Use before_actions

0736f348 · Douwe Maan · d953f692 · 0736f348 · 0736f348
Commit 0736f348 authored Jul 31, 2015 by Douwe Maan
Showing with 7 additions and 4 deletions

app/controllers/groups/application_controller.rb app/controllers/groups/application_controller.rb +6 -0

app/controllers/groups/group_members_controller.rb app/controllers/groups/group_members_controller.rb +1 -4

No files found.
--- a/app/controllers/groups/application_controller.rb
+++ b/app/controllers/groups/application_controller.rb
@@ -18,4 +18,10 @@ class Groups::ApplicationController < ApplicationController
      return render_404
    end
  end
+  
+  def authorize_admin_group_member!
+    unless can?(current_user, :admin_group_member, group)
+      return render_403
+    end
+  end
 end
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -5,6 +5,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
  # Authorize
  before_action :authorize_read_group!
  before_action :authorize_admin_group!, except: [:index, :leave]
+  before_action :authorize_admin_group_member!, only: [:create, :resend_invite]

  def index
    @project = @group.projects.find(params[:project_id]) if params[:project_id]
@@ -21,8 +22,6 @@ class Groups::GroupMembersController < Groups::ApplicationController
  end

  def create
-    return render_403 unless can?(current_user, :admin_group_member, @group)
-
    @group.add_users(params[:user_ids].split(','), params[:access_level], current_user)

    redirect_to group_group_members_path(@group), notice: 'Users were successfully added.'
@@ -51,8 +50,6 @@ class Groups::GroupMembersController < Groups::ApplicationController
  end

  def resend_invite
-    return render_403 unless can?(current_user, :admin_group_member, @group)
-
    redirect_path = group_group_members_path(@group)

    @group_member = @group.group_members.find(params[:id])