From 932251a190de0ffcacd9ccd48c3ea3025b89aa8e Mon Sep 17 00:00:00 2001 From: George Vinogradov Date: Mon, 31 Oct 2011 22:14:25 +0400 Subject: [PATCH] Added ACL to controllers --- app/controllers/auto_build_lists_controller.rb | 1 + app/controllers/categories_controller.rb | 7 +++++++ app/controllers/collaborators_controller.rb | 3 +++ app/controllers/groups_controller.rb | 4 ++++ app/controllers/personal_repositories_controller.rb | 5 +++++ app/controllers/platforms_controller.rb | 8 +++++++- app/controllers/private_users_controller.rb | 3 ++- app/controllers/products_controller.rb | 11 +++++++++++ app/controllers/projects_controller.rb | 6 ++++++ app/controllers/repositories_controller.rb | 4 ++++ lib/ext/application_controller/base.rb | 10 +++++----- 11 files changed, 55 insertions(+), 7 deletions(-) diff --git a/app/controllers/auto_build_lists_controller.rb b/app/controllers/auto_build_lists_controller.rb index b7fe07f54..3700bb296 100644 --- a/app/controllers/auto_build_lists_controller.rb +++ b/app/controllers/auto_build_lists_controller.rb @@ -1,5 +1,6 @@ class AutoBuildListsController < ApplicationController before_filter :authenticate_user!, :except => :auto_build + before_filter :check_global_access def index @projects_not_automated = Project.scoped diff --git a/app/controllers/categories_controller.rb b/app/controllers/categories_controller.rb index 96f8d13f4..ec0ff6acb 100644 --- a/app/controllers/categories_controller.rb +++ b/app/controllers/categories_controller.rb @@ -12,6 +12,7 @@ class CategoriesController < ApplicationController def index if @platform + can_perform? @platform @categories = Category.joins(:projects => :repositories).where('repositories.platform_id = ?', @platform.id). having('count(projects.id) > 0').group('categories.id, categories.name, categories.ancestry, categories.projects_count, categories.created_at, categories.updated_at').default_order @categories_count = @categories.count @@ -22,6 +23,9 @@ class CategoriesController < ApplicationController end def show + can_perform? @platform if @platform + can_perform? @category if @category + @projects = @category.projects @projects = @projects.joins(:repositories).where("repositories.platform_id = ?", @platform.id) if @platform @projects = @projects.paginate :page => params[:page] @@ -32,9 +36,11 @@ class CategoriesController < ApplicationController end def edit + can_perform? @category if @category end def destroy + can_perform? @category if @category @category.destroy flash[:notice] = t("flash.category.destroyed") redirect_to categories_path @@ -52,6 +58,7 @@ class CategoriesController < ApplicationController end def update + can_perform? @category if @category if @category.update_attributes(params[:category]) flash[:notice] = t('flash.category.saved') redirect_to categories_path diff --git a/app/controllers/collaborators_controller.rb b/app/controllers/collaborators_controller.rb index 18a2e9f1c..8234e7143 100644 --- a/app/controllers/collaborators_controller.rb +++ b/app/controllers/collaborators_controller.rb @@ -10,6 +10,7 @@ class CollaboratorsController < ApplicationController before_filter :find_groups def index + can_perform? @project if @project redirect_to edit_project_collaborators_path(@project) end @@ -20,6 +21,7 @@ class CollaboratorsController < ApplicationController end def edit + can_perform? @project if @project if params[:id] @user = User.find params[:id] render :edit_rights and return @@ -30,6 +32,7 @@ class CollaboratorsController < ApplicationController end def update + can_perform? @project if @project unless params[:id] if params[:user] users_for_removing = @project.collaborators.select do |u| diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 958cc6584..e08a384e4 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -9,6 +9,7 @@ class GroupsController < ApplicationController end def show + can_perform? @group if @group @platforms = @group.platforms.paginate(:page => params[:platform_page], :per_page => 10) @repositories = @group.repositories.paginate(:page => params[:repository_page], :per_page => 10) @projects = @group.projects.paginate(:page => params[:project_page], :per_page => 10) @@ -19,6 +20,7 @@ class GroupsController < ApplicationController end def edit + can_perform? @group if @group end def create @@ -35,6 +37,7 @@ class GroupsController < ApplicationController end def update + can_perform? @group if @group if @group.update_attributes(params[:group]) flash[:notice] = t('flash.group.saved') redirect_to groups_path @@ -45,6 +48,7 @@ class GroupsController < ApplicationController end def destroy + can_perform? @group if @group @group.destroy flash[:notice] = t("flash.group.destroyed") redirect_to groups_path diff --git a/app/controllers/personal_repositories_controller.rb b/app/controllers/personal_repositories_controller.rb index 3edac0934..0a4baf556 100644 --- a/app/controllers/personal_repositories_controller.rb +++ b/app/controllers/personal_repositories_controller.rb @@ -5,6 +5,7 @@ class PersonalRepositoriesController < ApplicationController before_filter :check_global_access def show + can_perform? @repository if @repository if params[:query] @projects = @repository.projects.recent.by_name(params[:query]).paginate :page => params[:project_page], :per_page => 30 else @@ -14,12 +15,14 @@ class PersonalRepositoriesController < ApplicationController #TODO: Add git repo move into private repos path. def change_visibility + can_perform? @repository if @repository @repository.platform.change_visibility redirect_to settings_personal_repository_path(@repository) end def settings + can_perform? @repository if @repository if @repository.platform.hidden? @urmpi_command = "urpmi -add http://login@password:#{ request.host }/privates/#{ @repository.platform.name }/main/" else @@ -28,6 +31,7 @@ class PersonalRepositoriesController < ApplicationController end def add_project + can_perform? @repository if @repository if params[:project_id] @project = Project.find(params[:project_id]) params[:project_id] = nil @@ -46,6 +50,7 @@ class PersonalRepositoriesController < ApplicationController end def remove_project + can_perform? @repository if @repository if params[:project_id] @project = Project.find(params[:project_id]) params[:project_id] = nil diff --git a/app/controllers/platforms_controller.rb b/app/controllers/platforms_controller.rb index 41784ffe6..8dc2c74bf 100644 --- a/app/controllers/platforms_controller.rb +++ b/app/controllers/platforms_controller.rb @@ -1,7 +1,7 @@ # coding: UTF-8 class PlatformsController < ApplicationController before_filter :authenticate_user!, :except => :easy_urpmi - before_filter :find_platform, :only => [:freeze, :unfreeze, :clone, :edit] + before_filter :find_platform#, :only => [:freeze, :unfreeze, :clone, :edit] before_filter :get_paths, :only => [:new, :create] before_filter :check_global_access, :except => :easy_urpmi @@ -26,6 +26,7 @@ class PlatformsController < ApplicationController end def show + can_perform? @platform if @platform @platform = Platform.find params[:id], :include => :repositories @repositories = @platform.repositories @members = @platform.members.uniq @@ -37,6 +38,7 @@ class PlatformsController < ApplicationController end def edit + can_perform? @platform if @platform @platforms = Platform.visible_to current_user end @@ -56,6 +58,7 @@ class PlatformsController < ApplicationController end def freeze + can_perform? @platform if @platform @platform.released = true if @platform.save flash[:notice] = I18n.t("flash.platform.freezed") @@ -67,6 +70,7 @@ class PlatformsController < ApplicationController end def unfreeze + can_perform? @platform if @platform @platform.released = false if @platform.save flash[:notice] = I18n.t("flash.platform.unfreezed") @@ -78,6 +82,7 @@ class PlatformsController < ApplicationController end def clone + can_perform? @platform if @platform cloned = @platform.clone(@platform.name + "_clone", @platform.unixname + "_clone") if cloned flash[:notice] = 'Клонирование успешно' @@ -89,6 +94,7 @@ class PlatformsController < ApplicationController end def destroy + can_perform? @platform if @platform Platform.destroy params[:id] flash[:notice] = t("flash.platform.destroyed") diff --git a/app/controllers/private_users_controller.rb b/app/controllers/private_users_controller.rb index dee095840..0d3443e77 100644 --- a/app/controllers/private_users_controller.rb +++ b/app/controllers/private_users_controller.rb @@ -14,7 +14,8 @@ class PrivateUsersController < ApplicationController end def destroy - PrivateUser.find(params[:id]).destroy + user = PrivateUser.find(params[:id]) + can_perform? user if user redirect_to platform_private_users_path(params[:platform_id]) end end diff --git a/app/controllers/products_controller.rb b/app/controllers/products_controller.rb index 365460f79..a6d742180 100644 --- a/app/controllers/products_controller.rb +++ b/app/controllers/products_controller.rb @@ -20,6 +20,7 @@ class ProductsController < ApplicationController end def clone + can_perform? @platform if @platform @template = @platform.products.find(params[:id]) @product = @platform.products.new @product.clone_from!