Commit 7534154b authored by Andrey Kumanyaev's avatar Andrey Kumanyaev Committed by Dmitriy Zaporozhets

Add access control in public section to users teams

parent dcea5220
class Teams::ApplicationController < ApplicationController class Teams::ApplicationController < ApplicationController
before_filter :authorize_manage_user_team!
protected protected
def user_team def user_team
@user_team ||= UserTeam.find_by_path(params[:team_id]) @user_team ||= UserTeam.find_by_path(params[:team_id])
end end
def authorize_manage_user_team!
return access_denied! unless can?(current_user, :manage_user_team, user_team)
end
end end
class Teams::MembersController < Teams::ApplicationController class Teams::MembersController < Teams::ApplicationController
# Authorize # Authorize
before_filter :authorize_manage_user_team!, only: [:new, :edit] skip_before_filter :authorize_manage_user_team!, only: [:index]
def index def index
@members = @user_team.members @members = @user_team.members
......
class Teams::ProjectsController < Teams::ApplicationController class Teams::ProjectsController < Teams::ApplicationController
skip_before_filter :authorize_manage_user_team!, only: [:index]
def index def index
@projects = user_team.projects @projects = user_team.projects
@avaliable_projects = current_user.admin? ? Project.without_team(user_team) : (Project.personal(current_user) + current_user.projects).uniq @avaliable_projects = current_user.admin? ? Project.without_team(user_team) : (Project.personal(current_user) + current_user.projects).uniq
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment