Merge pull request #165 from warpc/150-acl-collaborators
[Fix #150] Disable edit and update action for non-admin collaborators in projects.
This commit is contained in:
commit
2ca69df1cd
|
@ -6,9 +6,10 @@ class CollaboratorsController < ApplicationController
|
||||||
before_filter :find_users
|
before_filter :find_users
|
||||||
before_filter :find_groups
|
before_filter :find_groups
|
||||||
|
|
||||||
load_and_authorize_resource :project
|
load_resource :project
|
||||||
|
before_filter :authorize_collaborators
|
||||||
|
|
||||||
def index
|
def index
|
||||||
redirect_to edit_project_collaborators_path(@project)
|
redirect_to edit_project_collaborators_path(@project)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -49,7 +50,7 @@ class CollaboratorsController < ApplicationController
|
||||||
groups_for_removing.each do |u|
|
groups_for_removing.each do |u|
|
||||||
Relation.by_object(u).by_target(@project).each {|r| r.destroy}
|
Relation.by_object(u).by_target(@project).each {|r| r.destroy}
|
||||||
end
|
end
|
||||||
|
|
||||||
# Create relations
|
# Create relations
|
||||||
Relation::ROLES.each { |r|
|
Relation::ROLES.each { |r|
|
||||||
#users_for_creating = users_for_creating params[:user].keys.map{|p| p.to_i} - @project.collaborators.map(&:id)
|
#users_for_creating = users_for_creating params[:user].keys.map{|p| p.to_i} - @project.collaborators.map(&:id)
|
||||||
|
@ -130,4 +131,8 @@ class CollaboratorsController < ApplicationController
|
||||||
def find_groups
|
def find_groups
|
||||||
@groups = @project.groups#Group.all
|
@groups = @project.groups#Group.all
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def authorize_collaborators
|
||||||
|
authorize! :update, @project
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue