Added ACL to controllers

This commit is contained in:
George Vinogradov 2011-10-31 22:14:25 +04:00
parent 710ee322a6
commit 932251a190
11 changed files with 55 additions and 7 deletions

View File

@ -1,5 +1,6 @@
class AutoBuildListsController < ApplicationController class AutoBuildListsController < ApplicationController
before_filter :authenticate_user!, :except => :auto_build before_filter :authenticate_user!, :except => :auto_build
before_filter :check_global_access
def index def index
@projects_not_automated = Project.scoped @projects_not_automated = Project.scoped

View File

@ -12,6 +12,7 @@ class CategoriesController < ApplicationController
def index def index
if @platform if @platform
can_perform? @platform
@categories = Category.joins(:projects => :repositories).where('repositories.platform_id = ?', @platform.id). @categories = Category.joins(:projects => :repositories).where('repositories.platform_id = ?', @platform.id).
having('count(projects.id) > 0').group('categories.id, categories.name, categories.ancestry, categories.projects_count, categories.created_at, categories.updated_at').default_order having('count(projects.id) > 0').group('categories.id, categories.name, categories.ancestry, categories.projects_count, categories.created_at, categories.updated_at').default_order
@categories_count = @categories.count @categories_count = @categories.count
@ -22,6 +23,9 @@ class CategoriesController < ApplicationController
end end
def show def show
can_perform? @platform if @platform
can_perform? @category if @category
@projects = @category.projects @projects = @category.projects
@projects = @projects.joins(:repositories).where("repositories.platform_id = ?", @platform.id) if @platform @projects = @projects.joins(:repositories).where("repositories.platform_id = ?", @platform.id) if @platform
@projects = @projects.paginate :page => params[:page] @projects = @projects.paginate :page => params[:page]
@ -32,9 +36,11 @@ class CategoriesController < ApplicationController
end end
def edit def edit
can_perform? @category if @category
end end
def destroy def destroy
can_perform? @category if @category
@category.destroy @category.destroy
flash[:notice] = t("flash.category.destroyed") flash[:notice] = t("flash.category.destroyed")
redirect_to categories_path redirect_to categories_path
@ -52,6 +58,7 @@ class CategoriesController < ApplicationController
end end
def update def update
can_perform? @category if @category
if @category.update_attributes(params[:category]) if @category.update_attributes(params[:category])
flash[:notice] = t('flash.category.saved') flash[:notice] = t('flash.category.saved')
redirect_to categories_path redirect_to categories_path

View File

@ -10,6 +10,7 @@ class CollaboratorsController < ApplicationController
before_filter :find_groups before_filter :find_groups
def index def index
can_perform? @project if @project
redirect_to edit_project_collaborators_path(@project) redirect_to edit_project_collaborators_path(@project)
end end
@ -20,6 +21,7 @@ class CollaboratorsController < ApplicationController
end end
def edit def edit
can_perform? @project if @project
if params[:id] if params[:id]
@user = User.find params[:id] @user = User.find params[:id]
render :edit_rights and return render :edit_rights and return
@ -30,6 +32,7 @@ class CollaboratorsController < ApplicationController
end end
def update def update
can_perform? @project if @project
unless params[:id] unless params[:id]
if params[:user] if params[:user]
users_for_removing = @project.collaborators.select do |u| users_for_removing = @project.collaborators.select do |u|

