kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add access control in public section to users teams

Browse source
This commit is contained in:
Andrey Kumanyaev 2013-01-23 00:58:44 +04:00 committed by Dmitriy Zaporozhets
parent dcea52203d
commit 7534154b44
3 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
app/controllers/teams/application_controller.rb
View file

@ -1,8 +1,15 @@
class Teams::ApplicationController < ApplicationController class Teams::ApplicationController < ApplicationController
before_filter :authorize_manage_user_team!
protected protected
def user_team def user_team
@user_team ||= UserTeam.find_by_path(params[:team_id]) @user_team ||= UserTeam.find_by_path(params[:team_id])
end end
def authorize_manage_user_team!
return access_denied! unless can?(current_user, :manage_user_team, user_team)
end
end end

2
app/controllers/teams/members_controller.rb
View file

@ -1,6 +1,6 @@
class Teams::MembersController < Teams::ApplicationController class Teams::MembersController < Teams::ApplicationController
# Authorize # Authorize
before_filter :authorize_manage_user_team!, only: [:new, :edit] skip_before_filter :authorize_manage_user_team!, only: [:index]
def index def index
@members = @user_team.members @members = @user_team.members

3
app/controllers/teams/projects_controller.rb
View file

@ -1,4 +1,7 @@
class Teams::ProjectsController < Teams::ApplicationController class Teams::ProjectsController < Teams::ApplicationController
skip_before_filter :authorize_manage_user_team!, only: [:index]
def index def index
@projects = user_team.projects @projects = user_team.projects
@avaliable_projects = current_user.admin? ? Project.without_team(user_team) : (Project.personal(current_user) + current_user.projects).uniq @avaliable_projects = current_user.admin? ? Project.without_team(user_team) : (Project.personal(current_user) + current_user.projects).uniq