[refs #2249] Add corrections to ACL rules

2011-12-02 10:57:58 +04:00 · 2011-12-02 10:57:58 +04:00 · 233f9b8035
parent d7c9452efa
commit 233f9b8035
3 changed files with 14 additions and 5 deletions
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -52,8 +52,12 @@ class Ability
          project.relations.exists?(:role => ['writer', 'admin'], :object_type => 'User', :object_id => user.id)
        end

-        can [:read, :update, :process_build, :build], Product, products_in_relations_with(:role => ['writer', 'admin'], :object_type => 'User', :object_id => user.id)  do |product|
-          product.relations.exists?(:role => ['admin'], :object_type => 'User', :object_id => user.id)
+        can [:read, :update, :destroy], Product, products_in_relations_with(:role => ['writer', 'admin'], :object_type => 'User', :object_id => user.id)  do |product|
+          product.relations.exists?(:role => 'admin', :object_type => 'User', :object_id => user.id)
+        end
+        # Small CanCan hack by Product.new(:platform_id => ...)
+        can [:new, :create], Product do |product|
+          product.platform.relations.exists?(:role => 'admin', :object_type => 'User', :object_id => user.id)
        end

        can :manage, Platform, :owner_type => 'User', :owner_id => user.id
@ -73,6 +77,10 @@ class Ability
        can :read, Repository, repositories_in_relations_with(:role => 'reader', :object_type => 'User', :object_id => user.id) do |repository|
          repository.relations.exists?(:role => 'reader', :object_type => 'User', :object_id => user.id)
        end
+        # Small CanCan hack by Repository.new(:platform_id => ...)
+        #can [:new, :create], Repository do |repository|
+        #  repository.platform.relations.exists?(:role => 'admin', :object_type => 'User', :object_id => user.id)
+        #end
        
        #can :read, Repository
        # TODO: Add personal repos rules
--- a/app/models/product.rb
+++ b/app/models/product.rb
@ -3,6 +3,7 @@ class Product < ActiveRecord::Base

  belongs_to :platform
  has_many :product_build_lists, :dependent => :destroy
+  has_many :relations, :as => :target, :dependent => :destroy

  after_validation :merge_tar_errors
  before_save :destroy_tar?
@ -78,7 +79,7 @@ class Product < ActiveRecord::Base
    end

    def add_admin_relations
-      repository.relations.where(:role => 'admin').each do |rel|
+      platform.relations.where(:role => 'admin').each do |rel|
        r = relations.build(:role => 'admin', :object_type => rel.object_type)
        r.object_id = rel.object_id
        r.save
--- a/app/views/platforms/show.html.haml
+++ b/app/views/platforms/show.html.haml
@ -70,7 +70,7 @@
  .secondary-navigation
    %ul.wat-cf
      %li.first.active= link_to t("layout.repositories.list"), platform_path(@platform) + "#repositories"
-      %li= link_to t("layout.repositories.new"), new_platform_repository_path(@platform) if can? :create, Repository
+      %li= link_to t("layout.repositories.new"), new_platform_repository_path(@platform) if can? :create, Repository.new(:platform_id => @platform.id)
  .content
    %h2.title
      = t("layout.repositories.list_header")
@ -95,7 +95,7 @@
  .secondary-navigation
    %ul.wat-cf
      %li.first.active= link_to t("layout.products.list"), platform_path(@platform) + "#products"
-      %li= link_to t("layout.products.new"), new_platform_product_path(@platform) if can? :create, Product
+      %li= link_to t("layout.products.new"), new_platform_product_path(@platform) if can? :create, Product.new(:platform_id => @platform.id)
  .content
    %h2.title
      = t("layout.products.list_header")