Refs #2476 : Disable modification and deletion of resources from another referential; in progress

author: Vlatka Pavisic 2017-02-06 11:42:12 +0100
committer: Vlatka Pavisic 2017-02-07 11:25:29 +0100
commit: d94b1271d147fdb5bbd1e616e116173198e858db (patch)
tree: e1b5631e72e009ffd80fdf4e47159b2b11cd899e /app/controllers
parent: 9c3095c20aaef122212ed71ce8818e3a18b13308 (diff)
download: chouette-core-d94b1271d147fdb5bbd1e616e116173198e858db.tar.bz2
18 files changed, 48 insertions, 80 deletions
diff --git a/app/controllers/access_links_controller.rb b/app/controllers/access_links_controller.rb
index d590aba00..fbf6d2c5c 100644
--- a/app/controllers/access_links_controller.rb
+++ b/app/controllers/access_links_controller.rb
@@ -9,6 +9,8 @@ class AccessLinksController < ChouetteController
   respond_to :html, :xml, :json
   respond_to :kml, :only => :show
 
+  include PolicyChecker
+
   def index
     request.format.kml? ? @per_page = nil : @per_page = 12
     index!
@@ -86,7 +88,6 @@ class AccessLinksController < ChouetteController
       end
   end
 
-
   private
 
   def access_link_params
diff --git a/app/controllers/access_points_controller.rb b/app/controllers/access_points_controller.rb
index 534b0c835..2cef90a28 100644
--- a/app/controllers/access_points_controller.rb
+++ b/app/controllers/access_points_controller.rb
@@ -7,7 +7,9 @@ class AccessPointsController < ChouetteController
 
   respond_to :html, :kml, :xml, :json
 
-  def index    
+  include PolicyChecker
+
+  def index
     request.format.kml? ? @per_page = nil : @per_page = 12
 
     index! do |format|
@@ -16,7 +18,7 @@ class AccessPointsController < ChouetteController
           redirect_to params.merge(:page => 1)
         end
       }
-    end       
+    end
   end
 
   def show
@@ -26,14 +28,14 @@ class AccessPointsController < ChouetteController
     show! do |format|
       unless access_point.position or params[:default]
         format.kml {
-          render :nothing => true, :status => :not_found 
+          render :nothing => true, :status => :not_found
         }
-        
+
       end
       format.html {build_breadcrumb :show}
     end
   end
-  
+
 
   def edit
     access_point.position ||= access_point.default_position
@@ -45,7 +47,7 @@ class AccessPointsController < ChouetteController
 
 
   protected
-  
+
   alias_method :access_point, :resource
 
   def map
@@ -54,7 +56,7 @@ class AccessPointsController < ChouetteController
 
   def collection
     @q = parent.access_points.search(params[:q])
-    @access_points ||= 
+    @access_points ||=
       begin
         access_points = @q.result(:distinct => true).order(:name)
         access_points = access_points.paginate(:page => params[:page]) if @per_page.present?
@@ -62,7 +64,6 @@ class AccessPointsController < ChouetteController
       end
   end
 
-
   private
 
   def access_point_params
diff --git a/app/controllers/calendars_controller.rb b/app/controllers/calendars_controller.rb
index 9784820f9..3e7a05231 100644
--- a/app/controllers/calendars_controller.rb
+++ b/app/controllers/calendars_controller.rb
@@ -1,6 +1,6 @@
 class CalendarsController < BreadcrumbController
+  include PolicyChecker
   defaults resource_class: Calendar
-  before_action :check_policy, only: [:edit, :update, :destroy]
 
   respond_to :html
   respond_to :js, only: :index
@@ -39,9 +39,5 @@ class CalendarsController < BreadcrumbController
     calendars = calendars.order(sort_column + ' ' + sort_direction) if sort_column && sort_direction
     @calendars = calendars.paginate(page: params[:page])
   end
-
-  def check_policy
-    authorize resource
-  end
 end
 
diff --git a/app/controllers/chouette_controller.rb b/app/controllers/chouette_controller.rb
index 074fc0515..dd1002fd8 100644
--- a/app/controllers/chouette_controller.rb
+++ b/app/controllers/chouette_controller.rb
@@ -10,9 +10,9 @@ class ChouetteController < BreadcrumbController
   end
 
