#465: updated RepositoryPolicy
This commit is contained in:
parent
5c7608ee4e
commit
de442480da
|
@ -1,11 +1,10 @@
|
|||
class AdvisoriesController < ApplicationController
|
||||
before_action :authenticate_user!
|
||||
skip_before_action :authenticate_user! if APP_CONFIG['anonymous_access']
|
||||
load_resource find_by: :advisory_id
|
||||
authorize_resource
|
||||
|
||||
def index
|
||||
@advisories = @advisories.includes(:platforms).search(params[:q]).uniq
|
||||
authorize :advisories
|
||||
@advisories = Advisory.includes(:platforms).search(params[:q]).uniq
|
||||
@advisories_count = @advisories.count
|
||||
@advisories = @advisories.paginate(page: current_page, per_page: Advisory.per_page)
|
||||
respond_to do |format|
|
||||
|
@ -16,10 +15,12 @@ class AdvisoriesController < ApplicationController
|
|||
end
|
||||
|
||||
def show
|
||||
authorize @advisory = Advisory.find_by(advisory_id: params[:id])
|
||||
@packages_info = @advisory.fetch_packages_info
|
||||
end
|
||||
|
||||
def search
|
||||
authorize :advisories, :index?
|
||||
@advisory = Advisory.by_update_type(params[:bl_type]).search_by_id(params[:query]).first
|
||||
if @advisory.nil?
|
||||
render nothing: true, status: 404
|
||||
|
|
|
@ -1,2 +1,11 @@
|
|||
class Platforms::BaseController < ApplicationController
|
||||
before_action :load_platform
|
||||
|
||||
protected
|
||||
|
||||
def load_platform
|
||||
return unless params[:platform_id]
|
||||
authorize @platform = Platform.find_cached(params[:platform_id]), :show?
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -3,7 +3,6 @@ class Platforms::PlatformsController < Platforms::BaseController
|
|||
|
||||
before_action :authenticate_user!
|
||||
skip_before_action :authenticate_user!, only: [:advisories, :members, :show] if APP_CONFIG['anonymous_access']
|
||||
# load_and_authorize_resource
|
||||
|
||||
def index
|
||||
respond_to do |format|
|
||||
|
|
|
@ -7,11 +7,14 @@ class Platforms::RepositoriesController < Platforms::BaseController
|
|||
before_action :authenticate_user!
|
||||
skip_before_action :authenticate_user!, only: [:index, :show, :projects_list] if APP_CONFIG['anonymous_access']
|
||||
|
||||
load_and_authorize_resource :platform
|
||||
load_and_authorize_resource :repository, through: :platform, shallow: true
|
||||
# load_and_authorize_resource :platform
|
||||
# load_and_authorize_resource :repository, through: :platform, shallow: true
|
||||
before_action :set_members, only: [:edit, :update]
|
||||
before_action :load_repository
|
||||
before_action -> { @repository = @platform.repositories.find(params[:id]) if params[:id] }
|
||||
|
||||
def index
|
||||
@repositories = @platform.repositories
|
||||
@repositories = Repository.custom_sort(@repositories).paginate(page: current_page)
|
||||
end
|
||||
|
||||
|
@ -170,6 +173,10 @@ class Platforms::RepositoriesController < Platforms::BaseController
|
|||
|
||||
protected
|
||||
|
||||
def load_repository
|
||||
@repository = @platform.repositories.find(params[:id]) if params[:id]
|
||||
end
|
||||
|
||||
def set_members
|
||||
@members = @repository.members.order('name')
|
||||
end
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
class RepositoryPolicy < ApplicationPolicy
|
||||
|
||||
def update?
|
||||
local_admin?(record.platform)
|
||||
end
|
||||
|
||||
def reader?
|
||||
local_reader?(record.platform)
|
||||
end
|
||||
|
||||
def write?
|
||||
local_writer?(record.platform)
|
||||
end
|
||||
|
||||
def update?
|
||||
local_admin?(record.platform)
|
||||
end
|
||||
alias_method :manage_members?, :update?
|
||||
alias_method :remove_members?, :update?
|
||||
alias_method :add_member?, :update?
|
||||
|
||||
def add_project?
|
||||
local_admin?(record.platform) || is_member_of_repository?
|
||||
end
|
||||
alias_method :remove_project?, :add_project?
|
||||
|
||||
private
|
||||
|
||||
def is_member_of_repository?
|
||||
Rails.cache.fetch(['RepositoryPolicy#is_member_of_repository?', record, user]) do
|
||||
record.members.exists?(id: user.id)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
|
@ -25,11 +25,10 @@
|
|||
.row
|
||||
hr
|
||||
h3= t("layout.projects.list_header")
|
||||
- if policy(@repository).add_project?
|
||||
- if policy(@repository).update?
|
||||
a.btn.btn-primary href=add_project_platform_repository_path(@platform, @repository)
|
||||
= t('layout.projects.add')
|
||||
|
|
||||
- if policy(@repository).remove_project?
|
||||
a.btn.btn-primary href=remove_project_platform_repository_path(@platform, @repository)
|
||||
= t('layout.repositories.mass_delete')
|
||||
.row
|
||||
|
|
Loading…
Reference in New Issue