Added ACL to controllers

app/controllers/auto_build_lists_controller.rb

@@ -1,5 +1,6 @@
 class AutoBuildListsController < ApplicationController
   before_filter :authenticate_user!, :except => :auto_build
+  before_filter :check_global_access
   
   def index
     @projects_not_automated = Project.scoped

app/controllers/categories_controller.rb

@@ -12,6 +12,7 @@ class CategoriesController < ApplicationController
 
   def index
     if @platform
+      can_perform? @platform
       @categories = Category.joins(:projects => :repositories).where('repositories.platform_id = ?', @platform.id).
                              having('count(projects.id) > 0').group('categories.id, categories.name, categories.ancestry, categories.projects_count, categories.created_at, categories.updated_at').default_order
       @categories_count = @categories.count
@@ -22,6 +23,9 @@ class CategoriesController < ApplicationController
   end
 
   def show
+    can_perform? @platform if @platform
+    can_perform? @category if @category
+
     @projects = @category.projects
     @projects = @projects.joins(:repositories).where("repositories.platform_id = ?", @platform.id) if @platform
     @projects = @projects.paginate :page => params[:page]
@@ -32,9 +36,11 @@ class CategoriesController < ApplicationController
   end
 
   def edit
+    can_perform? @category if @category
   end
 
   def destroy
+    can_perform? @category if @category
     @category.destroy
     flash[:notice] = t("flash.category.destroyed")
     redirect_to categories_path
@@ -52,6 +58,7 @@ class CategoriesController < ApplicationController
   end
 
   def update
+    can_perform? @category if @category
     if @category.update_attributes(params[:category])
       flash[:notice] = t('flash.category.saved')
       redirect_to categories_path

app/controllers/collaborators_controller.rb

@@ -10,6 +10,7 @@ class CollaboratorsController < ApplicationController
   before_filter :find_groups
 
   def index
+    can_perform? @project if @project
     redirect_to edit_project_collaborators_path(@project)
   end
 
@@ -20,6 +21,7 @@ class CollaboratorsController < ApplicationController
   end
 
   def edit
+    can_perform? @project if @project
     if params[:id]
       @user = User.find params[:id]
       render :edit_rights and return
@@ -30,6 +32,7 @@ class CollaboratorsController < ApplicationController
   end
 
   def update
+    can_perform? @project if @project
     unless params[:id]
       if params[:user]
         users_for_removing = @project.collaborators.select do |u|

app/controllers/groups_controller.rb

@@ -9,6 +9,7 @@ class GroupsController < ApplicationController
   end
 
   def show
+    can_perform? @group if @group
     @platforms    = @group.platforms.paginate(:page => params[:platform_page], :per_page => 10)
     @repositories = @group.repositories.paginate(:page => params[:repository_page], :per_page => 10)
     @projects     = @group.projects.paginate(:page => params[:project_page], :per_page => 10)
@@ -19,6 +20,7 @@ class GroupsController < ApplicationController
   end
 
   def edit
+    can_perform? @group if @group
   end
 
   def create
@@ -35,6 +37,7 @@ class GroupsController < ApplicationController
   end
 
   def update
+    can_perform? @group if @group
     if @group.update_attributes(params[:group])
       flash[:notice] = t('flash.group.saved')
       redirect_to groups_path
@@ -45,6 +48,7 @@ class GroupsController < ApplicationController
   end
 
   def destroy
+    can_perform? @group if @group
     @group.destroy
     flash[:notice] = t("flash.group.destroyed")
     redirect_to groups_path

app/controllers/personal_repositories_controller.rb

@@ -5,6 +5,7 @@ class PersonalRepositoriesController < ApplicationController
   before_filter :check_global_access
 
   def show
+    can_perform? @repository if @repository
     if params[:query]
       @projects = @repository.projects.recent.by_name(params[:query]).paginate :page => params[:project_page], :per_page => 30
     else
@@ -14,12 +15,14 @@ class PersonalRepositoriesController < ApplicationController
   
