kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Use before_actions

Browse source
This commit is contained in:
Douwe Maan 2015-07-31 14:15:49 +02:00
parent d953f6927c
commit 0736f348a6
2 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/groups/application_controller.rb
View file

@ -18,4 +18,10 @@ class Groups::ApplicationController < ApplicationController
return render_404
end
end
def authorize_admin_group_member!
unless can?(current_user, :admin_group_member, group)
return render_403
end
end
end

5
app/controllers/groups/group_members_controller.rb
View file

@ -5,6 +5,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
# Authorize
before_action :authorize_read_group!
before_action :authorize_admin_group!, except: [:index, :leave]
before_action :authorize_admin_group_member!, only: [:create, :resend_invite]
def index
@project = @group.projects.find(params[:project_id]) if params[:project_id]
@ -21,8 +22,6 @@ class Groups::GroupMembersController < Groups::ApplicationController
end
def create
return render_403 unless can?(current_user, :admin_group_member, @group)
@group.add_users(params[:user_ids].split(','), params[:access_level], current_user)
redirect_to group_group_members_path(@group), notice: 'Users were successfully added.'
@ -51,8 +50,6 @@ class Groups::GroupMembersController < Groups::ApplicationController
end
def resend_invite
return render_403 unless can?(current_user, :admin_group_member, @group)
redirect_path = group_group_members_path(@group)
@group_member = @group.group_members.find(params[:id])