diff options
| author | Xinhui | 2016-10-07 15:57:34 +0200 |
|---|---|---|
| committer | Xinhui | 2016-10-07 15:57:38 +0200 |
| commit | 8bf58bfada05c61dbd773b74e9e6d91f01d3aae1 (patch) | |
| tree | 78bf4c81874ae161d6d6702be3d311a7c88cd5ca /app/controllers | |
| parent | 58c529ecfb27e6f3aea1cf5909dfd86ae1a1c6a9 (diff) | |
| download | chouette-core-8bf58bfada05c61dbd773b74e9e6d91f01d3aae1.tar.bz2 | |
Policy Chouette::StopArea
Refs #1780
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/application_controller.rb | 8 | ||||
| -rw-r--r-- | app/controllers/stop_areas_controller.rb | 9 |
2 files changed, 17 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index fa3874632..c2414f5bb 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,9 +1,13 @@ class ApplicationController < ActionController::Base + include Pundit + rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized + # TODO : Delete hack to authorize Cross Request for js and json get request from javascript protect_from_forgery unless: -> { request.get? && (request.format.json? || request.format.js?) } before_action :authenticate_user! before_action :set_locale + # Load helpers in rails engine helper LanguageEngine::Engine.helpers @@ -13,6 +17,10 @@ class ApplicationController < ActionController::Base protected + def user_not_authorized + render :file => "#{Rails.root}/public/403.html", :status => :forbidden, :layout => false + end + def current_organisation current_user.organisation if current_user end diff --git a/app/controllers/stop_areas_controller.rb b/app/controllers/stop_areas_controller.rb index b37709e84..90820d932 100644 --- a/app/controllers/stop_areas_controller.rb +++ b/app/controllers/stop_areas_controller.rb @@ -63,6 +63,7 @@ class StopAreasController < BreadcrumbController end def new + authorize Chouette::StopArea @map = StopAreaMap.new( Chouette::StopArea.new).with_helpers(self) @map.editable = true new! do @@ -71,6 +72,7 @@ class StopAreasController < BreadcrumbController end def create + authorize Chouette::StopArea @map = StopAreaMap.new( Chouette::StopArea.new).with_helpers(self) @map.editable = true @@ -92,6 +94,7 @@ class StopAreasController < BreadcrumbController end def edit + authorize stop_area edit! do stop_area.position ||= stop_area.default_position map.editable = true @@ -99,7 +102,13 @@ class StopAreasController < BreadcrumbController end end + def destroy + authorize stop_area + super + end + def update + authorize stop_area stop_area.position ||= stop_area.default_position map.editable = true |