Remove task abilities, since we will only ever show the user their own
This commit is contained in:
parent
b05ab108f8
commit
48ddf9a407
|
@ -1,6 +1,4 @@
|
|||
class Dashboard::TasksController < Dashboard::ApplicationController
|
||||
before_action :authorize_destroy_task!, only: [:destroy]
|
||||
|
||||
def index
|
||||
@tasks = case params[:state]
|
||||
when 'done'
|
||||
|
@ -23,12 +21,6 @@ class Dashboard::TasksController < Dashboard::ApplicationController
|
|||
|
||||
private
|
||||
|
||||
def authorize_destroy_task!
|
||||
unless can?(current_user, :destroy_task, task)
|
||||
return render_404
|
||||
end
|
||||
end
|
||||
|
||||
def task
|
||||
@task ||= current_user.tasks.find(params[:id])
|
||||
end
|
||||
|
|
|
@ -17,7 +17,6 @@ class Ability
|
|||
when Namespace then namespace_abilities(user, subject)
|
||||
when GroupMember then group_member_abilities(user, subject)
|
||||
when ProjectMember then project_member_abilities(user, subject)
|
||||
when Task then task_abilities(user, subject)
|
||||
else []
|
||||
end.concat(global_abilities(user))
|
||||
end
|
||||
|
@ -417,16 +416,6 @@ class Ability
|
|||
rules
|
||||
end
|
||||
|
||||
def task_abilities(user, task)
|
||||
rules = []
|
||||
|
||||
if task && task.user == user
|
||||
rules << :destroy_task
|
||||
end
|
||||
|
||||
rules
|
||||
end
|
||||
|
||||
def abilities
|
||||
@abilities ||= begin
|
||||
abilities = Six.new
|
||||
|
|
Loading…
Reference in New Issue