View File

@ -9,6 +9,7 @@ class GroupsController < ApplicationController
end end
def show def show
can_perform? @group if @group
@platforms = @group.platforms.paginate(:page => params[:platform_page], :per_page => 10) @platforms = @group.platforms.paginate(:page => params[:platform_page], :per_page => 10)
@repositories = @group.repositories.paginate(:page => params[:repository_page], :per_page => 10) @repositories = @group.repositories.paginate(:page => params[:repository_page], :per_page => 10)
@projects = @group.projects.paginate(:page => params[:project_page], :per_page => 10) @projects = @group.projects.paginate(:page => params[:project_page], :per_page => 10)
@ -19,6 +20,7 @@ class GroupsController < ApplicationController
end end
def edit def edit
can_perform? @group if @group
end end
def create def create
@ -35,6 +37,7 @@ class GroupsController < ApplicationController
end end
def update def update
can_perform? @group if @group
if @group.update_attributes(params[:group]) if @group.update_attributes(params[:group])
flash[:notice] = t('flash.group.saved') flash[:notice] = t('flash.group.saved')
redirect_to groups_path redirect_to groups_path
@ -45,6 +48,7 @@ class GroupsController < ApplicationController
end end
def destroy def destroy
can_perform? @group if @group
@group.destroy @group.destroy
flash[:notice] = t("flash.group.destroyed") flash[:notice] = t("flash.group.destroyed")
redirect_to groups_path redirect_to groups_path

View File

@ -5,6 +5,7 @@ class PersonalRepositoriesController < ApplicationController
before_filter :check_global_access before_filter :check_global_access
def show def show
can_perform? @repository if @repository
if params[:query] if params[:query]
@projects = @repository.projects.recent.by_name(params[:query]).paginate :page => params[:project_page], :per_page => 30 @projects = @repository.projects.recent.by_name(params[:query]).paginate :page => params[:project_page], :per_page => 30
else else
@ -14,12 +15,14 @@ class PersonalRepositoriesController < ApplicationController
#TODO: Add git repo move into private repos path. #TODO: Add git repo move into private repos path.
def change_visibility def change_visibility
can_perform? @repository if @repository
@repository.platform.change_visibility @repository.platform.change_visibility
redirect_to settings_personal_repository_path(@repository) redirect_to settings_personal_repository_path(@repository)
end end
def settings def settings
can_perform? @repository if @repository
if @repository.platform.hidden? if @repository.platform.hidden?
@urmpi_command = "urpmi -add http://login@password:#{ request.host }/privates/#{ @repository.platform.name }/main/" @urmpi_command = "urpmi -add http://login@password:#{ request.host }/privates/#{ @repository.platform.name }/main/"
else else
@ -28,6 +31,7 @@ class PersonalRepositoriesController < ApplicationController
end end
def add_project def add_project
can_perform? @repository if @repository
if params[:project_id] if params[:project_id]
@project = Project.find(params[:project_id]) @project = Project.find(params[:project_id])
params[:project_id] = nil params[:project_id] = nil
@ -46,6 +50,7 @@ class PersonalRepositoriesController < ApplicationController
end end
def remove_project def remove_project
can_perform? @repository if @repository
if params[:project_id] if params[:project_id]
@project = Project.find(params[:project_id]) @project = Project.find(params[:project_id])
params[:project_id] = nil params[:project_id] = nil