   def referential
-    @referential ||= current_organisation.referentials.find params[:referential_id]
+    @referential ||= Referential.find params[:referential_id]
   end
-  
+
   alias_method :current_referential, :referential
   helper_method :current_referential
 
diff --git a/app/controllers/companies_controller.rb b/app/controllers/companies_controller.rb
index bf298786a..a8701d227 100644
--- a/app/controllers/companies_controller.rb
+++ b/app/controllers/companies_controller.rb
@@ -1,6 +1,6 @@
 class CompaniesController < BreadcrumbController
   include ApplicationHelper
-  before_action :check_policy, :only => [:edit, :update, :destroy]
+  include PolicyChecker
   defaults :resource_class => Chouette::Company
   respond_to :html
   respond_to :xml
@@ -53,10 +53,6 @@ class CompaniesController < BreadcrumbController
 
   alias_method :line_referential, :parent
 
-  def check_policy
-    authorize resource
-  end
-
   alias_method :current_referential, :line_referential
   helper_method :current_referential
 
diff --git a/app/controllers/concerns/policy_checker.rb b/app/controllers/concerns/policy_checker.rb
new file mode 100644
index 000000000..72c18c64f
--- /dev/null
+++ b/app/controllers/concerns/policy_checker.rb
@@ -0,0 +1,12 @@
+module PolicyChecker
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :check_policy, only: [:edit, :update, :destroy]
+  end
+
+  protected
+  def check_policy
+    authorize resource
+  end
+end
diff --git a/app/controllers/connection_links_controller.rb b/app/controllers/connection_links_controller.rb
index ca36a999f..abeb9dd6a 100644
--- a/app/controllers/connection_links_controller.rb
+++ b/app/controllers/connection_links_controller.rb
@@ -10,7 +10,9 @@ class ConnectionLinksController < ChouetteController
   respond_to :kml, :only => :show
   respond_to :js, :only => :index
 
-  def index    
+  include PolicyChecker
+
+  def index
     index! do |format|
       format.html {
         if collection.out_of_bounds?
@@ -18,7 +20,7 @@ class ConnectionLinksController < ChouetteController
         end
         build_breadcrumb :index
       }
-    end       
+    end
   end
 
   def show
@@ -36,10 +38,10 @@ class ConnectionLinksController < ChouetteController
   end
 
   protected
-  
+
   alias_method :connection_link, :resource
 
-  def collection    
+  def collection
     @q = referential.connection_links.search(params[:q])
     @connection_links ||= @q.result(:distinct => true).order(:name).paginate(:page => params[:page])
   end
@@ -53,7 +55,7 @@ class ConnectionLinksController < ChouetteController
   end
 
   private
-  
+
   def connection_link_params
     params.require(:connection_link).permit( :connection_link_type,:departure_id, :arrival_id, :objectid, :object_version, :creation_time, :creator_id, :name, :comment, :link_distance, :link_type, :default_duration, :frequent_traveller_duration, :occasional_traveller_duration, :mobility_restricted_traveller_duration, :mobility_restricted_suitability, :stairs_availability, :lift_availability, :int_user_needs )
   end
diff --git a/app/controllers/group_of_lines_controller.rb b/app/controllers/group_of_lines_controller.rb
index 112ff2dd0..a1cf0d6e4 100644
--- a/app/controllers/group_of_lines_controller.rb
+++ b/app/controllers/group_of_lines_controller.rb
@@ -1,6 +1,6 @@
 class GroupOfLinesController < BreadcrumbController
   include ApplicationHelper
-  before_action :check_policy, :only => [:edit, :update, :destroy]
+  include PolicyChecker
   defaults :resource_class => Chouette::GroupOfLine
   respond_to :html
   respond_to :xml
@@ -75,10 +75,6 @@ class GroupOfLinesController < BreadcrumbController
 
   private
 
-  def check_policy
-    authorize resource
-  end
-
   def group_of_line_params
     params.require(:group_of_line).permit( :objectid, :object_version, :creation_time, :creator_id, :name, :comment, :lines, :registration_number, :line_tokens)
   end
diff --git a/app/controllers/journey_patterns_controller.rb b/app/controllers/journey_patterns_controller.rb
index 69f16321e..4b6872a05 100644
--- a/app/controllers/journey_patterns_controller.rb
+++ b/app/controllers/journey_patterns_controller.rb
@@ -15,7 +15,7 @@ class JourneyPatternsController < ChouetteController
   alias_method :route, :parent
   alias_method :journey_pattern, :resource
 
