Commit 7403afea9748316b78242ecb250f619fe1a15b36
1 parent
b4967b37
Exists in
master
and in
4 other branches
Reject non-owned projects to assign to teams
Showing
1 changed file
with
12 additions
and
6 deletions
Show diff stats
app/controllers/teams/projects_controller.rb
| @@ -16,13 +16,19 @@ class Teams::ProjectsController < Teams::ApplicationController | @@ -16,13 +16,19 @@ class Teams::ProjectsController < Teams::ApplicationController | ||
| 16 | end | 16 | end |
| 17 | 17 | ||
| 18 | def create | 18 | def create |
| 19 | - unless params[:project_ids].blank? | ||
| 20 | - project_ids = params[:project_ids] | ||
| 21 | - access = params[:greatest_project_access] | ||
| 22 | - user_team.assign_to_projects(project_ids, access) | ||
| 23 | - end | 19 | + redirect_to :back if params[:project_ids].blank? |
| 20 | + | ||
| 21 | + project_ids = params[:project_ids] | ||
| 22 | + access = params[:greatest_project_access] | ||
| 23 | + | ||
| 24 | + # Reject non-allowed projects | ||
| 25 | + allowed_project_ids = current_user.owned_projects.map(&:id) | ||
| 26 | + project_ids.select! { |id| allowed_project_ids.include?(id) } | ||
| 27 | + | ||
| 28 | + # Assign projects to team | ||
| 29 | + user_team.assign_to_projects(project_ids, access) | ||
| 24 | 30 | ||
| 25 | - redirect_to team_projects_path(user_team), notice: 'Team of users was successfully assgned to projects.' | 31 | + redirect_to team_projects_path(user_team), notice: 'Team of users was successfully assigned to projects.' |
| 26 | end | 32 | end |
| 27 | 33 | ||
| 28 | def edit | 34 | def edit |