View File

@ -1,7 +1,7 @@
# coding: UTF-8 # coding: UTF-8
class PlatformsController < ApplicationController class PlatformsController < ApplicationController
before_filter :authenticate_user!, :except => :easy_urpmi before_filter :authenticate_user!, :except => :easy_urpmi
before_filter :find_platform, :only => [:freeze, :unfreeze, :clone, :edit] before_filter :find_platform#, :only => [:freeze, :unfreeze, :clone, :edit]
before_filter :get_paths, :only => [:new, :create] before_filter :get_paths, :only => [:new, :create]
before_filter :check_global_access, :except => :easy_urpmi before_filter :check_global_access, :except => :easy_urpmi
@ -26,6 +26,7 @@ class PlatformsController < ApplicationController
end end
def show def show
can_perform? @platform if @platform
@platform = Platform.find params[:id], :include => :repositories @platform = Platform.find params[:id], :include => :repositories
@repositories = @platform.repositories @repositories = @platform.repositories
@members = @platform.members.uniq @members = @platform.members.uniq
@ -37,6 +38,7 @@ class PlatformsController < ApplicationController
end end
def edit def edit
can_perform? @platform if @platform
@platforms = Platform.visible_to current_user @platforms = Platform.visible_to current_user
end end
@ -56,6 +58,7 @@ class PlatformsController < ApplicationController
end end
def freeze def freeze
can_perform? @platform if @platform
@platform.released = true @platform.released = true
if @platform.save if @platform.save
flash[:notice] = I18n.t("flash.platform.freezed") flash[:notice] = I18n.t("flash.platform.freezed")
@ -67,6 +70,7 @@ class PlatformsController < ApplicationController
end end
def unfreeze def unfreeze
can_perform? @platform if @platform
@platform.released = false @platform.released = false
if @platform.save if @platform.save
flash[:notice] = I18n.t("flash.platform.unfreezed") flash[:notice] = I18n.t("flash.platform.unfreezed")
@ -78,6 +82,7 @@ class PlatformsController < ApplicationController
end end
def clone def clone
can_perform? @platform if @platform
cloned = @platform.clone(@platform.name + "_clone", @platform.unixname + "_clone") cloned = @platform.clone(@platform.name + "_clone", @platform.unixname + "_clone")
if cloned if cloned
flash[:notice] = 'Клонирование успешно' flash[:notice] = 'Клонирование успешно'
@ -89,6 +94,7 @@ class PlatformsController < ApplicationController
end end
def destroy def destroy
can_perform? @platform if @platform
Platform.destroy params[:id] Platform.destroy params[:id]
flash[:notice] = t("flash.platform.destroyed") flash[:notice] = t("flash.platform.destroyed")

View File

@ -14,7 +14,8 @@ class PrivateUsersController < ApplicationController
end end
def destroy def destroy
PrivateUser.find(params[:id]).destroy user = PrivateUser.find(params[:id])
can_perform? user if user
redirect_to platform_private_users_path(params[:platform_id]) redirect_to platform_private_users_path(params[:platform_id])
end end
end end

View File

@ -20,6 +20,7 @@ class ProductsController < ApplicationController
end end
def clone def clone
can_perform? @platform if @platform
@template = @platform.products.find(params[:id]) @template = @platform.products.find(params[:id])
@product = @platform.products.new @product = @platform.products.new
@product.clone_from!(@template) @product.clone_from!(@template)
@ -28,15 +29,19 @@ class ProductsController < ApplicationController
end end
def build def build
can_perform? @product if @product
flash[:notice] = t('flash.product.build_started') flash[:notice] = t('flash.product.build_started')
ProductBuilder.create_product @product.id, '/var/rosa', @product.ks, @product.menu, @product.build, @product.counter, [] ProductBuilder.create_product @product.id, '/var/rosa', @product.ks, @product.menu, @product.build, @product.counter, []
redirect_to :action => :show redirect_to :action => :show
end end
def edit def edit
can_perform? @product if @product
can_perform? @platform if @platform
end end
def create def create
can_perform? @platform if @platform
@product = @platform.products.new params[:product] @product = @platform.products.new params[:product]
if @product.save if @product.save
flash[:notice] = t('flash.product.saved') flash[:notice] = t('flash.product.saved')
@ -48,6 +53,8 @@ class ProductsController < ApplicationController
end end
def update def update
can_perform? @platform if @platform
can_perform? @product if @product
if @product.update_attributes(params[:product]) if @product.update_attributes(params[:product])
flash[:notice] = t('flash.product.saved') flash[:notice] = t('flash.product.saved')
redirect_to @platform redirect_to @platform
@ -58,9 +65,13 @@ class ProductsController < ApplicationController
end end
def show def show
can_perform? @platform if @platform
can_perform? @product if @product
end end
def destroy def destroy
can_perform? @platform if @platform
can_perform? @product if @product
@product.destroy @product.destroy
flash[:notice] = t("flash.product.destroyed") flash[:notice] = t("flash.product.destroyed")
redirect_to @platform redirect_to @platform

