Add access control in public section to users teams

7534154b · Andrey Kumanyaev · Dmitriy Zaporozhets · dcea5220 · 7534154b · 7534154b
Commit 7534154b authored Jan 23, 2013 by Andrey Kumanyaev Committed by Dmitriy Zaporozhets Jan 24, 2013
3 changed files
--- a/app/controllers/teams/application_controller.rb
+++ b/app/controllers/teams/application_controller.rb
 class Teams::ApplicationController < ApplicationController
+  before_filter :authorize_manage_user_team!
  protected
  def user_team
    @user_team ||= UserTeam.find_by_path(params[:team_id])
  end
+  def authorize_manage_user_team!
+    return access_denied! unless can?(current_user, :manage_user_team, user_team)
+  end
 end
--- a/app/controllers/teams/members_controller.rb
+++ b/app/controllers/teams/members_controller.rb
 class Teams::MembersController < Teams::ApplicationController
  # Authorize
-  before_filter :authorize_manage_user_team!, only: [:new, :edit]
+  skip_before_filter :authorize_manage_user_team!, only: [:index]
  def index
    @members = @user_team.members

--- a/app/controllers/teams/projects_controller.rb
+++ b/app/controllers/teams/projects_controller.rb
 class Teams::ProjectsController < Teams::ApplicationController
+  skip_before_filter :authorize_manage_user_team!, only: [:index]
  def index
    @projects = user_team.projects
    @avaliable_projects = current_user.admin? ? Project.without_team(user_team) : (Project.personal(current_user) + current_user.projects).uniq