This commit is contained in:
Vokhmin Alexey V 2015-03-20 02:45:15 +03:00
parent d4d8f75f12
commit a69b03b88c
3 changed files with 42 additions and 14 deletions

View File

@ -5,6 +5,7 @@ class Platforms::PlatformsController < Platforms::BaseController
skip_before_action :authenticate_user!, only: [:advisories, :members, :show] if APP_CONFIG['anonymous_access']
def index
authorize :platform
respond_to do |format|
format.html {}
@ -17,21 +18,22 @@ class Platforms::PlatformsController < Platforms::BaseController
end
def show
authorize @platform = Platform.find_cached(params[:id])
end
def new
authorize @platform = Platform.new
@admin_uname = current_user.uname
@admin_id = current_user.id
@platform = Platform.new
end
def edit
authorize @platform
@admin_id = @platform.owner.id
@admin_uname = @platform.owner.uname
end
def create
authorize @platform = Platform.new(params[:platform])
@admin_id = params[:admin_id]
@admin_uname = params[:admin_uname]
# FIXME: do not allow manipulate owner model, only platforms onwer_id and onwer_type
@ -47,6 +49,7 @@ class Platforms::PlatformsController < Platforms::BaseController
end
def update
authorize @platform
@admin_id = params[:admin_id]
@admin_uname = params[:admin_uname]
@ -54,7 +57,6 @@ class Platforms::PlatformsController < Platforms::BaseController
platform_params = platform_params.slice(:description, :platform_arch_settings_attributes, :released, :automatic_metadata_regeneration, :default_branch)
platform_params[:owner] = User.find(@admin_id) if @admin_id.present?
respond_to do |format|
format.html do
if @platform.update_attributes(platform_params)
@ -76,6 +78,7 @@ class Platforms::PlatformsController < Platforms::BaseController
end
def regenerate_metadata
authorize @platform
if @platform.regenerate
flash[:notice] = I18n.t('flash.platform.saved')
else
@ -85,6 +88,7 @@ class Platforms::PlatformsController < Platforms::BaseController
end
def change_visibility
authorize @platform
if @platform.change_visibility
flash[:notice] = I18n.t("flash.platform.saved")
redirect_to @platform
@ -96,12 +100,14 @@ class Platforms::PlatformsController < Platforms::BaseController
end
def clone
authorize @platform
@cloned = Platform.new
@cloned.name = @platform.name + "_clone"
@cloned.description = @platform.description + "_clone"
end
def make_clone
authorize @platform
@cloned = @platform.full_clone params[:platform].merge(owner: current_user)
if @cloned.persisted?
flash[:notice] = I18n.t("flash.platform.clone_success")
@ -113,16 +119,19 @@ class Platforms::PlatformsController < Platforms::BaseController
end
def destroy
authorize @platform
@platform.destroy # later with resque
flash[:notice] = t("flash.platform.destroyed")
redirect_to platforms_path
end
def members
authorize @platform
@members = @platform.members.order(:uname)
end
def remove_members
authorize @platform
User.where(id: params[:members]).each do |user|
@platform.remove_member(user)
end
@ -130,7 +139,8 @@ class Platforms::PlatformsController < Platforms::BaseController
end
def add_member
member = User.where(id: params[:member_id]).first
authorize @platform
member = User.find_by(id: params[:member_id])
if !member
flash[:error] = t("flash.collaborators.wrong_user", uname: params[:member_id])
elsif @platform.add_member(member)
@ -142,13 +152,22 @@ class Platforms::PlatformsController < Platforms::BaseController
end
def advisories
authorize @platform
@advisories = @platform.advisories.paginate(page: params[:page])
end
def clear
authorize @platform
@platform.clear
flash[:notice] = t('flash.repository.clear')
redirect_to edit_platform_path(@platform)
end
private
# Private: before_action hook which loads Platform.
def load_platform
authorize @platform = Platform.find_cached(params[:id]), :show? if params[:id]
end
end