-  before_action :check_policy, only: [:edit, :update, :destroy]
+  include PolicyChecker
 
   def index
     index! do |format|
@@ -55,10 +55,6 @@ class JourneyPatternsController < ChouetteController
 
   private
 
-  def check_policy
-    authorize resource
-  end
-
   def journey_pattern_params
     params.require(:journey_pattern).permit(:route_id, :objectid, :object_version, :creation_time, :creator_id, :name, :comment, :registration_number, :published_name, :departure_stop_point_id, :arrival_stop_point_id, {:stop_point_ids => []})
   end
diff --git a/app/controllers/line_footnotes_controller.rb b/app/controllers/line_footnotes_controller.rb
index 3b44d087c..192f902c8 100644
--- a/app/controllers/line_footnotes_controller.rb
+++ b/app/controllers/line_footnotes_controller.rb
@@ -1,6 +1,6 @@
 class LineFootnotesController < ChouetteController
   defaults :resource_class => Chouette::Line, :instance_name => 'line'
-  before_action :check_policy, only: [:edit, :update, :destroy]
+  include PolicyChecker
   belongs_to :referential
 
   def show
@@ -24,6 +24,8 @@ class LineFootnotesController < ChouetteController
   end
 
   protected
+
+  # overrides default
   def check_policy
     authorize resource, "#{action_name}_footnote?".to_sym
   end
diff --git a/app/controllers/lines_controller.rb b/app/controllers/lines_controller.rb
index 9a0a007aa..bc8852411 100644
--- a/app/controllers/lines_controller.rb
+++ b/app/controllers/lines_controller.rb
@@ -1,6 +1,6 @@
 class LinesController < BreadcrumbController
   include ApplicationHelper
-  before_action :check_policy, :only => [:edit, :update, :destroy]
+  include PolicyChecker
   defaults :resource_class => Chouette::Line
   respond_to :html
   respond_to :xml
@@ -98,10 +98,6 @@ class LinesController < BreadcrumbController
     %w[asc desc].include?(params[:direction]) ?  params[:direction] : 'asc'
   end
 
-  def check_policy
-    authorize resource
-  end
-
   alias_method :current_referential, :line_referential
   helper_method :current_referential
 
diff --git a/app/controllers/networks_controller.rb b/app/controllers/networks_controller.rb
index d9070e7e8..7249349fc 100644
--- a/app/controllers/networks_controller.rb
+++ b/app/controllers/networks_controller.rb
@@ -1,6 +1,6 @@
 class NetworksController < BreadcrumbController
   include ApplicationHelper
-  before_action :check_policy, :only => [:edit, :update, :destroy]
+  include PolicyChecker
   defaults :resource_class => Chouette::Network
   respond_to :html
   respond_to :xml
@@ -58,10 +58,6 @@ class NetworksController < BreadcrumbController
 
   alias_method :line_referential, :parent
 
-  def check_policy
-    authorize resource
-  end
-
   alias_method :current_referential, :line_referential
   helper_method :current_referential
 
diff --git a/app/controllers/referential_lines_controller.rb b/app/controllers/referential_lines_controller.rb
index 4ffee27cb..c0d71d891 100644
--- a/app/controllers/referential_lines_controller.rb
+++ b/app/controllers/referential_lines_controller.rb
@@ -1,5 +1,5 @@
 class ReferentialLinesController < ChouetteController
-  before_action :check_policy, :only => [:edit, :update, :destroy]
+  include PolicyChecker
 
   defaults :resource_class => Chouette::Line, :collection_name => 'lines', :instance_name => 'line'
   respond_to :html
@@ -95,10 +95,6 @@ class ReferentialLinesController < ChouetteController
     %w[asc desc].include?(params[:direction]) ?  params[:direction] : 'asc'
   end
 
