Line policy

Refs #1780
author: Xinhui 2016-10-10 10:55:34 +0200
committer: Xinhui 2016-10-10 11:09:51 +0200
commit: fc25c675b21524d722f3e0e2ae34db43392f1651 (patch)
tree: 84ec2eb4c277907da32c81e3affbaede73a5cfcb /app/controllers
parent: 8bf58bfada05c61dbd773b74e9e6d91f01d3aae1 (diff)
download: chouette-core-fc25c675b21524d722f3e0e2ae34db43392f1651.tar.bz2
2 files changed, 16 insertions, 3 deletions
diff --git a/app/controllers/lines_controller.rb b/app/controllers/lines_controller.rb
index 8c14de06d..a93084012 100644
--- a/app/controllers/lines_controller.rb
+++ b/app/controllers/lines_controller.rb
@@ -1,6 +1,6 @@
 class LinesController < BreadcrumbController
   include ApplicationHelper
-
+  before_action :check_policy, :only => [:edit, :update, :destroy]
   defaults :resource_class => Chouette::Line
   respond_to :html
   respond_to :xml
@@ -30,6 +30,16 @@ class LinesController < BreadcrumbController
     end
   end
 
+  def new
+    authorize resource_class
+    super
+  end
+
+  def create
+    authorize resource_class
+    super
+  end
+
   # overwrite inherited resources to use delete instead of destroy
   # foreign keys will propagate deletion)
   def destroy_resource(object)
@@ -85,6 +95,9 @@ class LinesController < BreadcrumbController
   alias_method :line_referential, :parent
 
   private
+  def check_policy
+    authorize resource
+  end
 
   def line_params
     params.require(:line).permit( :transport_mode, :network_id, :company_id, :objectid, :object_version, :creation_time, :creator_id, :name, :number, :published_name, :transport_mode_name, :registration_number, :comment, :mobility_restricted_suitability, :int_user_needs, :flexible_service, :group_of_lines, :group_of_line_ids, :group_of_line_tokens, :url, :color, :text_color, :stable_id, { footnotes_attributes: [ :code, :label, :_destroy, :id ] } )
diff --git a/app/controllers/stop_areas_controller.rb b/app/controllers/stop_areas_controller.rb
index 90820d932..8f6a1565a 100644
--- a/app/controllers/stop_areas_controller.rb
+++ b/app/controllers/stop_areas_controller.rb
@@ -63,7 +63,7 @@ class StopAreasController < BreadcrumbController
   end
 
   def new
-    authorize Chouette::StopArea
+    authorize resource_class
     @map = StopAreaMap.new( Chouette::StopArea.new).with_helpers(self)
     @map.editable = true
     new! do
@@ -72,7 +72,7 @@ class StopAreasController < BreadcrumbController
   end
 
   def create
-    authorize Chouette::StopArea
+    authorize resource_class
     @map = StopAreaMap.new( Chouette::StopArea.new).with_helpers(self)
     @map.editable = true
author	Xinhui	2016-10-10 10:55:34 +0200
committer	Xinhui	2016-10-10 11:09:51 +0200
commit	fc25c675b21524d722f3e0e2ae34db43392f1651 (patch)
tree	84ec2eb4c277907da32c81e3affbaede73a5cfcb /app/controllers
parent	8bf58bfada05c61dbd773b74e9e6d91f01d3aae1 (diff)
download	chouette-core-fc25c675b21524d722f3e0e2ae34db43392f1651.tar.bz2