Commit 6403023882f5ff53d92e65180e7e2b539227c5b4
Committed by
Rafael Manzo
Rafael Manzo
1 parent
be93009c
Exists in
colab
and in
4 other branches
Finished ownership authentication for repositories.
Signed-off-by: Renan Fichberg <rfichberg@gmail.com>
Showing
6 changed files
with
36 additions
and
18 deletions
Show diff stats
app/controllers/concerns/.keep
| @@ -0,0 +1,21 @@ | @@ -0,0 +1,21 @@ | ||
| 1 | +module OwnershipAuthentication | ||
| 2 | + extend ActiveSupport::Concern | ||
| 3 | + | ||
| 4 | + def check_project_ownership | ||
| 5 | + check_ownership(params[:id]) | ||
| 6 | + end | ||
| 7 | + | ||
| 8 | + def check_repository_ownership | ||
| 9 | + check_ownership(params[:project_id]) | ||
| 10 | + end | ||
| 11 | + | ||
| 12 | + def check_ownership(id) | ||
| 13 | + if current_user.project_ownerships.find_by_project_id(id).nil? | ||
| 14 | + respond_to do |format| | ||
| 15 | + format.html { redirect_to projects_url, notice: "You're not allowed to do this operation" } | ||
| 16 | + format.json { head :no_content } | ||
| 17 | + end | ||
| 18 | + end | ||
| 19 | + end | ||
| 20 | + | ||
| 21 | +end | ||
| 0 | \ No newline at end of file | 22 | \ No newline at end of file |
app/controllers/projects_controller.rb
| 1 | +include OwnershipAuthentication | ||
| 2 | + | ||
| 1 | class ProjectsController < ApplicationController | 3 | class ProjectsController < ApplicationController |
| 2 | before_action :authenticate_user!, | 4 | before_action :authenticate_user!, |
| 3 | except: [:index, :show] | 5 | except: [:index, :show] |
| 4 | - before_action :check_ownership, only: [:edit, :update, :destroy] | 6 | + before_action :check_project_ownership, only: [:edit, :update, :destroy] |
| 5 | 7 | ||
| 6 | # GET /projects/new | 8 | # GET /projects/new |
| 7 | def new | 9 | def new |
| @@ -75,14 +77,4 @@ class ProjectsController < ApplicationController | @@ -75,14 +77,4 @@ class ProjectsController < ApplicationController | ||
| 75 | def project_params | 77 | def project_params |
| 76 | params[:project] | 78 | params[:project] |
| 77 | end | 79 | end |
| 78 | - | ||
| 79 | - def check_ownership | ||
| 80 | - if current_user.project_ownerships.find_by_project_id(params[:id]).nil? | ||
| 81 | - respond_to do |format| | ||
| 82 | - format.html { redirect_to projects_url, notice: "You're not allowed to do this operation" } | ||
| 83 | - format.json { head :no_content } | ||
| 84 | - end | ||
| 85 | - end | ||
| 86 | - end | ||
| 87 | - | ||
| 88 | end | 80 | end |
app/controllers/repositories_controller.rb
| 1 | +include OwnershipAuthentication | ||
| 2 | + | ||
| 1 | class RepositoriesController < ApplicationController | 3 | class RepositoriesController < ApplicationController |
| 2 | before_action :set_repository, only: [:show, :edit, :update, :destroy] | 4 | before_action :set_repository, only: [:show, :edit, :update, :destroy] |
| 5 | + before_action :check_repository_ownership, except: [:show] | ||
| 3 | after_action :process_respository, only: :create | 6 | after_action :process_respository, only: :create |
| 4 | 7 | ||
| 5 | # GET /projects/1/repositories/1 | 8 | # GET /projects/1/repositories/1 |
app/views/projects/show.html.erb
| @@ -10,7 +10,7 @@ | @@ -10,7 +10,7 @@ | ||
| 10 | 10 | ||
| 11 | <h2>Repositories</h2> | 11 | <h2>Repositories</h2> |
| 12 | 12 | ||
| 13 | -<%= link_to 'New Repository', new_project_repository_path(@project)%> | 13 | +<% if project_owner? @project.id %><%= link_to 'New Repository', new_project_repository_path(@project)%><% end %> |
| 14 | 14 | ||
| 15 | <table border="1" width="30%"> | 15 | <table border="1" width="30%"> |
| 16 | <thead> | 16 | <thead> |
| @@ -18,7 +18,7 @@ | @@ -18,7 +18,7 @@ | ||
| 18 | <th>Name</th> | 18 | <th>Name</th> |
| 19 | <th>Type</th> | 19 | <th>Type</th> |
| 20 | <th>Address</th> | 20 | <th>Address</th> |
| 21 | - <th>Options</th> | 21 | + <% if project_owner? @project.id %><th>Options</th><% end %> |
| 22 | </tr> | 22 | </tr> |
| 23 | </thead> | 23 | </thead> |
| 24 | 24 | ||
| @@ -28,10 +28,12 @@ | @@ -28,10 +28,12 @@ | ||
| 28 | <td align="center"><%= repository.name %></td> | 28 | <td align="center"><%= repository.name %></td> |
| 29 | <td align="center"><%= repository.type %></td> | 29 | <td align="center"><%= repository.type %></td> |
| 30 | <td align="center"><%= repository.address %></td> | 30 | <td align="center"><%= repository.address %></td> |
| 31 | - <td align="center"> | ||
| 32 | - <%= link_to 'Edit', edit_project_repository_path(@project, repository.id) %> | ||
| 33 | - <%= link_to 'Destroy', project_repository_path(@project, repository.id), method: :delete, data: { confirm: 'Are you sure?' } %></td> | ||
| 34 | - </td> | 31 | + <% if project_owner? @project.id %> |
| 32 | + <td align="center"> | ||
| 33 | + <%= link_to 'Edit', edit_project_repository_path(@project, repository.id) %> | ||
| 34 | + <%= link_to 'Destroy', project_repository_path(@project, repository.id), method: :delete, data: { confirm: 'Are you sure?' } %></td> | ||
| 35 | + </td> | ||
| 36 | + <% end %> | ||
| 35 | </tr> | 37 | </tr> |
| 36 | <% end %> | 38 | <% end %> |
| 37 | </tbody> | 39 | </tbody> |
app/views/repositories/show.html.erb
| @@ -5,5 +5,5 @@ | @@ -5,5 +5,5 @@ | ||
| 5 | <%= @repository.name %> | 5 | <%= @repository.name %> |
| 6 | </p> | 6 | </p> |
| 7 | 7 | ||
| 8 | -<%= link_to 'Edit', edit_project_repository_path(@repository.project_id, @repository.id) %> | | 8 | +<% if project_owner? @project_id %><%= link_to 'Edit', edit_project_repository_path(@repository.project_id, @repository.id) %> |<% end %> |
| 9 | <%= link_to 'Back', project_path(@project_id) %> | 9 | <%= link_to 'Back', project_path(@project_id) %> |