Only display alert to key owners and superusers

2019-09-15 04:35:05 +05:00 · 2019-09-15 04:35:05 +05:00 · eae61994be
commit eae61994be
parent be9156a5da
2 changed files with 41 additions and 34 deletions
--- a/app/policies/private_key_policy.rb
+++ b/app/policies/private_key_policy.rb
@ -2,10 +2,13 @@

 class PrivateKeyPolicy < ApplicationPolicy
  def show?
+    show_alert? && record.exist?
+  end
+
+  def show_alert?
    return false if account.nil?

-    (account.superuser? || account == record.account) &&
-      record.exist? &&
-      params[:private_key_pem_secret].present?
+    params[:private_key_pem_secret].present? &&
+      (account.superuser? || account == record.account)
  end
 end
--- a/app/views/private_keys/_alert.html.erb
+++ b/app/views/private_keys/_alert.html.erb
@ -1,36 +1,40 @@
-<% if policy(PrivateKey.new(asymmetric_key)).show? %>
-  <div class="alert alert-primary" role="alert">
-    <h4 class="alert-heading">
-      <%= translate '.primary_header' %>
-    </h4>
+<% if policy(PrivateKey.new(asymmetric_key)).show_alert? %>
+  <% if policy(PrivateKey.new(asymmetric_key)).show? %>
+    <div class="alert alert-primary" role="alert">
+      <h4 class="alert-heading">
+        <%= translate '.primary_header' %>
+      </h4>

-    <hr/>
+      <hr/>

-    <p>
-      <%= translate(
-          '.primary_text',
-          delay: distance_of_time_in_words(AsymmetricKey::PRIVATE_KEY_CLEAR_DELAY),
+      <p>
+        <%= translate(
+            '.primary_text',
+            delay: distance_of_time_in_words(
+              AsymmetricKey::PRIVATE_KEY_CLEAR_DELAY,
+            ),
+          ) %>
+      </p>
+
+      <%= link_to(
+          translate('.link'),
+          asymmetric_key_private_key_path(
+            asymmetric_key,
+            format: :key,
+            private_key_pem_secret: params[:private_key_pem_secret],
+          ),
+          class: 'btn btn-primary',
        ) %>
-    </p>
+    </div>
+  <% else %>
+    <div class="alert alert-secondary" role="alert">
+      <h4 class="alert-heading">
+        <%= translate '.secondary_header' %>
+      </h4>

-    <%= link_to(
-        translate('.link'),
-        asymmetric_key_private_key_path(
-          asymmetric_key,
-          format: :key,
-          private_key_pem_secret: params[:private_key_pem_secret],
-        ),
-        class: 'btn btn-primary',
-      ) %>
-  </div>
-<% else %>
-  <div class="alert alert-secondary" role="alert">
-    <h4 class="alert-heading">
-      <%= translate '.secondary_header' %>
-    </h4>
-
-    <p>
-      <%= translate '.secondary_text' %>
-    </p>
-  </div>
+      <p>
+        <%= translate '.secondary_text' %>
+      </p>
+    </div>
+  <% end %>
 <% end %>