diff options
| author | Robert | 2017-07-03 15:34:11 +0200 |
|---|---|---|
| committer | Robert | 2017-07-04 21:54:04 +0200 |
| commit | c48ad4fde3056ef04645b73f7eab54ff867d370c (patch) | |
| tree | 57af273b48f1ece1b5e16244d6957f407a5d9563 /app/helpers | |
| parent | 747d333ffbcc8ee0c9f1daf93ccca32799434e04 (diff) | |
| download | chouette-core-c48ad4fde3056ef04645b73f7eab54ff867d370c.tar.bz2 | |
Refs: #3478@1h
newapplication helper default authorization, (no if) ->
* DefaultPolicy (all true)
* Add some policies (LinePolicy)
* Use `boiv:read` pour show, index
* Adapted `table_builder`
Diffstat (limited to 'app/helpers')
| -rw-r--r-- | app/helpers/newapplication_helper.rb | 5 | ||||
| -rw-r--r-- | app/helpers/table_builder_helper/custom_links.rb | 14 |
2 files changed, 17 insertions, 2 deletions
diff --git a/app/helpers/newapplication_helper.rb b/app/helpers/newapplication_helper.rb index edcad76c3..ac57997d1 100644 --- a/app/helpers/newapplication_helper.rb +++ b/app/helpers/newapplication_helper.rb @@ -155,7 +155,10 @@ module NewapplicationHelper content_tag :li, link_to(t("actions.#{action}"), polymorph_url, method: :put) end else - content_tag :li, link_to(t("actions.#{action}"), polymorph_url) + permission = "#{action}?" + if !policy(item).respond_to?(permission) || policy(item).public_send(permission) + content_tag :li, link_to(t("actions.#{action}"), polymorph_url) + end end end.join.html_safe end diff --git a/app/helpers/table_builder_helper/custom_links.rb b/app/helpers/table_builder_helper/custom_links.rb index abb907678..e185bf77b 100644 --- a/app/helpers/table_builder_helper/custom_links.rb +++ b/app/helpers/table_builder_helper/custom_links.rb @@ -40,6 +40,14 @@ module TableBuilderHelper def actions_after_policy_check @actions.select do |action| + # TODO: My idea would be to push authorization logic into policies + # Eventually the code should look like: + # select do |action| + # Pundit.policy(@user_context, @obj).send("#{action}?") + # end + # This puts the responsability where it belongs to and allows + # for easy and fast unit testing of the BL, always a goos sign. + # Has policy and can destroy (action == :delete && Pundit.policy(@user_context, @obj).present? && @@ -64,6 +72,10 @@ module TableBuilderHelper # Object is archived (action == :unarchive && @obj.archived?) || + !Pundit.policy(@user_context, @obj).respond_to?("#{action}?") || + Pundit.policy(@user_context, @obj).public_send("#{action}?") || + + action_is_allowed_regardless_of_policy(action) end end @@ -71,7 +83,7 @@ module TableBuilderHelper private def action_is_allowed_regardless_of_policy(action) - ![:delete, :edit, :archive, :unarchive].include?(action) + ![:delete, :edit, :archive, :unarchive, :duplicate, :actualize].include?(action) end end end |