @@
         <td align="center"><%= repository.name %></td>
         <td align="center"><%= repository.type %></td>
         <td align="center"><%= repository.address %></td>
-        <td align="center">
-          <%= link_to 'Edit', edit_project_repository_path(@project, repository.id) %>
-          <%= link_to 'Destroy', project_repository_path(@project, repository.id), method: :delete, data: { confirm: 'Are you sure?' } %></td>
-        </td>
+        <% if project_owner? @project.id %>
+          <td align="center">
+            <%= link_to 'Edit', edit_project_repository_path(@project, repository.id) %>
+            <%= link_to 'Destroy', project_repository_path(@project, repository.id), method: :delete, data: { confirm: 'Are you sure?' } %></td>
+          </td>
+        <% end %>
       </tr>
     <% end %>
   </tbody>
@@ -5,5 +5,5 @@
   <%= @repository.name %>
 </p>
  
-<%= link_to 'Edit', edit_project_repository_path(@repository.project_id, @repository.id) %> |
+<% if project_owner? @project_id %><%= link_to 'Edit', edit_project_repository_path(@repository.project_id, @repository.id) %> |<% end %>
 <%= link_to 'Back',  project_path(@project_id) %>
...	...	@@ -0,0 +1,21 @@
	1	+module OwnershipAuthentication
	2	+ extend ActiveSupport::Concern
	3	+
	4	+ def check_project_ownership
	5	+ check_ownership(params[:id])
	6	+ end
	7	+
	8	+ def check_repository_ownership
	9	+ check_ownership(params[:project_id])
	10	+ end
	11	+
	12	+ def check_ownership(id)
	13	+ if current_user.project_ownerships.find_by_project_id(id).nil?
	14	+ respond_to do \|format\|
	15	+ format.html { redirect_to projects_url, notice: "You're not allowed to do this operation" }
	16	+ format.json { head :no_content }
	17	+ end
	18	+ end
	19	+ end
	20	+
	21	+end
0	22	\ No newline at end of file
...	...
	1	+include OwnershipAuthentication
	2	+
1	3	class ProjectsController < ApplicationController
2	4	before_action :authenticate_user!,
3	5	except: [:index, :show]
4		- before_action :check_ownership, only: [:edit, :update, :destroy]
	6	+ before_action :check_project_ownership, only: [:edit, :update, :destroy]
5	7
6	8	# GET /projects/new
7	9	def new
...	...	@@ -75,14 +77,4 @@ class ProjectsController < ApplicationController
75	77	def project_params
76	78	params[:project]
77	79	end
78		-
79		- def check_ownership
80		- if current_user.project_ownerships.find_by_project_id(params[:id]).nil?
81		- respond_to do \|format\|
82		- format.html { redirect_to projects_url, notice: "You're not allowed to do this operation" }
83		- format.json { head :no_content }
84		- end
85		- end
86		- end
87		-
88	80	end
...	...
	1	+include OwnershipAuthentication
	2	+
1	3	class RepositoriesController < ApplicationController
2	4	before_action :set_repository, only: [:show, :edit, :update, :destroy]
	5	+ before_action :check_repository_ownership, except: [:show]
3	6	after_action :process_respository, only: :create
4	7
5	8	# GET /projects/1/repositories/1
...	...
...	...	@@ -10,7 +10,7 @@
10	10
11	11	<h2>Repositories</h2>
12	12
13		-<%= link_to 'New Repository', new_project_repository_path(@project)%>
	13	+<% if project_owner? @project.id %><%= link_to 'New Repository', new_project_repository_path(@project)%><% end %>
14	14
15	15	<table border="1" width="30%">
16	16	<thead>
...	...	@@ -18,7 +18,7 @@
18	18	<th>Name</th>
19	19	<th>Type</th>
20	20	<th>Address</th>
21		- <th>Options</th>
	21	+ <% if project_owner? @project.id %><th>Options</th><% end %>
22	22	</tr>
23	23	</thead>
24	24
...	...	@@ -28,10 +28,12 @@
28	28	<td align="center"><%= repository.name %></td>
29	29	<td align="center"><%= repository.type %></td>
30	30	<td align="center"><%= repository.address %></td>
31		- <td align="center">
32		- <%= link_to 'Edit', edit_project_repository_path(@project, repository.id) %>
33		- <%= link_to 'Destroy', project_repository_path(@project, repository.id), method: :delete, data: { confirm: 'Are you sure?' } %></td>
34		- </td>
	31	+ <% if project_owner? @project.id %>
	32	+ <td align="center">
	33	+ <%= link_to 'Edit', edit_project_repository_path(@project, repository.id) %>
	34	+ <%= link_to 'Destroy', project_repository_path(@project, repository.id), method: :delete, data: { confirm: 'Are you sure?' } %></td>
	35	+ </td>
	36	+ <% end %>
35	37	</tr>
36	38	<% end %>
37	39	</tbody>
...	...
...	...	@@ -5,5 +5,5 @@
5	5	<%= @repository.name %>
6	6	</p>
7	7
8		-<%= link_to 'Edit', edit_project_repository_path(@repository.project_id, @repository.id) %> \|
	8	+<% if project_owner? @project_id %><%= link_to 'Edit', edit_project_repository_path(@repository.project_id, @repository.id) %> \|<% end %>
9	9	<%= link_to 'Back', project_path(@project_id) %>
...	...