   #TODO: Add git repo move into private repos path.
   def change_visibility
+    can_perform? @repository if @repository
     @repository.platform.change_visibility
     
     redirect_to settings_personal_repository_path(@repository)
   end
   
   def settings
+    can_perform? @repository if @repository
     if @repository.platform.hidden?
       @urmpi_command = "urpmi -add  http://login@password:#{ request.host }/privates/#{ @repository.platform.name }/main/"
     else
@@ -28,6 +31,7 @@ class PersonalRepositoriesController < ApplicationController
   end
 
   def add_project
+    can_perform? @repository if @repository
     if params[:project_id]
       @project = Project.find(params[:project_id])
       params[:project_id] = nil
@@ -46,6 +50,7 @@ class PersonalRepositoriesController < ApplicationController
   end
 
   def remove_project
+    can_perform? @repository if @repository
     if params[:project_id]
       @project = Project.find(params[:project_id])
       params[:project_id] = nil

app/controllers/platforms_controller.rb

@@ -1,7 +1,7 @@
 # coding: UTF-8
 class PlatformsController < ApplicationController
   before_filter :authenticate_user!, :except => :easy_urpmi
-  before_filter :find_platform, :only => [:freeze, :unfreeze, :clone, :edit]
+  before_filter :find_platform#, :only => [:freeze, :unfreeze, :clone, :edit]
   before_filter :get_paths, :only => [:new, :create]
   before_filter :check_global_access, :except => :easy_urpmi
 
@@ -26,6 +26,7 @@ class PlatformsController < ApplicationController
   end
 
   def show
+    can_perform? @platform if @platform
     @platform = Platform.find params[:id], :include => :repositories
     @repositories = @platform.repositories
     @members = @platform.members.uniq
@@ -37,6 +38,7 @@ class PlatformsController < ApplicationController
   end
   
   def edit
+    can_perform? @platform if @platform
     @platforms = Platform.visible_to current_user
   end
 
@@ -56,6 +58,7 @@ class PlatformsController < ApplicationController
   end
 
   def freeze
+    can_perform? @platform if @platform
     @platform.released = true
     if @platform.save
       flash[:notice] = I18n.t("flash.platform.freezed")
@@ -67,6 +70,7 @@ class PlatformsController < ApplicationController
   end
 
   def unfreeze
+    can_perform? @platform if @platform
     @platform.released = false
     if @platform.save
       flash[:notice] = I18n.t("flash.platform.unfreezed")
@@ -78,6 +82,7 @@ class PlatformsController < ApplicationController
   end
 
   def clone
+    can_perform? @platform if @platform
     cloned = @platform.clone(@platform.name + "_clone", @platform.unixname + "_clone")
     if cloned
       flash[:notice] = 'Клонирование успешно'
@@ -89,6 +94,7 @@ class PlatformsController < ApplicationController
   end
 
   def destroy
+    can_perform? @platform if @platform
     Platform.destroy params[:id]
 
     flash[:notice] = t("flash.platform.destroyed")

app/controllers/private_users_controller.rb

@@ -14,7 +14,8 @@ class PrivateUsersController < ApplicationController
   end
 
   def destroy
-  	PrivateUser.find(params[:id]).destroy
+  	user = PrivateUser.find(params[:id])
+    can_perform? user if user
   	redirect_to platform_private_users_path(params[:platform_id])
   end
 end

app/controllers/products_controller.rb

@@ -20,6 +20,7 @@ class ProductsController < ApplicationController
   end
 
   def clone
+    can_perform? @platform if @platform
     @template = @platform.products.find(params[:id])
     @product = @platform.products.new
     @product.clone_from!(@template)
@@ -28,15 +29,19 @@ class ProductsController < ApplicationController
   end
 
   def build
+    can_perform? @product if @product
     flash[:notice] = t('flash.product.build_started')
     ProductBuilder.create_product @product.id, '/var/rosa', @product.ks, @product.menu, @product.build, @product.counter, []
     redirect_to :action => :show
   end
 
   def edit
+    can_perform? @product if @product
+    can_perform? @platform if @platform
   end
 