View File

@ -9,6 +9,7 @@ class ProjectsController < ApplicationController
end end
def show def show
can_perform? @project if @project
@current_build_lists = @project.build_lists.current.recent.paginate :page => params[:page] @current_build_lists = @project.build_lists.current.recent.paginate :page => params[:page]
end end
@ -17,6 +18,7 @@ class ProjectsController < ApplicationController
end end
def edit def edit
can_perform? @project if @project
end end
def create def create
@ -34,6 +36,7 @@ class ProjectsController < ApplicationController
end end
def update def update
can_perform? @project if @project
if @project.update_attributes(params[:project]) if @project.update_attributes(params[:project])
flash[:notice] = t('flash.project.saved') flash[:notice] = t('flash.project.saved')
redirect_to @project redirect_to @project
@ -44,6 +47,7 @@ class ProjectsController < ApplicationController
end end
def destroy def destroy
can_perform? @project if @project
@project.destroy @project.destroy
flash[:notice] = t("flash.project.destroyed") flash[:notice] = t("flash.project.destroyed")
redirect_to @project.owner redirect_to @project.owner
@ -71,6 +75,7 @@ class ProjectsController < ApplicationController
end end
def build def build
can_perform? @project if @project
@arches = Arch.recent @arches = Arch.recent
@bpls = Platform.main @bpls = Platform.main
@pls = @project.repositories.collect { |rep| ["#{rep.platform.name}/#{rep.unixname}", rep.platform.id] } @pls = @project.repositories.collect { |rep| ["#{rep.platform.name}/#{rep.unixname}", rep.platform.id] }
@ -78,6 +83,7 @@ class ProjectsController < ApplicationController
end end
def process_build def process_build
can_perform? @project if @project
@arch_ids = params[:build][:arches].select{|_,v| v == "1"}.collect{|x| x[0].to_i } @arch_ids = params[:build][:arches].select{|_,v| v == "1"}.collect{|x| x[0].to_i }
@arches = Arch.where(:id => @arch_ids) @arches = Arch.where(:id => @arch_ids)

View File

@ -11,6 +11,7 @@ class RepositoriesController < ApplicationController
end end
def show def show
can_perform? @repository if @repository
if params[:query] if params[:query]
@projects = @repository.projects.recent.by_name(params[:query]).paginate :page => params[:project_page], :per_page => 30 @projects = @repository.projects.recent.by_name(params[:query]).paginate :page => params[:project_page], :per_page => 30
else else
@ -24,6 +25,7 @@ class RepositoriesController < ApplicationController
end end
def destroy def destroy
can_perform? @repository if @repository
@repository.destroy @repository.destroy
platform_id = @repository.platform_id platform_id = @repository.platform_id
@ -44,6 +46,7 @@ class RepositoriesController < ApplicationController
end end
def add_project def add_project
can_perform? @repository if @repository
if params[:project_id] if params[:project_id]
@project = Project.find(params[:project_id]) @project = Project.find(params[:project_id])
params[:project_id] = nil params[:project_id] = nil
@ -67,6 +70,7 @@ class RepositoriesController < ApplicationController
end end
def remove_project def remove_project
can_perform? @repository if @repository
if params[:project_id] if params[:project_id]
@project = Project.find(params[:project_id]) @project = Project.find(params[:project_id])
params[:project_id] = nil params[:project_id] = nil

View File

@ -4,11 +4,7 @@ class ActionController::Base
c = self.controller_name c = self.controller_name
a = self.action_name a = self.action_name
current_user.can_perform? c, a, target unless current_user.can_perform? c, a, target
end
def check_global_access
unless can_perform?
flash[:notice] = t('layout.not_access') flash[:notice] = t('layout.not_access')
if request.env['HTTP_REFERER'] if request.env['HTTP_REFERER']
redirect_to(:back) redirect_to(:back)
@ -18,6 +14,10 @@ class ActionController::Base
end end
end end
def check_global_access
can_perform? :system
end
def rights_to target def rights_to target
ActiveRecord::Base.rights_to target ActiveRecord::Base.rights_to target
end end