Merge pull request #165 from warpc/150-acl-collaborators

[Fix #150] Disable edit and update action for non-admin collaborators in projects.
This commit is contained in:
Vladimir Sharshov 2012-02-13 10:49:01 -08:00
commit 2ca69df1cd
1 changed files with 8 additions and 3 deletions

View File

@ -6,9 +6,10 @@ class CollaboratorsController < ApplicationController
before_filter :find_users before_filter :find_users
before_filter :find_groups before_filter :find_groups
load_and_authorize_resource :project load_resource :project
before_filter :authorize_collaborators
def index def index
redirect_to edit_project_collaborators_path(@project) redirect_to edit_project_collaborators_path(@project)
end end
@ -49,7 +50,7 @@ class CollaboratorsController < ApplicationController
groups_for_removing.each do |u| groups_for_removing.each do |u|
Relation.by_object(u).by_target(@project).each {|r| r.destroy} Relation.by_object(u).by_target(@project).each {|r| r.destroy}
end end
# Create relations # Create relations
Relation::ROLES.each { |r| Relation::ROLES.each { |r|
#users_for_creating = users_for_creating params[:user].keys.map{|p| p.to_i} - @project.collaborators.map(&:id) #users_for_creating = users_for_creating params[:user].keys.map{|p| p.to_i} - @project.collaborators.map(&:id)
@ -130,4 +131,8 @@ class CollaboratorsController < ApplicationController
def find_groups def find_groups
@groups = @project.groups#Group.all @groups = @project.groups#Group.all
end end
def authorize_collaborators
authorize! :update, @project
end
end end