Add access control in public section to users teams

2013-01-23 00:58:44 +04:00 · 2013-01-23 00:58:44 +04:00 · 7534154b44
commit 7534154b44
parent dcea52203d
3 changed files with 11 additions and 1 deletions
--- a/app/controllers/teams/application_controller.rb
+++ b/app/controllers/teams/application_controller.rb
@ -1,8 +1,15 @@
 class Teams::ApplicationController < ApplicationController
+
+  before_filter :authorize_manage_user_team!
+
  protected

  def user_team
    @user_team ||= UserTeam.find_by_path(params[:team_id])
  end

+  def authorize_manage_user_team!
+    return access_denied! unless can?(current_user, :manage_user_team, user_team)
+  end
+
 end
--- a/app/controllers/teams/members_controller.rb
+++ b/app/controllers/teams/members_controller.rb
@ -1,6 +1,6 @@
 class Teams::MembersController < Teams::ApplicationController
  # Authorize
-  before_filter :authorize_manage_user_team!, only: [:new, :edit]
+  skip_before_filter :authorize_manage_user_team!, only: [:index]

  def index
    @members = @user_team.members
--- a/app/controllers/teams/projects_controller.rb
+++ b/app/controllers/teams/projects_controller.rb
@ -1,4 +1,7 @@
 class Teams::ProjectsController < Teams::ApplicationController
+
+  skip_before_filter :authorize_manage_user_team!, only: [:index]
+
  def index
    @projects = user_team.projects
    @avaliable_projects = current_user.admin? ? Project.without_team(user_team) : (Project.personal(current_user) + current_user.projects).uniq