diff options
| author | Xinhui | 2017-04-19 14:12:31 +0200 |
|---|---|---|
| committer | Xinhui | 2017-04-19 14:12:36 +0200 |
| commit | 2b33a4143ad1ecb0f281cdd90221199017d23a4f (patch) | |
| tree | 8bf60e112b03fc304d7b4a768cbbc386397f398d | |
| parent | c41b0355438280f04dfad723527c9db38e325c36 (diff) | |
| download | chouette-core-2b33a4143ad1ecb0f281cdd90221199017d23a4f.tar.bz2 | |
Refactoring permission check journey_patterns_collection#index
Refs #3139
| -rw-r--r-- | app/controllers/journey_patterns_collections_controller.rb | 5 | ||||
| -rw-r--r-- | app/policies/journey_pattern_policy.rb | 11 |
2 files changed, 10 insertions, 6 deletions
diff --git a/app/controllers/journey_patterns_collections_controller.rb b/app/controllers/journey_patterns_collections_controller.rb index 2963a8ad7..ba54ddf26 100644 --- a/app/controllers/journey_patterns_collections_controller.rb +++ b/app/controllers/journey_patterns_collections_controller.rb @@ -45,10 +45,9 @@ class JourneyPatternsCollectionsController < ChouetteController def user_permissions @perms = {}.tap do |perm| ['journey_patterns.create', 'journey_patterns.edit', 'journey_patterns.destroy'].each do |name| - perm[name] = current_user.permissions.include?(name) + perm[name] = policy(:journey_pattern).send("#{name.split('.').last}?") end - end - @perms = @perms.to_json + end.to_json end def update diff --git a/app/policies/journey_pattern_policy.rb b/app/policies/journey_pattern_policy.rb index a11fd6bcc..2b5e4c6cd 100644 --- a/app/policies/journey_pattern_policy.rb +++ b/app/policies/journey_pattern_policy.rb @@ -6,15 +6,20 @@ class JourneyPatternPolicy < ApplicationPolicy end def create? - user.has_permission?('journey_patterns.create') # organisation match via referential is checked in the view + # organisation match via referential is checked in the view + user.has_permission?('journey_patterns.create') end def edit? - organisation_match?(via_referential: true) && user.has_permission?('journey_patterns.edit') + # In React UI, we don't have access to record object yet. + # In this case record is a symbol + can_edit = user.has_permission?('journey_patterns.edit') + record.is_a?(Symbol) ? can_edit : (organisation_match?(via_referential: true) && can_edit) end def destroy? - organisation_match?(via_referential: true) && user.has_permission?('journey_patterns.destroy') + can_destroy = user.has_permission?('journey_patterns.destroy') + record.is_a?(Symbol) ? can_destroy : (organisation_match?(via_referential: true) && can_destroy) end def update? ; edit? end |