-  def check_policy
-    authorize resource
-  end
-
   def line_params
     params.require(:line).permit(
       :transport_mode,
diff --git a/app/controllers/referentials_controller.rb b/app/controllers/referentials_controller.rb
index 6957479df..78d55f94b 100644
--- a/app/controllers/referentials_controller.rb
+++ b/app/controllers/referentials_controller.rb
@@ -1,6 +1,7 @@
 class ReferentialsController < BreadcrumbController
   defaults :resource_class => Referential
-  before_action :check_policy, :only => [:edit, :update]
+  include PolicyChecker
+  before_action :check_policy, :only => [:edit, :update] # overrides default
 
   respond_to :html
   respond_to :json, :only => :show
@@ -117,10 +118,6 @@ class ReferentialsController < BreadcrumbController
     %w[asc desc].include?(params[:direction]) ?  params[:direction] : 'asc'
   end
 
-  def check_policy
-    authorize resource
-  end
-
   def referential_params
     params.require(:referential).permit(
       :id,
diff --git a/app/controllers/routes_controller.rb b/app/controllers/routes_controller.rb
index be6329006..59bd22f56 100644
--- a/app/controllers/routes_controller.rb
+++ b/app/controllers/routes_controller.rb
@@ -1,4 +1,5 @@
 class RoutesController < ChouetteController
+  include PolicyChecker
   defaults :resource_class => Chouette::Route
 
   respond_to :html, :xml, :json
@@ -10,7 +11,6 @@ class RoutesController < ChouetteController
   end
 
   before_action :define_candidate_opposite_routes, only: [:new, :edit, :create, :update]
-  before_action :check_policy, only: [:edit, :update, :destroy]
 
   def index
     index! do |format|
@@ -86,10 +86,6 @@ class RoutesController < ChouetteController
       end
   end
 
-  def check_policy
-    authorize resource
-  end
-
   private
 
   def route_params
diff --git a/app/controllers/routing_constraint_zones_controller.rb b/app/controllers/routing_constraint_zones_controller.rb
index cd8cd5aa7..17c7066b9 100644
--- a/app/controllers/routing_constraint_zones_controller.rb
+++ b/app/controllers/routing_constraint_zones_controller.rb
@@ -7,12 +7,7 @@ class RoutingConstraintZonesController < ChouetteController
     belongs_to :line, parent_class: Chouette::Line
   end
 
-  before_action :check_policy, only: [:edit, :update, :destroy]
-
-  protected
-  def check_policy
-    authorize resource
-  end
+  include PolicyChecker
 
   private
   def routing_constraint_zone_params
diff --git a/app/controllers/time_tables_controller.rb b/app/controllers/time_tables_controller.rb
index ec62dfb98..7f9a95789 100644
--- a/app/controllers/time_tables_controller.rb
+++ b/app/controllers/time_tables_controller.rb
@@ -8,7 +8,7 @@ class TimeTablesController < ChouetteController
 
   belongs_to :referential
 
-  before_action :check_policy, only: [:edit, :update, :destroy]
+  include PolicyChecker
 
   def show
     @year = params[:year] ? params[:year].to_i : Date.today.cwyear
@@ -114,10 +114,6 @@ class TimeTablesController < ChouetteController
     referential_time_tables_path(referential)
   end
 
-  def check_policy
-    authorize resource
-  end
-
   private
 
   def time_table_params
diff --git a/app/controllers/vehicle_journeys_controller.rb b/app/controllers/vehicle_journeys_controller.rb
index 9b4c39d2a..3ae278ec1 100644
--- a/app/controllers/vehicle_journeys_controller.rb
+++ b/app/controllers/vehicle_journeys_controller.rb
@@ -9,7 +9,7 @@ class VehicleJourneysController < ChouetteController
     end
   end
 
-  before_action :check_policy, only: [:edit, :update, :destroy]
+  include PolicyChecker
 
   def select_journey_pattern
     if params[:journey_pattern_id]
@@ -79,12 +79,6 @@ class VehicleJourneysController < ChouetteController
     @matrix = resource_class.matrix(@vehicle_journeys)
   end
 
-  protected
-
-  def check_policy
-    authorize resource
-  end
-
   private
 
   def vehicle_journey_params
author	Vlatka Pavisic	2017-02-06 11:42:12 +0100
committer	Vlatka Pavisic	2017-02-07 11:25:29 +0100
commit	d94b1271d147fdb5bbd1e616e116173198e858db (patch)
tree	e1b5631e72e009ffd80fdf4e47159b2b11cd899e /app/controllers
parent	9c3095c20aaef122212ed71ce8818e3a18b13308 (diff)
download	chouette-core-d94b1271d147fdb5bbd1e616e116173198e858db.tar.bz2