View File

@ -7,8 +7,6 @@ class Platforms::RepositoriesController < Platforms::BaseController
before_action :authenticate_user!
skip_before_action :authenticate_user!, only: [:index, :show, :projects_list] if APP_CONFIG['anonymous_access']
# load_and_authorize_resource :platform
# load_and_authorize_resource :repository, through: :platform, shallow: true
before_action :set_members, only: [:edit, :update]
before_action :load_repository
before_action -> { @repository = @platform.repositories.find(params[:id]) if params[:id] }
@ -23,9 +21,11 @@ class Platforms::RepositoriesController < Platforms::BaseController
end
def edit
authorize @repository
end
def update
authorize @repository
if @repository.update_attributes params[:repository].slice(:description, :synchronizing_publications, :publish_builds_only_from_branch).merge(publish_without_qa: (params[:repository][:publish_without_qa] || @repository.publish_without_qa))
flash[:notice] = I18n.t("flash.repository.updated")
redirect_to platform_repository_path(@platform, @repository)
@ -37,14 +37,16 @@ class Platforms::RepositoriesController < Platforms::BaseController
end
def remove_members
User.where(id: params[:members]).each do |user|
authorize @repository
User.where(id: params[:members]).find_each do |user|
@repository.remove_member(user)
end
redirect_to edit_platform_repository_path(@platform, @repository)
end
def add_member
if member = User.where(id: params[:member_id]).first
authorize @repository
if member = User.find_by(id: params[:member_id])
if @repository.add_member(member)
flash[:notice] = t('flash.repository.members.successfully_added', name: member.uname)
else
@ -55,11 +57,12 @@ class Platforms::RepositoriesController < Platforms::BaseController
end
def new
@repository = Repository.new
authorize @repository = @platform.repositories.new
@platform_id = params[:platform_id]
end
def destroy
authorize @repository
@repository.destroy
flash[:notice] = t("flash.repository.destroyed")
@ -67,7 +70,7 @@ class Platforms::RepositoriesController < Platforms::BaseController
end
def create
@repository = @platform.repositories.build(params[:repository])
authorize @repository = @platform.repositories.build(params[:repository])
if @repository.save
flash[:notice] = t('flash.repository.saved')
redirect_to platform_repository_path(@platform, @repository)
@ -78,6 +81,7 @@ class Platforms::RepositoriesController < Platforms::BaseController
end
def add_project
authorize @repository
if projects_list = params.try(:[], :repository).try(:[], :projects_list)
@repository.add_projects projects_list, current_user
redirect_to platform_repository_path(@platform, @repository), notice: t('flash.repository.projects_will_be_added')
@ -102,6 +106,7 @@ class Platforms::RepositoriesController < Platforms::BaseController
end
def projects_list
authorize @repository
render(text: @repository.projects.map(&:name).join("\n")) && return if params[:text] == 'true'
owner_subquery = "
@ -137,6 +142,7 @@ class Platforms::RepositoriesController < Platforms::BaseController
end
def remove_project
authorize @repository
if projects_list = params.try(:[], :repository).try(:[], :projects_list)
@repository.remove_projects projects_list
redirect_to platform_repository_path(@platform, @repository), notice: t('flash.repository.projects_will_be_removed')
@ -152,6 +158,7 @@ class Platforms::RepositoriesController < Platforms::BaseController
end
def regenerate_metadata
authorize @repository
if @repository.regenerate(params[:repository].try :[], :build_for_platform_id)
flash[:notice] = t('flash.repository.regenerate_in_queue')
else
@ -161,6 +168,7 @@ class Platforms::RepositoriesController < Platforms::BaseController
end
def sync_lock_file
authorize @repository
if params[:remove]
@repository.remove_sync_lock_file
flash[:notice] = t('flash.repository.sync_lock_file_removed')
@ -173,8 +181,9 @@ class Platforms::RepositoriesController < Platforms::BaseController
protected
# Private: before_action hook which loads Repository.
def load_repository
@repository = @platform.repositories.find(params[:id]) if params[:id]
authorize @repository = @platform.repositories.find(params[:id]), :show? if params[:id]
end
def set_members

View File

@ -1,7 +1,7 @@
class PlatformPolicy < ApplicationPolicy
def index?
true
!user.guest?
end
def show?