Software Publico / Gitlab

Authored by Andrey Kumanyaev 2013-01-23 00:58:44 +0400

Committed by Dmitriy Zaporozhets 2013-01-24 22:31:25 +0200

1 parent dcea5220

Exists in master and in 4 other branches

Showing 3 changed files with 11 additions and 1 deletions Show diff stats

app/controllers/teams/application_controller.rb

  class Teams::ApplicationController < ApplicationController
++
++  before_filter :authorize_manage_user_team!
++
    protected
    def user_team
      @user_team ||= UserTeam.find_by_path(params[:team_id])
    end
++  def authorize_manage_user_team!
++    return access_denied! unless can?(current_user, :manage_user_team, user_team)
++  end
++
  end

app/controllers/teams/members_controller.rb

1	class Teams::MembersController < Teams::ApplicationController	1	class Teams::MembersController < Teams::ApplicationController
2	# Authorize	2	# Authorize
3	- before_filter :authorize_manage_user_team!, only: [:new, :edit]	3	+ skip_before_filter :authorize_manage_user_team!, only: [:index]
4		4
5	def index	5	def index
6	@members = @user_team.members	6	@members = @user_team.members

app/controllers/teams/projects_controller.rb

1	class Teams::ProjectsController < Teams::ApplicationController	1	class Teams::ProjectsController < Teams::ApplicationController
		2	+
		3	+ skip_before_filter :authorize_manage_user_team!, only: [:index]
		4	+
2	def index	5	def index
3	@projects = user_team.projects	6	@projects = user_team.projects
4	@avaliable_projects = current_user.admin? ? Project.without_team(user_team) : (Project.personal(current_user) + current_user.projects).uniq	7	@avaliable_projects = current_user.admin? ? Project.without_team(user_team) : (Project.personal(current_user) + current_user.projects).uniq