   def create
+    can_perform? @platform if @platform
     @product = @platform.products.new params[:product]
     if @product.save
       flash[:notice] = t('flash.product.saved') 
@@ -48,6 +53,8 @@ class ProductsController < ApplicationController
   end
 
   def update
+    can_perform? @platform if @platform
+    can_perform? @product if @product
     if @product.update_attributes(params[:product])
       flash[:notice] = t('flash.product.saved')
       redirect_to @platform
@@ -58,9 +65,13 @@ class ProductsController < ApplicationController
   end
 
   def show
+    can_perform? @platform if @platform
+    can_perform? @product if @product
   end
 
   def destroy
+    can_perform? @platform if @platform
+    can_perform? @product if @product
     @product.destroy
     flash[:notice] = t("flash.product.destroyed")
     redirect_to @platform

app/controllers/projects_controller.rb

@@ -9,6 +9,7 @@ class ProjectsController < ApplicationController
   end
 
   def show
+    can_perform? @project if @project
     @current_build_lists = @project.build_lists.current.recent.paginate :page => params[:page]
   end
 
@@ -17,6 +18,7 @@ class ProjectsController < ApplicationController
   end
 
   def edit
+    can_perform? @project if @project
   end
 
   def create
@@ -34,6 +36,7 @@ class ProjectsController < ApplicationController
   end
 
   def update
+    can_perform? @project if @project
     if @project.update_attributes(params[:project])
       flash[:notice] = t('flash.project.saved')
       redirect_to @project
@@ -44,6 +47,7 @@ class ProjectsController < ApplicationController
   end
 
   def destroy
+    can_perform? @project if @project
     @project.destroy
     flash[:notice] = t("flash.project.destroyed")
     redirect_to @project.owner
@@ -71,6 +75,7 @@ class ProjectsController < ApplicationController
   end
 
   def build
+    can_perform? @project if @project
     @arches = Arch.recent
     @bpls = Platform.main
     @pls = @project.repositories.collect { |rep| ["#{rep.platform.name}/#{rep.unixname}", rep.platform.id] }
@@ -78,6 +83,7 @@ class ProjectsController < ApplicationController
   end
 
   def process_build
+    can_perform? @project if @project
     @arch_ids = params[:build][:arches].select{|_,v| v == "1"}.collect{|x| x[0].to_i }
     @arches = Arch.where(:id => @arch_ids)
 

app/controllers/repositories_controller.rb

@@ -11,6 +11,7 @@ class RepositoriesController < ApplicationController
   end
 
   def show
+    can_perform? @repository if @repository
     if params[:query]
       @projects = @repository.projects.recent.by_name(params[:query]).paginate :page => params[:project_page], :per_page => 30
     else
@@ -24,6 +25,7 @@ class RepositoriesController < ApplicationController
   end
 
   def destroy
+    can_perform? @repository if @repository
     @repository.destroy
     platform_id = @repository.platform_id
 
@@ -44,6 +46,7 @@ class RepositoriesController < ApplicationController
   end
 
   def add_project
+    can_perform? @repository if @repository
     if params[:project_id]
       @project = Project.find(params[:project_id])
       params[:project_id] = nil
@@ -67,6 +70,7 @@ class RepositoriesController < ApplicationController
   end
 
   def remove_project
+    can_perform? @repository if @repository
     if params[:project_id]
       @project = Project.find(params[:project_id])
       params[:project_id] = nil

lib/ext/application_controller/base.rb

@@ -4,11 +4,7 @@ class ActionController::Base
       c = self.controller_name
       a = self.action_name
 
-      current_user.can_perform? c, a, target
+      unless current_user.can_perform? c, a, target
-    end
-
-    def check_global_access
-      unless can_perform?
         flash[:notice] = t('layout.not_access')
         if request.env['HTTP_REFERER']
           redirect_to(:back)
@@ -18,6 +14,10 @@ class ActionController::Base
       end
     end
 
+    def check_global_access
+      can_perform? :system
+    end
+
     def rights_to target
       ActiveRecord::Base.rights_to target
     end