Commit 7403afea9748316b78242ecb250f619fe1a15b36
1 parent
b4967b37
Exists in
master
and in
4 other branches
Reject non-owned projects to assign to teams
Showing
1 changed file
with
12 additions
and
6 deletions
Show diff stats
app/controllers/teams/projects_controller.rb
| ... | ... | @@ -16,13 +16,19 @@ class Teams::ProjectsController < Teams::ApplicationController |
| 16 | 16 | end |
| 17 | 17 | |
| 18 | 18 | def create |
| 19 | - unless params[:project_ids].blank? | |
| 20 | - project_ids = params[:project_ids] | |
| 21 | - access = params[:greatest_project_access] | |
| 22 | - user_team.assign_to_projects(project_ids, access) | |
| 23 | - end | |
| 19 | + redirect_to :back if params[:project_ids].blank? | |
| 20 | + | |
| 21 | + project_ids = params[:project_ids] | |
| 22 | + access = params[:greatest_project_access] | |
| 23 | + | |
| 24 | + # Reject non-allowed projects | |
| 25 | + allowed_project_ids = current_user.owned_projects.map(&:id) | |
| 26 | + project_ids.select! { |id| allowed_project_ids.include?(id) } | |
| 27 | + | |
| 28 | + # Assign projects to team | |
| 29 | + user_team.assign_to_projects(project_ids, access) | |
| 24 | 30 | |
| 25 | - redirect_to team_projects_path(user_team), notice: 'Team of users was successfully assgned to projects.' | |
| 31 | + redirect_to team_projects_path(user_team), notice: 'Team of users was successfully assigned to projects.' | |
| 26 | 32 | end |
| 27 | 33 | |
| 28 | 34 | def edit | ... | ... |