(@template) @@ -28,15 +29,19 @@ class ProductsController < ApplicationController end def build + can_perform? @product if @product flash[:notice] = t('flash.product.build_started') ProductBuilder.create_product @product.id, '/var/rosa', @product.ks, @product.menu, @product.build, @product.counter, [] redirect_to :action => :show end def edit + can_perform? @product if @product + can_perform? @platform if @platform end def create + can_perform? @platform if @platform @product = @platform.products.new params[:product] if @product.save flash[:notice] = t('flash.product.saved') @@ -48,6 +53,8 @@ class ProductsController < ApplicationController end def update + can_perform? @platform if @platform + can_perform? @product if @product if @product.update_attributes(params[:product]) flash[:notice] = t('flash.product.saved') redirect_to @platform @@ -58,9 +65,13 @@ class ProductsController < ApplicationController end def show + can_perform? @platform if @platform + can_perform? @product if @product end def destroy + can_perform? @platform if @platform + can_perform? @product if @product @product.destroy flash[:notice] = t("flash.product.destroyed") redirect_to @platform diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index d09a5d3d8..1c66c6421 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -9,6 +9,7 @@ class ProjectsController < ApplicationController end def show + can_perform? @project if @project @current_build_lists = @project.build_lists.current.recent.paginate :page => params[:page] end @@ -17,6 +18,7 @@ class ProjectsController < ApplicationController end def edit + can_perform? @project if @project end def create @@ -34,6 +36,7 @@ class ProjectsController < ApplicationController end def update + can_perform? @project if @project if @project.update_attributes(params[:project]) flash[:notice] = t('flash.project.saved') redirect_to @project @@ -44,6 +47,7 @@ class ProjectsController < ApplicationController end def destroy + can_perform? @project if @project @project.destroy flash[:notice] = t("flash.project.destroyed") redirect_to @project.owner @@ -71,6 +75,7 @@ class ProjectsController < ApplicationController end def build + can_perform? @project if @project @arches = Arch.recent @bpls = Platform.main @pls = @project.repositories.collect { |rep| ["#{rep.platform.name}/#{rep.unixname}", rep.platform.id] } @@ -78,6 +83,7 @@ class ProjectsController < ApplicationController end def process_build + can_perform? @project if @project @arch_ids = params[:build][:arches].select{|_,v| v == "1"}.collect{|x| x[0].to_i } @arches = Arch.where(:id => @arch_ids) diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb index 16219ac16..cc210d849 100644 --- a/app/controllers/repositories_controller.rb +++ b/app/controllers/repositories_controller.rb @@ -11,6 +11,7 @@ class RepositoriesController < ApplicationController end def show + can_perform? @repository if @repository if params[:query] @projects = @repository.projects.recent.by_name(params[:query]).paginate :page => params[:project_page], :per_page => 30 else @@ -24,6 +25,7 @@ class RepositoriesController < ApplicationController end def destroy + can_perform? @repository if @repository @repository.destroy platform_id = @repository.platform_id @@ -44,6 +46,7 @@ class RepositoriesController < ApplicationController end def add_project + can_perform? @repository if @repository if params[:project_id] @project = Project.find(params[:project_id]) params[:project_id] = nil @@ -67,6 +70,7 @@ class RepositoriesController < ApplicationController end def remove_project + can_perform? @repository if @repository if params[:project_id] @project = Project.find(params[:project_id]) params[:project_id] = nil diff --git a/lib/ext/application_controller/base.rb b/lib/ext/application_controller/base.rb index 7f6f34fbf..e0f01be4f 100644 --- a/lib/ext/application_controller/base.rb +++ b/lib/ext/application_controller/base.rb @@ -4,11 +4,7 @@ class ActionController::Base c = self.controller_name a = self.action_name - current_user.can_perform? c, a, target - end - - def check_global_access - unless can_perform? + unless current_user.can_perform? c, a, target flash[:notice] = t('layout.not_access') if request.env['HTTP_REFERER'] redirect_to(:back) @@ -18,6 +14,10 @@ class ActionController::Base end end + def check_global_access + can_perform? :system + end + def rights_to target ActiveRecord::Base.rights_to target end