Download as
Browse Code »

Commit 7534154b44f920005e6732bbcc9e9af391b81546

Authored by Andrey Kumanyaev
Committed by Dmitriy Zaporozhets
1 parent dcea5220
Exists in master and in 4 other branches 6-8-stable, 7-0-stable, 7-0-stable-spb, spb-stable

Add access control in public section to users teams

Showing 3 changed files with 11 additions and 1 deletions   Show diff stats
app/controllers/teams/application_controller.rb
  Diff comments   View file @7534154
1 1 class Teams::ApplicationController < ApplicationController
  2 +
  3 + before_filter :authorize_manage_user_team!
  4 +
2 5 protected
3 6  
4 7 def user_team
5 8 @user_team ||= UserTeam.find_by_path(params[:team_id])
6 9 end
7 10  
  11 + def authorize_manage_user_team!
  12 + return access_denied! unless can?(current_user, :manage_user_team, user_team)
  13 + end
  14 +
8 15 end
... ...
app/controllers/teams/members_controller.rb
  Diff comments   View file @7534154
1 1 class Teams::MembersController < Teams::ApplicationController
2 2 # Authorize
3   - before_filter :authorize_manage_user_team!, only: [:new, :edit]
  3 + skip_before_filter :authorize_manage_user_team!, only: [:index]
4 4  
5 5 def index
6 6 @members = @user_team.members
... ...
app/controllers/teams/projects_controller.rb
  Diff comments   View file @7534154
1 1 class Teams::ProjectsController < Teams::ApplicationController
  2 +
  3 + skip_before_filter :authorize_manage_user_team!, only: [:index]
  4 +
2 5 def index
3 6 @projects = user_team.projects
4 7 @avaliable_projects = current_user.admin? ? Project.without_team(user_team) : (Project.personal(current_user) + current_user.projects).uniq
... ...